From: LoizosCisco (david_steven2001@yahoo.com)
Date: Mon Dec 09 2002 - 20:33:30 GMT-3
It seems that the original question was misleading.
I believe that the originator of this question was
asking what commands can he use on 3550 to SPAN ports
with sniffer. The answer would be "session
monitor...."
All ideas I have seen look good but not answering the
question. The question was very simple and it seems
most are complicating it.
Loizos
--- Carlos <cchorao@xtra.co.nz> wrote:
> Hi ,
>
> Of the suggestions and comment made so for to the
> original question none of
> the suggestions have considered using RSPAN
> combined with Vlan maps.
> My thoughts and rationale are as follows :
>
> 1. Lets assume that the intent of original question
> is to somehow configure
> the switch to monitor only IP ( as opposed to
> filtering by packet
> analyzer).If this is so then ideally want to filter
> at the source.
>
> 2.Reasons why SPAN wont work
> - Span mirrors all received and/or sent traffic
> on the source port to
> the destination port;
> - Span mirror the source port before acl's, vlan
> maps,qos,pbr or any
> other features that may be configured on the
> source port and cause he
> packet to be dropped;
> These 2 points are clearly explained in chapter
> 23 to the 3550 config
> guide
>
> 3. Reasons why RSPAN may work
> - Rspan does not support layer 2 protocols
> - You can apply Vlan maps to the Rspan.
>
> On the basis of the above one approach at solving
> the original problem would
> be to
> - Configure Rspan on the switch
> - Configure a vlan map to only permit IP traffic
> onto the Rspan Vlan
> - Direct the output from the rspan vlan to the
> output interface
>
> Chapter 23 and 27 of the 3550 config guide rel
> 12.1(12c) cover these
> features well.
>
> My suggestion seems so radically different to what
> has been suggested so far
> that I would appreciate some feedback on where my
> reasoning/interpretation
> may be wrong.
>
>
> Carlos
> Telecom New Zealand - Advanced Solutions
>
> ----- Original Message -----
> From: "CCOnlineLabs.com"
> <tschaffran@cconlinelabs.com>
> To: "'Karl Young'" <kaelwyoung@netscape.net>;
> "'"Chuck Church"'"
> <cchurch@optonline.net>; "'"Massimiliano Tognon"'"
> <mtognon@tecnonetspa.it>;
> <ccielab@groupstudy.com>
> Sent: Monday, December 09, 2002 4:47 AM
> Subject: RE: question about 3550
>
>
> > I concur. You might be reading too deep into the
> question.
> >
> >
> > Tony Schaffran
> > CCOnlineLabs.com
> > http://www.cconlinelabs.com
> >
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com] On Behalf Of
> > Karl Young
> > Sent: Saturday, December 07, 2002 11:44 AM
> > To: "Chuck Church"; "Massimiliano Tognon";
> ccielab@groupstudy.com
> > Subject: Re: question about 3550
> >
> > Chuck,
> > It seems that all they ask is for you to
> Mirror one port to a
> > second port period.You can then use the Protocol
> Analyzer to monitor IP
> > only traffic on the mirrored port .
> > Karl
> >
> > Viz:
> >
> >
>
http://www.cisco.com/en/US/products/hw/switches/ps646/products_configura
> > tion_guide_chapter09186a008007f3d5.html#14293
> >
> >
>
This archive was generated by hypermail 2.1.4 : Fri Jan 17 2003 - 17:21:41 GMT-3