06-13-2006 08:11 AM - edited 03-03-2019 03:37 AM
Hi,
I have two CAT 3560s at the edge of my network and they are sitting between my two edge routers, Visco 2621, one active and the other shadow and the PIXs, 4 of them. Two PIXs and the active router connect to the fisrt 3560 and the second router and the other two pixs connect to the second 3560 switch.
I have done local SPAN as follow:
LanEdge-SW-6#sh monitor se 1
Session 1
---------
Type : Local Session
Source Ports :
Both : Gi0/11
Destination Ports : Gi0/13
Encapsulation : Native
Ingress : Disabled
the question is: if I connect the cable comming from my active edge router to the source port on the 3560, then I don't have Internet connection but if I leave the source port unlugged (nothing pluged in it) and connect the cable comming from my active router toi other ports (except the destination port which connected to a hub and then to my IDSs) then I have Interrnet connection>
is this how it should be? the local SPAN source port must be empty with nothing plug in it?
Please help clartify this.
Thx,
Masood
06-13-2006 08:41 AM
Hello,
are all ports in the same VLAN? Is only internet missing or connectivity to something else as well. What are you able to ping, when the internet is unreachable?
The monitored port and the SPAN port should have something connected, this is the whole idea of SPAN.
Regards, Martin
06-13-2006 09:55 AM
Hi and thanks for getting back to me.
yes, I agree, the whole idea is to have the source of traffic in/out connected to it.
The routers (edge routers)have public IP adress, the switches have only port or interface 1 configured for vlan 2 which is the same as the rest of my net work the rest of the interfaces are on the switch default VLAN 1.
we are doing NAt so these switches don't have any knowledge of my internal netywork except for that port 1 on VLAN 2 which has a private IP address for management only.
when I connect the router (my active router) to the sourfe port, I cannot ping the public IP address of my edge routers and Also cannot get to the Internet but the internal network works. the thing is that I have another router with private IP address which is the gateway for my hosts and that router send all the traffic to the Internet to a PIX and that PIX uses this edge routers to send them out and all trffic in are via this same router.
so to answer you question: I cannot ping the poublic IP address of the routers and cannot get to the Internet when router gets connected to the source port.
Hope this helps.
Thx,
Masood
06-13-2006 10:01 AM
the question is: if I connect the cable comming from my active edge router to the source port on the 3560, then I don't have Internet connection but if I leave the source port unlugged (nothing pluged in it) and connect the cable comming from my active router toi other ports (except the destination port which connected to a hub and then to my IDSs) then I have Interrnet connection>
is this how it should be? the local SPAN source port must be empty with nothing plug in it?
>> The source of the SPAN(monitor) is what you want mirrored to the destination port, it would not make sense to mirror an unconnected port since you will NOT see anything with the sniffer connected on the destination port. The destination would definitely have to netowrk connection since "ingress" is disabled, so that host used to capture packet will not have Internet connection, but that seems to be not what you are describing. Are you concerned aobut not getting to the Internet or you are not getting any packets on the destination port? Make sure that where the port that you are sourcing is in the same vlan as the port where that router is connected now. Maybe now it's connected to vlan 3 and when you connect to source interface (gig0/11), the source interface is in vlan 1 or 2 or any vlan other than the vlan of the original port. Or maybe you are connecting it to gig 0/13 which is the destination.
What ever it may be, the source definitely needs to be connected as it is the port you are trying to mirror to a destination port.
Please rate helpful posts.
06-13-2006 10:24 AM
Ok Masood,
The added SPAN port should not have any impact on your router connectivity. So can you try to use the port where the router is operational as SPAN source port? Just to exclude any port misconfiguration.
Or remove the SPAN completely and connect the router to Gi0/11 to check connectivity. This should help to exclude any other connectivity preventing effects.
Hope this helps! Please rate all posts.
Regards, Martin
06-14-2006 08:39 AM
hello everyone,
I want to thank all of you who took the time to try to help me withthis issue.
what I finally did, i put the switches back to the factory default and started to re-configure the switches from scratch, in doing that, I did a "shut" under VLAN 1 (the default VLAN) and set up the local momnitoring sessions and that did the tick.
my border router is now connected to the monitor source and thedestination to mymonitoring HUB coinnecting to my VMS and Stealthwatch for monitoring all the public traffic.
here how it was connected or is connected.
two border routers, one active and the other shadow, active connected to one 3560 along with my prim PIX and the other router to my second 3560 along with my two othet pixs (sewcondary and two pix for a whole different subnet - isolated fro mmy main subnets).
the switches are suppose to do only switching connecting inside private network to the outside public (i.e. the routers.), the PIX is set to make that decision.
I have one port, namely int gi0/1 configured to be on VLAN 2 (my main VLAN) and made the accesss vlan 2 and mode to access and coonneced that port to my main network for managemnet of the switch but the rest of the iterfaces are factory default.
I don't know if i was able to explain correctly but by reconfiguring and doing "shut" under VLAN 1 interface, I ws able to connect my border router bcable to the port configured as source and the destination to my HUB and all is working now.
just wanted to let you guys know what happend at the end of this delima.
Thx,
Masood
06-14-2006 11:12 AM
Hi,
Probably you have seen my response stating that I got the switches working. there is also an issue that bug me, I have onnected these two switches by a little cat 5 cable from one port to another but i would like to set up HSRP on these switches to eliminate the need fo connecting these two switches via a cat 5 cable.
only int gi0/1 on both swithces are configured for vlan 2 (my main network with private ip) for management purposes and I have switchport mode access and switchport access vlan 2 only on the two ports, int gi0/1 on bothe swithces and have connected those two interfaces to my main switch, again only for managemnet purposes.
is there any way that I can set up HSRP on these switches and they stil perform as they are performing now? and if possible how can I do this? i have not done this before and the paper I have been reading doesn't directly relate to my soecific case.
If you can help me, I can send you a dig showing how these switches are on my network and how they are connected to my routers and PIXs plus the configuration of these switches.
Please advise,
Thx,
Masood
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide