Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9561
Views
0
Helpful
2
Replies

port mirroring for a 2960 switch ???

usderit
Level 1
Level 1

‎07-31-2006 11:17 AM - edited ‎03-03-2019 04:18 AM

I have a PIX firewall connected to port11 on the 3524XL switch.

The Windows Surfcontrol server (not ISA ver., only has 1 NIC) is

connected to port16 on the same switch. The server can see all

the traffic going out to the Internet & apply the policies based

on the rules.

Here's the very simply config on the switch which enables the server

to see all traffic goint out.

>interface FastEthernet0/16

port monitor FastEthernet0/11

I am migrating to the 2960 switch platform & I need to accomplish the

same thing. I need to monitor all traffic going out to the Internet

thru the internal NIC of the PIX. The SurfControl server

will see all the traffic & apply the web surfing rules.

The PIX is connected to gigabite0/1

The server is connected to gigabite0/2

Here's the config I put in the 2960 switch.

>monitor session 1 source interface gigabitethernet0/1

>monitor session 1 destination interface gigabitethernet0/2 encapsulation replicate

As soon as I put this config, users lose internet connection & I cannot

ping the Surfcontrol server. The server is also a file server so I need access

to while it acts as a SurfControl server.

The 3524XL did its job with such a simple config. Is the 2960 switch capable

of doing what I'm trying to do ?

Thanks for the help......

Labels:
0 Helpful
2 Replies 2

Roberto Salazar
Level 8
Level 8

‎07-31-2006 08:19 PM

The 3500XL still participate in the network traffic eventhough it's cofnigured to just monitor the traffic of anothe interface.

When span destination is active, incoming traffic is disabled. The port does not transmit any traffic except that required for the SPAN session. Incoming traffic is never learned or forwarded on a destination port.

If ingress traffic forwarding is enabled for a network security device, the destination port forwards traffic at Layer 2.

In order for the surfcontrol to apply the rules it must participate in the traffic. Therefore enabling "ingress" on the detination port should correct this issue.

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2960/12225see/scg/swspan.htm#wp1260596

Please rate helpful posts.

0 Helpful

usderit
Level 1
Level 1

‎08-01-2006 06:12 AM

Thanks, I will try the ingress command. The command I have to put in is below ?

monitor session 1 source gigabitethernet0/1

monitor session 1 destination interface gigabitethernet0/2 encapsulation replicate ingress

I will let you know the results......

0 Helpful
Customers Also Viewed These Support Documents