Re: Port monitor not allowing local traffic...

abatson · ‎02-13-2006

Greetings -

ON a 3750 switch, I have a windows system with Ethereal on it, which I'm remote-controlling via VNC. I configure the 3750 with:

monitor session 1 source int gi1/0/12

monitor session 1 dest int gi1/0/10

Obviously this copies all the traffic from 1/0/12, to 1/0/10 just fine. However, it's preventing the machine that's on 1/0/10 from sending/receiving its OWN traffic on the LAN. ie. I can't maintain a VNC session to my ethereal machine, after I enable the monitor session. Is this by design, or can I alter the command to allow local traffic to/from the destination, so I can VNC to my ethereal machine?

krozier · ‎02-13-2006

When set a port to be destination for SPAN traffic it will only collect information from a source and cannot be used a "normal" network traffic.

So you will need to install a second NIC connected to another port on the switch on the VNC client computer to be able to remote control a the monitoring computer.

Here is a good link:

http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a00801cdee2.html

msp1jsbups · ‎05-02-2006

Do you know why I can connect to a SPAN destination port to remote control my portable running sniffer software if I enable ingress forwarding for that monitor session destination port?

This only works with a NIC with enahnced drivers I got from the Sniffer software developers Network General.

ankurbhasin · ‎05-02-2006

Hi Friend,

By default in normal configuration SPAN destination port will not let normal traffic in LAN to be forwarded for that port and is only used for monitoring purpose but incase you want forwarding of incoming traffic on the destination SPAN port you need to configure "ingress" command in SPAn destination configuration.

Something like this

monitor session 2 destination interface gig1/0/2 encapsulation replicate ingress dot1q vlan 6

Have a look at this link for more details

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/12225see/scg/swspan.htm#wp1260596

HTH, if yes please rate the post.

Ankur

msp1jsbups · ‎05-02-2006

Ankur,

Thanks for reply. But I have ingress enabled on a 3550 switch and can connect to my sniffer portable via the LAN but on an identical switch with another laptop with same SPAN configuration I cannot connect to that portable? Any ideas.

The destination port is thus:

monitor session 1 destination interface fa0/37 ingress vlan 1

Thanks

ankurbhasin · ‎05-02-2006

Hi Friend,

If ingress command is enable you should be able to connect provided you have a proper route for that sniffer portable connected to 3550 on vlan1.

Just check if you have a proper route to the machine.

Regards,

Ankur

msp1jsbups · ‎05-02-2006

I am not sure what is meant by a "proper route" or how to check for it.

Thanks.

ankurbhasin · ‎05-02-2006

Hi Friend,

As you said you are able to connect to one portable sinnfer on 3550 but not on another which is on snother 3550 switch.

Are they both on same subnet? Are the 2 switches connected directly?

Also to check if ingress command is working do you have any other machine on vlan 1 on same 3550 on which you have portable sniffer to which you are not able to connect. If not can you connect one pc to vlan 1 and try to ping to that portable sniffer and see if you get a reply.

Regards,

Ankur

msp1jsbups · ‎05-03-2006

Hi Ankur,

I appreciate all your help so far with this.

Does the NIC on the portable need any special or enhanced drivers. The second portable that I cannot see on the network does not have the General Network Sniffer sotware withits enhanced NIC drivers.

It is just using Ethereal and no special NIC drivers.

Thanks

kumarsh · ‎05-04-2006

Monitor ports ingress traffic will be dropped and so you will not be able to establish the network connectivity with the Analyser

msp1jsbups · ‎05-04-2006

I can do it with one portable but not the other - what is the difference?