Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SPAN Port config

Status
Not open for further replies.
FloDiggs

FloDiggs

MIS
Jan 20, 2007
296
US
I have a 4507R and I need to use two separate protocol analyzers to monitor the port my firewall is plugged into. I already have one configured, no problem. My issue is getting the second. The switch only lets you set the destination of a SPAN to one port. I tried to set the destination to an RSPAN VLAN, but I can only have two monitor sessions on the switch and I need three to accomplish my goal. Anyone have any creative ways around this limitation without adding hardware?
 
Sort by date Sort by votes
maybe i'm missing the issue here but couldn't you just use a cheap hub plugged into your monitor port? I know you said no new hardware but if the switch only allows one destination port (and I'm not sure about that) it seems like the easiest thing to do.
 
Upvote 0 Downvote
The port is a Gig port, so hub is not an option. I can get a tap, but rack space is at a premium in my closet. If I can do it on a single switch, I'd like to. That's why I'm posting the question.
 
Upvote 0 Downvote
Using vlans has the potential to overrun the span port if there is a lot of traffic on those vlans , if you know the combined traffic of all spanned vlans is less than a gig then it isn't a problem.
 
Upvote 0 Downvote
That's what they make filters for. Most of the time, I make sure the packets are no more that 128 bytes---I don't need the entire payload most of the time, myself...

/
 
Upvote 0 Downvote
Even with an RSPAN, I don't have enough sessions to do everything I need on a single switch. The error I get says I can only do two concurrent sessions at a time. The first session sets the source interface as the one my firewall is plugged into, and the destination as the RSPAN VLAN. The second session would obviously monitor the VLAN, but to use two analyzers, I need to be able to configure two destinations. It won't allow me to do it.
 
Upvote 0 Downvote
I'm confused why you need to use 2 destinations to send the packets to an analyzer.
 
Upvote 0 Downvote
ok, are you trying to monitor a single host with 2 analyzers? Just trying to get a full handle on what you are trying to accomplish.
 
Upvote 0 Downvote
A. The destination VLAN can have more than one pc, in your case, two---each running an analyzer

B. You can have two analyzers on the same machine---I would set the buffer to 100MB and chops the packets into 100MB files, and UNCHECK "Update packets in real time", as well as capture no more than 128 bytes per packet (TCP/IP header and a bit more, will show source and dest addies as well as ports, sequence numbers, etc.), if you plan to do option B.

We have given you these two choices---why are you not able to do either of these?

/
 
Upvote 0 Downvote
I'm an idiot. Option A will work perfectly. Thanks for the help.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
235
Zero6
Zero6
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat 1
Replies
1
Views
548
BIS
BIS
Gartech
  • Locked
  • Question
LAN Port Test Device
Replies
3
Views
237
ipohead
ipohead
BleuBell
  • Locked
  • Question
Command Rejected : Exceeded NNI ports Allowed
Replies
0
Views
170
BleuBell
BleuBell
amelamel
  • Locked
  • Question
port has faulty link
Replies
2
Views
471
ADB100
ADB100

Part and Inventory Search

Sponsor

Back
Top