Cisco Support Community
Community Member

Sending Resets through monitor interfaces

We have not been able to send resets through monitor ports.

The monitor ports on set up as such:

monitor session 2 source interface Fa9/9

monitor session 2 destination interface Fa9/10

The version of code is:

IOS (tm) c6sup2_rp Software (c6sup2_rp-JK2SV-M), Version 12.1(8a)E, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

BOOTFLASH: c6sup2_rp Software (c6sup2_rp-JK2SV-M), Version 12.1(8a)E,

Running Native IOS (combined switch code) on a 6509:

We established that the sensor is sending resets out its monitor port. We did this by running snoop on the spwr0 interface and setting up a string match to send resets. The snoop log shows the resets being sent and the sensor does alarm on the string match signature. However, the connection to the host is never reset.

Does Native IOS support packets leaving the monitor interface similar to the Cat OS? This looks like this:

set span 911 9/1 rx inpkts enable multicast enable learning disable create

Cisco Employee

Re: Sending Resets through monitor interfaces

I would recommend calling the TAC about this.

I don't believe that Cat IOS currently supports the ability to send resets into a span port the same was as Cat OS. These were specific options that were added to the span ports for IDS appliances, and you probably will need to request through the TAC that similar options be added to Cat IOS to support this.

CreatePlease to create content