Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Configuring a switch SPAN session for IDS promiscuous mode

SPAN

A SPAN is configured with source and destination interfaces, specified by the monitor command. The SPAN destination interface requires no configuration. The monitor session commands control VLAN tagging.

For  example, to copy all traffic on Gi1/0/1 to Gi1/0/33 and maintain dot1q  tags, you would implement the following configuration:

monitor session 1 source interface Gi1/0/1
monitor session 1 destination interface Gi1/0/33 encapsulation replicate

To filter out all monitored VLAN traffic except for VLAN 55, you would implement the following command:

monitor session 1 filter vlan 55

Here is a good reference for all SPAN can offer:

http://tools.cisco.com/squish/856eE

Troubleshooting Questions

Do you see the SPAN destination port output packet counter on your switch increasing?

Do you see the Total Packets Received counter on your IPS promiscuous interface increasing?

3945
Views
0
Helpful
0
Comments