07-31-2011 05:46 PM - edited 03-04-2019 01:08 PM
Hi -
I am having some problems creating a SPAN port on my Cisco 871 (running IOS 12.4-11T).
My 871 is connected to a DSL modem, and uses "IP Negotiated" to get its dynamic ip address.
I want to monitor the WAN port (FastEthernet4) using SPAN, but when I type "monitor session 1 source interface FastEthernet4" into the cli, it is rejected. I can successfully use any of the other FastEthernet ports, as well as Vlan1 as a source for the SPAN session.
I have tried to use Dialer0 instead of FastEthernet4, but it still doesnt work.
Does anyone know what I am doing wrong? I could swear that I had this exact problem a few years ago....but for the life of me I cant remember how, or if, I was able to solve it.
Thanks,
Mike
07-31-2011 10:29 PM
Mike,
I would not be surprised if the Fa4 was not be SPANnable, at least in recent IOSes, because of its WAN status. I assume it is a "no switchport", i.e. a Layer3 interface, right? On switches, there would be no problem with monitoring any interface but the 871 platform may have its limitations.
The only thing I can think of right now is using the IP Traffic Export which, however, works only for IP traffic. You may read more about the functionality here:
Best regards,
Peter
07-31-2011 10:59 PM
Hi Peter,
Thank you very much for the information.
I think you are right about the 871's WAN port.....After reading your post, I went and found a description of the 871 at Cisco and the WAN port is described as being separate to the 4-port switch.
What is weird, however, is when I type the following command in - "monitor session 1 source interface FastEthernet ?" and it returns <0-4>.
I will investigate the IP Traffic Export that you mentioned in your post....to be honest, I didn't even know it existed, and it might be exactly what I am looking for.
Thanks again,
Mike
08-02-2011 04:45 AM
Why don't you just monitor the switchports. It would be easier if you are using one port from the FA 0-3. Then if you want to monitor the ingress traffic from internet you just monitor the egress from port FA 0 if it this is the one you are using to connect to your network. If you want you can monitor all the traffic both ingress or egress. If you use more ports there are few other options.
Best regards,
Alex
08-02-2011 02:33 PM
As others said, a regular LAN interface cannot do SPAN.
You can use IOS packet capture to see what's going through.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide