Re: SPAN on 3560 - enable traffic forwarding on destination

If I'm not mistaken your port will go int to monitoring with Admin UP and
line protocol DOWN.

On Fri, Sep 11, 2009 at 9:33 AM, ZZ <zurabz_at_gmail.com> wrote:

> It's clear now.
>
> Thanks a lot!
>
> ZZ
>
> On Fri, Sep 11, 2009 at 10:28 AM, Mark Cairns <m.a.cairns_at_gmail.com>
> wrote:
>
> > Just to dig up some info on this.
> >
> >
> >
> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_37_se/configuration/guide/swspan.html
> >
> > From the destination port section:
> >
> > "When a port is configured as a SPAN destination port, the configuration
> > overwrites the original port configuration"
> >
> > "When it is active, incoming traffic is disabled. The port *does not
> > transmit any traffic except that required for the SPAN session*."
> >
> > Mark
> > #17755, Security
> >
> >
> > On Fri, Sep 11, 2009 at 10:06 AM, Ryan West <rwest_at_zyedge.com> wrote:
> >
> >> That's interesting, but makes sense. What ZZ is trying to accomplish is
> >> very easy with a 2950, you just place the ingress keyword at the end of
> the
> >> destination SPAN and it just works. I had thought that there was
> similar
> >> functionality in the 12.2 Cat2k and Cat3k lines, but I didn't have much
> luck
> >> either when I tested recently with 12.2(46)SE6.
> >>
> >> I tried 'ingress vlan' and 'ingress untagged vlan' but neither produced
> >> the results I was looking for. Has anyone else had different results
> with
> >> the Cat3k's?
> >>
> >> -ryan
> >>
> >> -----Original Message-----
> >> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> >> Mark Cairns
> >> Sent: Friday, September 11, 2009 9:54 AM
> >> To: ZZ
> >> Cc: Cisco certification
> >> Subject: Re: SPAN on 3560 - enable traffic forwarding on destination
> port
> >>
> >> ZZ,
> >>
> >> I think you have done exactly what you have in your description. You
> >> configured SPAN to receive traffic from Gi0/24 and you have enabled
> >> traffic
> >> forwarding from your PC via the ingress VLAN so you can send unicast,
> >> broadcast, etc from your PC. However I don't think you are going to
> >> receive
> >> traffic back. You can send a SYN packet to a host and try to initiate a
> >> telnet session but the response to that packet will never get back to
> your
> >> PC because the switch is sending you SPAN traffic. It is no longer a
> >> normal
> >> port participating in VLAN 146.
> >>
> >> The ingress VLAN would be used by something like an IDS sending TCP
> resets
> >> where it only needs to transmit traffic, not build a session to another
> >> device.
> >>
> >> I'd recommend putting a second NIC in your PC (or use wireless) if you
> >> want
> >> to capture and be on the network at the same time.
> >>
> >> Mark
> >> #17755, Security
> >>
> >> On Fri, Sep 11, 2009 at 9:13 AM, ZZ <zurabz_at_gmail.com> wrote:
> >>
> >> > no solution? nobody?
> >> >
> >> >
> >> > ZZ
> >> >
> >> > On Thu, Sep 10, 2009 at 2:08 PM, ZZ <zurabz_at_gmail.com> wrote:
> >> >
> >> > > Hello Experts,
> >> > >
> >> > > I'm having hard time configuring SPAN on switch and the same time
> >> > enabling
> >> > > traffic forwarding on my PC (Wireshark which is destinasion span
> >> > session).
> >> > >
> >> > > Here is the config:
> >> > >
> >> > > Rack1SW3#sh run | i moni
> >> > >
> >> > > monitor session 1 source interface Gi0/24
> >> > > monitor session 1 destination interface Gi0/1 ingress untagged vlan
> >> 146
> >> > >
> >> > > interface GigabitEthernet0/1
> >> > > description PC_Wireshark
> >> > > switchport access vlan 146
> >> > > switchport mode access
> >> > > spanning-tree portfast
> >> > > end
> >> > >
> >> > > interface GigabitEthernet0/24
> >> > > switchport access vlan 43
> >> > > switchport mode access
> >> > > spanning-tree portfast
> >> > > end
> >> > >
> >> > > As soon as I enable SPAN I see traffic on Wireshark but don't have
> an
> >> > > access to any device on the LAN.
> >> > >
> >> > > Kindly let me know what I'm missing.
> >> > >
> >> > > Thanks,
> >> > > ZZ
> >> >
> >> >
> >> > Blogs and organic groups at http://www.ccie.net
> >> >
> >> >
> _______________________________________________________________________
> >> > Subscription information may be found at:
> >> > http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Fri Sep 11 2009 - 15:27:23 ART