cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1581
Views
0
Helpful
4
Replies

Switched Port Analyser (SPAN) / destination port ingress

florianpellet
Level 1
Level 1

I use a server as a sniffer and running on vmware with two NICs. Each NIC is linked on a SPAN destination port which are located on two differents swithes.

My question is : Can I get access to my server by enabling the ingress option on a SPAN destination port ?

NB - I already tried with the following commands :

monitor session 1 source interface g0/1 rx

monitor session 1 destination interface g0/2 ingress vlan 4

When I ping the server, I do not get response

Switches : Catalyst 3560

IOS version : 12.2

Regards Florian

4 Replies 4

stojanr
Level 1
Level 1

If you counfigure a port as Span, you can't pass regular traffic on that port. You should configure a 3rd interface for communication with the server.

Sent from Cisco Technical Support iPad App

"If ingress traffic forwarding is enabled for a network security device, the destination port forwards traffic at Layer 2."

  • There is also an example dedicated to the configuration of this option
"Beginning in privileged EXEC mode, follow these steps to create a SPAN session, to specify the source ports or VLANs and the destination ports, and to enable incoming traffic on the destination port for a network security device (such as a Cisco IDS Sensor Appliance)."

Regards Florian

I had a range of ports defined as the SPAN sources. I believed the traffic charge could be why the destination port did not forward ingress traffic. So I tried with only one source, but I had the same result.

heinrichdelange
Level 1
Level 1

I had the same issue with a 2960.

I ended up adding a static mac address as the port didn't learn any mac addresses. 

This did the trick for me:

monitor session 1 source interface Gi1/0/1

monitor session 1 destination interface Gi1/0/2 ingress untagged vlan 2
mac address-table static xxxx.xxxx.xxxx vlan 2 interface GigabitEthernet1/0/2