Hi, Kai

Sorry, I means interface F0/10 is up/down, not the interface F0/9. My typo.

If I removed the monitor destination interface F0/10 command, then the F0/10 become up/up.

Interface F0/2 and Interface F0/10 are using default spanning-tree setting.

So you think the interface f0/10 should always up/up. Is that right?

Thanks

Thanks!

So the sniffer pro is working on Layer 2 and Layer 1. Is that right?

Considering the fact that the Sniffer doesn't have an IP Address , you can say its working at Layer1 and Layer 2.

But it should be showing packet information upto Layer 7. If you are not seeing that info, maybe your SPAN is not setup correctly.

Now, It is getting intresting.

I have annother switch with port monitor on. But the interface is showing up/up.

*******************************

S1#sh run int f0/22

Building configuration...

Current configuration:

!

interface FastEthernet0/22

no logging event link-status

duplex full

speed 100

port monitor FastEthernet0/1

no snmp trap link-status

end

===================================

S1#sh run int f0/1

Building configuration...

Current configuration:

!

interface FastEthernet0/1

description Link to B1

duplex full

speed 100

end

==================================

S1#sh int f0/22

FastEthernet0/22 is up, line protocol is up

Hardware is Fast Ethernet, address is 0002.b98a.8e96 (bia 0002.b98a.8e96)

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 11/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive not set

Full-duplex, 100Mb/s, 100BaseTX/FX

ARP type: ARPA, ARP Timeout 04:00:00

Last input never, output 00:00:00, output hang never

Last clearing of "show interface" counters 11w6d

Queueing strategy: fifo

Output queue 0/40, 0 drops; input queue 0/75, 0 drops

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 4638000 bits/sec, 1335 packets/sec

420621 packets input, 304841791 bytes

Received 48891 broadcasts, 4 runts, 0 giants, 0 throttles

6446 input errors, 6442 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 0 multicast

0 input packets with dribble condition detected

4064102928 packets output, 1822920745 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out

================

S1#sh ver

Cisco Internetwork Operating System Software

IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5)XU, RELEASE SOFTWARE

(fc1)

Copyright (c) 1986-2000 by cisco Systems, Inc.

Compiled Mon 03-Apr-00 16:37 by swati

Image text-base: 0x00003000, data-base: 0x00301398

ROM: Bootstrap program is C2900XL boot loader

S1 uptime is 3 years, 5 weeks, 3 days, 23 hours, 28 minutes

System returned to ROM by power-on

System restarted at 15:21:04 NZT Fri Sep 8 2000

System image file is "flash:c2900XL-c3h2s-mz-120.5-XU.bin"

cisco WS-C2924-XL (PowerPC403GA) processor (revision 0x11) with 8192K/1024K byte

s of memory.

Processor board ID 0x0E, with hardware revision 0x01

Last reset from power-on

Processor is running Enterprise Edition Software

Cluster command switch capable

Cluster member switch capable

24 FastEthernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address: 00:02:B9:8A:8E:80

Configuration register is 0xF

*******************************

The switch show up/down is cisco 2950. Why?

*******************************

S2#sh ver

Cisco Internetwork Operating System Software

IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(12c)EA1, RELEASE SOFTWARE

(fc1)

Copyright (c) 1986-2002 by cisco Systems, Inc.

Compiled Sun 24-Nov-02 23:31 by antonino

Image text-base: 0x80010000, data-base: 0x80562000

ROM: Bootstrap program is CALHOUN boot loader

S2 uptime is 23 weeks, 4 days, 23 hours, 33 minutes

System returned to ROM by power-on

System restarted at 15:27:26 NZST Sun May 4 2003

System image file is "flash:/c2950-i6q4l2-mz.121-12c.EA1.bin"

cisco WS-C2950T-24 (RC32300) processor (revision H0) with 21002K bytes of memory

.

Processor board ID FOC0710W1RX

Last reset from system-reset

Running Enhanced Image

24 FastEthernet/IEEE 802.3 interface(s)

2 Gigabit Ethernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address: 00:0C:85:12:61:40

Motherboard assembly number: 73-6114-08

Power supply part number: 34-0965-01

Motherboard serial number: FOC07100MN9

Power supply serial number: DAB070821XG

Model revision number: H0

Motherboard revision number: A0

Model number: WS-C2950T-24

System serial number: FOC0710W1RX

Configuration register is 0xF

S2#

The behaviour has changed in the newer switches.

E.g. in 3500XL switches, where you had to use "port monitor" commands to configure a SPAN port, it will show the line protocol as UP.

With newer switches e.g. 3550 series, where a SPAN session is configured using "monitor session.." command the line protocol will be shown as down (but it will also tell you that its monitoring).

This doesn't effect the functionality, only gives you more info.

Thanks, That is what I want to know.

So for the new 3550 switch, if I want remotely control the sniffer PC. Then I have to added the second network card.