Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

SPAN Monitoring traffic on a VLAN

We have a VLAN for QA, the gateway is a CISCO 2811 router.  We want to set up a monitor on a switch to replicate all data that goes across this VLAN.  We set up a SPAN with the source as the VLAN and a destination is an interface on the switch.  We are only getting broadcast messages.  I want all traffic from this VLAN to go to our monitor on a CISCO interface.  What would I need to make all of this work?

 

Here is what we have on the CISCO Switch.

 

4700-SR-B1B#sh monitor session all
Session 1
---------
Type              : Local Session
Source VLANs      :
    Both          : 871
Destination Ports : Fa0/46
    Encapsulation : Replicate
          Ingress : Disabled

 

Everyone's tags (1)
8 REPLIES
Silver

 Try this:#conf t#monitor

 

Try this:

#conf t

#monitor session 1 source vlan <desired vlan ID>
#monitor session 1 destination interface f0/46          -your sniffer device here

 

and in your "show command i dont see any source configured

New Member

That is the command I ran,

That is the command I ran, 871 is the VLAN I am using as the source.  I tried it again and the output on the show is the same.

Silver

Guessing you are using

Guessing you are using wireshark?

Try disabling your firewall, it may be blocking traffic

Anyway, if it still does not work, best solution is to monitor the port going to the router itself

#monitor session 1 source interface <port to router>
#monitor session 1 destination interface f0/46          -your sniffer device here


In your wireshark, you can use filters to filter out unnecessary networks, or show only desired network

New Member

Its not Wireshark, I am not

Its not Wireshark, I am not sure what they set up.  the destination port is also in the same VLAN as the source we want to monitor.  Will that work?  There is no firewall.

Silver

Well, first of all, whatever

Well, first of all, whatever vlan that port is (destination) it does not matter

Anyway, I think you better consult the people on whatever device you have placed there considering you are "not sure what they set up" w/c I recommend you should know first.

That device may not support sniffing, but rather WCCP.

 

Let assume that it does use sniffing and considering that is a device, whatever that is, there should be a way to filter out traffic, or exclude traffic to whatever the purpose that device is.

consult your installer/contractor about that.

New Member

Thanks, it is Wireshark.  All

Thanks, it is Wireshark.  All they are seeing is broadcast messages.

Silver

Well do my recommendation as

Well do my recommendation as above :))

#monitor session 1 source interface <port to router>
#monitor session 1 destination interface f0/46          -your sniffer device here

Again use wireshark filters to filter out unneeded traffic, or display only desired traffic.
The "how to filter" in wireshark, pretty simple just there is a big "filter" once you start capturing.

New Member

Thanks, I will work on this a

Thanks, I will work on this a for a while and let you know.

171
Views
0
Helpful
8
Replies
CreatePlease to create content