Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
551
Views
0
Helpful
7
Replies

port spanning entire networks

jhaggett
Level 1
Level 1

‎01-27-2004 08:06 AM - edited ‎03-02-2019 01:10 PM

Hi there,

I have a question regarding port spanning. I have a 2900XL and a few 2950's, and I was wondering what effects spanning an entire swith to one monitoring port would be. How would you approach sniffing a network for a baseline? Should I monitor just the server ports and uplink ports?

Thanks!

Labels:
0 Helpful
7 Replies 7

skarundi
Level 4
Level 4

‎01-27-2004 09:58 AM

Port monitoring, if configured correctly, doesn't affect the performance of the switch or network.

First, clearly define what your reasons are for the monitoring, then I think you will be able to decide exactly what you should monitor.

Also please explain what you mean by "sniffing a network for a baseline" ?

0 Helpful

jhaggett
Level 1
Level 1
In response to skarundi

‎01-27-2004 01:49 PM

Hi Skarundi,

Basically what I would be looking to do, over a period of a week or so, do random captures of the entire network to see what the load is across then LAN segment, and what devices chat to other devices most frequently. I would be using Sniffer to compliment the Catalyst Management Suite.

0 Helpful

skarundi
Level 4
Level 4
In response to jhaggett

‎01-28-2004 04:56 AM

You could span each vlan, one vlan at a time, on the core switch.

0 Helpful

jhaggett
Level 1
Level 1
In response to skarundi

‎01-28-2004 07:25 AM

Hi Skarundi,

We only have one VLAN actually.

0 Helpful

lnguye
Level 1
Level 1
In response to jhaggett

‎02-24-2004 02:34 PM

This "entire VLAN in a port" solution would work if the load of the entire network at any point in time is not excedding the bandwidth capacity of the destination port. If the aggregate bandwidth exceeds the SPANned destination port, it would drop the excess packets on the way to your collector device. Also, I think if the SPANning is on the same VLAN, you may see the packet twice on the destination port: one when the packet enters the source port and one more time when it it is sent to other port in the same VLAN. Check it out.

0 Helpful

james.irwin
Level 4
Level 4
In response to jhaggett

‎03-26-2004 06:47 AM

If you are capturing an entire VLAN to one port, you will most likely drop tons of packets and you will not be able to get an accurate idea of the load.

I think there are much better ways to baseline and monitor switch and network performance than to use a sniffer. I use Fluke's Network Inspector or Solarwinds tools, which are SNMP-based and pull stats from each device. Fluke also makes nice reports and charts.

0 Helpful

blazesod
Level 1
Level 1

‎03-27-2004 02:47 AM

Hi,

Have you looked at IOS command netflow?

R/S

Dave

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card