I use a server as a sniffer and running on vmware with two NICs. Each NIC is linked on a SPAN destination port which are located on two differents swithes.
My question is : Can I get access to my server by enabling the ingress option on a SPAN destination port ?
NB - I already tried with the following commands :
monitor session 1 source interface g0/1 rx
monitor session 1 destination interface g0/2 ingress vlan 4
When I ping the server, I do not get response
Switches : Catalyst 3560
IOS version : 12.2
If you counfigure a port as Span, you can't pass regular traffic on that port. You should configure a 3rd interface for communication with the server.
Sent from Cisco Technical Support iPad App
"If ingress traffic forwarding is enabled for a network security device, the destination port forwards traffic at Layer 2."
"Beginning in privileged EXEC mode, follow these steps to create a SPAN session, to specify the source ports or VLANs and the destination ports, and to enable incoming traffic on the destination port for a network security device (such as a Cisco IDS Sensor Appliance)."
I had a range of ports defined as the SPAN sources. I believed the traffic charge could be why the destination port did not forward ingress traffic. So I tried with only one source, but I had the same result.
I had the same issue with a 2960.
I ended up adding a static mac address as the port didn't learn any mac addresses.
This did the trick for me:
monitor session 1 source interface Gi1/0/1
monitor session 1 destination interface Gi1/0/2 ingress untagged vlan 2
mac address-table static xxxx.xxxx.xxxx vlan 2 interface GigabitEthernet1/0/2