Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Span - Port Mirror problem/question - Cisco 2970

Status
Not open for further replies.
sburgin

sburgin

IS-IT--Management
Aug 4, 2008
2
US
My first attempt at a cisco port mirror. basically I have an IPS sensor on port 2 that needs to monitor the internet port on port 1. So I enter the commands to set it up. However, after I do this, my IPS cannot connect to the sensor on port 2.
Basically, I need port 1 and 2 to see each other - I don't want to resort to a hub :(

more info......
the IPS is 10.10.10.6, the sensor on port 2 is 10.10.10.5, the firewall is 10.10.10.1 on port 1
I used these commands:

monitor session 1 source int gig 0/1
monitor session 1 dest int gig 0/2 encap replicate

Am I screwing up here? thanks!
 
Sort by date Sort by votes
Stolen from Cisco.

The basic characteristic of a SPAN destination port is that it does not transmit any traffic except the traffic required for the SPAN session. If you need to reach (IP reachability) the network analyzer / security device through the SPAN destination port, you need to enable ingress traffic forwarding.

When ingress is enabled, the SPAN destination port accepts incoming packets, which are potentially tagged that depends on the specified encapsulation mode, and switches them normally. When you configure a SPAN destination port, you can specify whether or not the ingress feature is enabled and what VLAN to use to switch untagged ingress packets. The specification of an ingress VLAN is not required when ISL encapsulation is configured, as all ISL encapsulated packets that have VLAN tags. Although the port is STP forwarding, it does not participate in the STP, so use caution when you configure this feature lest a spanning-tree loop be introduced in the network. When both ingress and a trunk encapsulation are specified on a SPAN destination port, the port goes forwarding in all active VLANs. The configuration of a non-existent VLAN as an ingress VLAN is not allowed.

monitor session session_number destination interface interface [encapsulation {isl | dot1q}] ingress [vlan vlan_IDs]

This example shows how to configure a destination port with 802.1q encapsulation and ingress packets with the use of the native VLAN 7:

Switch(config)#monitor session 1 destination interface fastethernet 5/48
encapsulation dot1q ingress vlan 7

With this configuration, traffic from SPAN sources associated with session 1 are copied out of interface Fast Ethernet 5/48, with 802.1q encapsulation. Incoming traffic is accepted and switched, with untagged packets classified into VLAN 7.

CCNA, BCNE, Security+, Network +
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
137
Zero6
Zero6
pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
247
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
239
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
225
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
238
Hayden09
Hayden09

Part and Inventory Search

Sponsor

Back
Top