Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Sniffing host status on SPAN Destination

Hi...

I have some confusion regarding any PC running Sniffer software when conneting it to a SPAN or RSPAN destination port.

According to the documentation I read there is always a warning to never connect a span port back into a live network. But isnt the sniffer PC a live PC, since it has an IP address and the span port is an access port part of a vlan?

I have another inquiry regarding the rspan vlan. Is there any harm in defining an rspan vlan but not defining any destination host or connecting a host to a destination port? Will the copied traffic be dropped or copying wont ocur until a host is connected to the destination port?

One last inquiry is whether there is any problem for rspan vlan when the intermediate and destination switches are 2950 but the source is a 6500 IOS.

Any help is appreciated?

Thanks

1 REPLY
Silver

Re: Sniffing host status on SPAN Destination

Answering to your last question on last question, I dont thinlk there is any harm . For details, refer the following URL.

http://www.cisco.com/en/US/products/hw/switches/ps646/products_configura

tion_guide_chapter09186a00800c6f4c.html#xtocid1

Regarding your first question, the port we connect to the sniffer(pc) is configured as "destination span port". So, with this configuration, that port is not acting as a access port. For details, refer the following document.

http://www.cisco.com/warp/customer/473/41.html

103
Views
0
Helpful
1
Replies