Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SPAN on Cisco1812 limitations?

Status
Not open for further replies.
IsilZha

IsilZha

IS-IT--Management
Feb 26, 2008
22
US
Ok, if you've seen my other recent thread, ignore it.

Whenever I create a SPAN session on the Cisco 1812, when I set the destination port for a SPAN session, the destination port always shows all egress traffic on all ports (the tx of all the ports.) Even when I tell it specifically to not show the tx of a port it continues to do so.

For example:

monitor session 1 destination interface fa 2

And I get all TX traffic from all ports.

If I do something like:

monitor session 1 source interface fa 7 rx

The destination port continues to monitor tx traffic as well, and simply begins to monitor RX traffic as well.

Then:

no monitor session 1 source interface fa 7

It stops monitoring RX traffic on that port, but continues to monitor TX traffic.

I can't find any documentation that states why (or if) it works like this. Is it a limitation on the 1812 router that doesn't give me an error message when I try to stop monitoring TX traffic? Or is something wrong with the IOS?
 
Sort by date Sort by votes
Try entering the source line first and then the destination port for the same session.

monitor session 1 source interface fa 7 rx

then

monitor session 1 destination interface fa 2

I believe after you have established one source interface first you can add additional interfaces after, however there is a limit to the number of ingress and egress you can monitor, I don't know exactly what it is for the 1812.
 
Upvote 0 Downvote
Right, I initially set it up that way, and just tried it again now. The monitoring port still shows all TX from all ports. Adding the source parameters only turns RX monitoring on or off on the specified port.

Even if I specify "no monitor session 1 source int fa 7 tx" I still see the egress traffic from that port.
 
Upvote 0 Downvote
Are you sure that the traffic you are capturing is not just broadcast traffic?

Ensure that the Windows firewall is definitely off in WINXP, I have found that if you untick the interface within the firewall settings then captures work. Also look for any VPN clients with built-in firewalls.



Peter
CCNA, Cisco Qualified Specialist
 
Upvote 0 Downvote
Yes, I'm sure it's not broadcast traffic: DNS responses, HTTP traffic to the web servers and firewalls, etc. There's actually two firewall arrays on different subnets as well, yet I also see all the traffic going to both from the internet.

I'm monitoring from a Server 2003 machine.

Now that I think about it a bit more, I'm not sure if it's monitoring the TX of all ports, or if it's always monitoring the RX of the I-Net uplink.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

testman1
  • Locked
  • Question
SIP telephone ring on second call
Replies
0
Views
153
testman1
testman1
stanlyn
  • Locked
  • Question
HowTo Install Multiple PAP2T ATA Devices on Same Lan
Replies
3
Views
223
iggsterman
iggsterman
bfordz
  • Locked
  • Question
new help on setting up third party VoIP phones through Catalyst 2960x switch
Replies
0
Views
131
bfordz
bfordz
serge9
  • Locked
  • Question
Cisco GUI on cme stop working
Replies
2
Views
175
serge9
serge9
acabezas2014
  • Locked
  • Question
Need to create QoS for SNMP and Radius traffic on Cisco 4948 Switches
Replies
0
Views
93
acabezas2014
acabezas2014

Part and Inventory Search

Sponsor

Back
Top