Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

3548 SPAN port

I have two 3548XL switch connected in stack through 2 FE port (I don't know if it is a FEC).

I have NO VLAN defined.

I need to put an IDS to monitor all the traffic passing through the 2 switches.

Do I need to define 2 SPAN port, one for each switch or is there a way to use 1 SPAN port only?

Thanks

  • Other Network Infrastructure Subjects
4 REPLIES
New Member

Re: 3548 SPAN port

Try using 2 port monitor commands on the span port on one switch for the IDS (e.g. using interface fa0/3 as the span port, and interface fa0/1 & fa0/2 as the uplink ports ) :

int fa0/3

port monitor fa0/1

port monitor fa0/2

This should work as long as you're not using ISL/802.1q between the two switches.

Cheers,

Ian.

New Member

Re: 3548 SPAN port

Assuming

Interface fa0/1 and fa0/2 are the inter switch ports, and fa0/2 is the span port,

try this on one switch only (no need for this on both switches) :

int fa0/3

port monitor fa0/1

port monitor fa0/2

As long as there's no trunking, this should work. I imagine that you have spanning tree on and only one interface is forwarding at any time.

Cheers,

Ian.

New Member

Re: 3548 SPAN port

As there is no VLAN defined, if a workstation and a server connected on the same switch are talking, will i be able to monitor this traffic even if there is no reason for this data to be trasmitted to the secon switch?

Thanks

New Member

Re: 3548 SPAN port

No, not if the IDS is on the other switch. Once the MAC address is learned for each device and associated to their respective ports the traffic will only be forwarded there, you would have to span on that particular switch as well for local traffic.

d-

558
Views
0
Helpful
4
Replies