Re: doubt abt ingress forwarding on span destination port

From: Petr Lapukhov (petr@internetworkexpert.com)
Date: Mon May 28 2007 - 09:40:47 ART

• Next message: bobby bobby: "Winnetsystems bootcamp."
• Previous message: Darrin K. Pierce: "CCIE Lab Date for July 5"
• Maybe in reply to: sebastan bach: "doubt abt ingress forwarding on span destination port"
• Next in thread: Tarun Pahuja: "Re: doubt abt ingress forwarding on span destination port"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Sebastan,

Basically, SPAN destination port is designed to be UNIDIRECTIONAL - that is,
only do egress
forwarding of captured data frames. Optionally, you may want the switch to
send captured frames
with their original VLAN numbers, encapsulating them either with ISL or
dot1.q (whatever your sniffer
wants).

As a special case, you may want SPAN destination port to accept and forward
data frames ingress
from sniffer. This may be required if you want to configure IDS on a stick,
or you may need to accept
TCP resets from monitroing interfaces.

In this case, if you send your frames untagged, they are assigned to the
ingress VLAN number
specified. If you send them tagged, the original header is used for that
purpose.

-- 
Petr Lapukhov, CCIE #16379 (R&S/Security)
petr@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
2007/5/28, sebastan bach <sebastan.bach@gmail.com>:
>
> the documentation specifies that by default the destination span port
> doesn;t forward any data.
>
> i want to know is that when the source port is a trunk port does the
> switch
> copies the frames with the vlan tagging or after removing the vlan
> tagging.
>
> say i have connected a sniffer on the destination port.
> my doubt is abt the documentations which says
>
> Specify ingress to enable forwarding for ingress
> traffic on the SPAN destination port when using ISL encapsulation
>
> does this mean that i can use the ingress command on the span destination
> port when isl is enabled as the encapsulation on trunk ports.
>
> cause out here they have specified
>
> This example shows how to configure the destination port for ingress
> traffic
> on VLAN 5 by using a
> security device that does not support IEEE 802.1Q encapsulation.
> Switch(config)# monitor session 1 destination interface fastethernet0/5
> ingress vlan 5
>
> cause the destination port will be a access-port generally then why would
> we
> need the device on that port to send tagged traffic.
>
> here the security device they are talking abt is what exactly are they
> referring too.???
>
> can someone pls clear my doubt on this.
>
> i am really confused abt this one.
>
> regards
>
> sebastan
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: bobby bobby: "Winnetsystems bootcamp."
• Previous message: Darrin K. Pierce: "CCIE Lab Date for July 5"
• Maybe in reply to: sebastan bach: "doubt abt ingress forwarding on span destination port"
• Next in thread: Tarun Pahuja: "Re: doubt abt ingress forwarding on span destination port"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 01 2007 - 06:55:22 ART