I have a very simple need. I have a 3550 with IOS 12.1(8)EA1c. I have 48 ports. I want to monitor ports 1-47 and shoot the data over to port 48. I used the following commands. In the end port 48 is unreachable and a sho int fast0/48 shows "(monitored)" with line protocol being down. What am I doing wrong?
monitor session 1 source interface Fa0/1 - 47 both
monitor session 1 destination interface Fa0/48
This is the result of the sho int fast0/48
FastEthernet0/48 is up, line protocol is down (monitoring)
Hardware is Fast Ethernet, address is 0008.e3a3.fa2c (bia 0008.e3a3.fa2c)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
input flow-control is off, output flow-control is off
ARP type: ARPA, ARP Timeout 04:00:00
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 8000 bits/sec, 8 packets/sec
408376 packets input, 147818581 bytes, 0 no buffer
Received 447 broadcasts, 5445 runts, 0 giants, 0 throttles
Thanks. But then what use is this "feature" if I can't get to the host that is doing the monitoring? The reason I want to do this is so that I can use a sniffer type utility. Short of a cross connect to a hub do I have any other option via IOS? Someone at Cisco needs to know that the functionality I am looking for is probably wanted by others and just makes sense.
As far as I've been able to tell from the documentation, the "ingress forwarding" feature in IOS only allows traffic *from* the IDS device. This allows the IDS to send TCP resets, SNMP traps, and so forth when it sees suspicious traffic, but doesn't allow the IDS to be accessed remotely (that would be egress forwarding from the switch's point of view).
CatOS has supported "normal" traffic on SPAN ports for quite some time but for whatever reason this feature hasn't yet made it into IOS despite what appears to be common yearning for it. Hence, it is necessary to attach a second interface on the sniffer to the switch to be used as the so-called management interface. This port gets an IP address and is used to access the sniffer remotely -- the sniffing port doesn't get an IP address and therefore operates in stealth mode. This is oftentimes a good idea anyway for security reasons on permanent IDS systems -- if the sniffing interface is located on a public part of the network, the management interface can plug into another switch in a private part of the network to protect it from external compromise.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.