Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Mirror port help on Cisco 3560

Hi,

I have a cisco 3560 switch in a remote office where FE 0/1 is the WAN port and the port I need mirrored. We are using a really good bit of software called Observer Suite 12 that analyses all the WAN traffic, however our Observer consultant says the WAN port is not "seeing" much traffic at all and it's as if the mirror isn't setup correct. I have checked with another Cisco guys and he says it's fine. I'm after your thoughts, the Observer consultant said "to work properly we need both duplex streams aggregating to a single outbound stream to the Observer probe on port 2"

Here is part of the config of the Cisco 3560:

interface FastEthernet0/1

no switchport

ip address 172.31.3.2 255.255.255.252

speed 100

duplex full

!

interface FastEthernet0/2

description ***MIRRORED WAN INTERFACE***

speed 100

duplex full

spanning-tree portfast

!

interface FastEthernet0/3

description ***OBSERVER PROBE PC***

speed 100

duplex full

spanning-tree portfast

interface Vlan1

description ***Data Layer 3 Interface***

ip address 172.30.3.1 255.255.255.0

monitor session 1 source interface Fa0/1

monitor session 1 destination interface Fa0/2

Thing is the gateway for all users in this remote office is VLAN 1 - 172.30.3.1, and the servers are at the othe side of the WAN at my HQ, we point everything to the this gateway from the HQ too.

The 172.31.3.2 on FE 0/1 goes to our ISP's BGP/MPLS.

Should we somehow be mirroring VLAN 1 instead?

3 REPLIES
Hall of Fame Super Bronze

Re: Mirror port help on Cisco 3560

Should we somehow be mirroring VLAN 1 instead?

Yes.

Or you can have both Fa0/1 and Vlan 1 as sources.

HTH,

__

Edison.

New Member

Re: Mirror port help on Cisco 3560

Hi,

I now have:

monitor session 1 source vlan 1

monitor session 1 destination interface Fa0/2

But it seems to not gererate much more traffic, I did "monitor session 1 source vlan 1 both"

Any ideas?

Hall of Fame Super Bronze

Re: Mirror port help on Cisco 3560

You may be facing this caveat:

Only traffic that enters or leaves source ports or traffic that enters or leaves source VLANs can be monitored by using SPAN; traffic routed to a source VLAN cannot be monitored. For example, if incoming traffic is being monitored, traffic that gets routed from another VLAN to the source VLAN cannot be monitored; however, traffic that is received on the source VLAN and routed to another VLAN can be monitored.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swspan.html

HTH,

__

Edison.

Please rate helpful posts

5263
Views
0
Helpful
3
Replies