Just to dig up some info on this.
From the destination port section:
"When a port is configured as a SPAN destination port, the configuration
overwrites the original port configuration"
"When it is active, incoming traffic is disabled. The port *does not
transmit any traffic except that required for the SPAN session*."
Mark
#17755, Security
On Fri, Sep 11, 2009 at 10:06 AM, Ryan West <rwest_at_zyedge.com> wrote:
> That's interesting, but makes sense. What ZZ is trying to accomplish is
> very easy with a 2950, you just place the ingress keyword at the end of the
> destination SPAN and it just works. I had thought that there was similar
> functionality in the 12.2 Cat2k and Cat3k lines, but I didn't have much luck
> either when I tested recently with 12.2(46)SE6.
>
> I tried 'ingress vlan' and 'ingress untagged vlan' but neither produced the
> results I was looking for. Has anyone else had different results with the
> Cat3k's?
>
> -ryan
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Mark Cairns
> Sent: Friday, September 11, 2009 9:54 AM
> To: ZZ
> Cc: Cisco certification
> Subject: Re: SPAN on 3560 - enable traffic forwarding on destination port
>
> ZZ,
>
> I think you have done exactly what you have in your description. You
> configured SPAN to receive traffic from Gi0/24 and you have enabled traffic
> forwarding from your PC via the ingress VLAN so you can send unicast,
> broadcast, etc from your PC. However I don't think you are going to receive
> traffic back. You can send a SYN packet to a host and try to initiate a
> telnet session but the response to that packet will never get back to your
> PC because the switch is sending you SPAN traffic. It is no longer a normal
> port participating in VLAN 146.
>
> The ingress VLAN would be used by something like an IDS sending TCP resets
> where it only needs to transmit traffic, not build a session to another
> device.
>
> I'd recommend putting a second NIC in your PC (or use wireless) if you want
> to capture and be on the network at the same time.
>
> Mark
> #17755, Security
>
> On Fri, Sep 11, 2009 at 9:13 AM, ZZ <zurabz_at_gmail.com> wrote:
>
> > no solution? nobody?
> >
> >
> > ZZ
> >
> > On Thu, Sep 10, 2009 at 2:08 PM, ZZ <zurabz_at_gmail.com> wrote:
> >
> > > Hello Experts,
> > >
> > > I'm having hard time configuring SPAN on switch and the same time
> > enabling
> > > traffic forwarding on my PC (Wireshark which is destinasion span
> > session).
> > >
> > > Here is the config:
> > >
> > > Rack1SW3#sh run | i moni
> > >
> > > monitor session 1 source interface Gi0/24
> > > monitor session 1 destination interface Gi0/1 ingress untagged vlan 146
> > >
> > > interface GigabitEthernet0/1
> > > description PC_Wireshark
> > > switchport access vlan 146
> > > switchport mode access
> > > spanning-tree portfast
> > > end
> > >
> > > interface GigabitEthernet0/24
> > > switchport access vlan 43
> > > switchport mode access
> > > spanning-tree portfast
> > > end
> > >
> > > As soon as I enable SPAN I see traffic on Wireshark but don't have an
> > > access to any device on the LAN.
> > >
> > > Kindly let me know what I'm missing.
> > >
> > > Thanks,
> > > ZZ
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Sep 11 2009 - 10:28:00 ART
This archive was generated by hypermail 2.2.0 : Sun Oct 04 2009 - 07:42:03 ART