Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1581
Views
0
Helpful
4
Replies

Switched Port Analyser (SPAN) / destination port ingress

florianpellet
Level 1
Level 1

‎03-18-2013 05:48 AM - edited ‎03-10-2019 12:01 AM

I use a server as a sniffer and running on vmware with two NICs. Each NIC is linked on a SPAN destination port which are located on two differents swithes.

My question is : Can I get access to my server by enabling the ingress option on a SPAN destination port ?

NB - I already tried with the following commands :

monitor session 1 source interface g0/1 rx

monitor session 1 destination interface g0/2 ingress vlan 4

When I ping the server, I do not get response

Switches : Catalyst 3560

IOS version : 12.2

Regards Florian

Labels:
0 Helpful
4 Replies 4

stojanr
Level 1
Level 1

‎03-23-2013 11:31 PM

If you counfigure a port as Span, you can't pass regular traffic on that port. You should configure a 3rd interface for communication with the server.

Sent from Cisco Technical Support iPad App

0 Helpful

florianpellet
Level 1
Level 1
In response to stojanr

‎03-24-2013 06:44 AM 

"If ingress traffic forwarding is enabled for a network security device, the destination port forwards traffic at Layer 2."
  • There is also an example dedicated to the configuration of this option
"Beginning in privileged EXEC mode, follow these steps to create a SPAN session, to specify the source ports or VLANs and the destination ports, and to enable incoming traffic on the destination port for a network security device (such as a Cisco IDS Sensor Appliance)."

Regards Florian

0 Helpful

florianpellet
Level 1
Level 1
In response to florianpellet

‎03-29-2013 08:03 AM

I had a range of ports defined as the SPAN sources. I believed the traffic charge could be why the destination port did not forward ingress traffic. So I tried with only one source, but I had the same result.

0 Helpful

heinrichdelange
Level 1
Level 1

‎06-25-2014 06:38 AM

I had the same issue with a 2960.

I ended up adding a static mac address as the port didn't learn any mac addresses. 

This did the trick for me:

monitor session 1 source interface Gi1/0/1

monitor session 1 destination interface Gi1/0/2 ingress untagged vlan 2
mac address-table static xxxx.xxxx.xxxx vlan 2 interface GigabitEthernet1/0/2

 


 

 

0 Helpful
Customers Also Viewed These Support Documents