Showing results for 
Search instead for 
Did you mean: 

How to make a cisco 3560 switch port work as receive only

Moahmed Sadek

I have a setup that i need to capture traffic from 6 non cisco switches for a one port traffic analyzer.

(the solution of remote span and span vlan is not supported on these switches)

So my solution would be to get the traffic from the 6 switches on 6 ports on the 3560 switch.

So to prevent loops, i need to make the ports receiving the traffic from the non-cisco switched to be receive only ports.

To receive the tarffic on 6 ports ( receive only) and then span the traffic to the analyzer

Is a thing like this possible?

How I could configure a port so as not to forward any frames?

Best Regards

Mohamed Sadek

4 Replies 4


Hi Md. Sadek,

I have checked the requirements which you have but we really cannot make the switch to just receive traffic and not to send it acrross. If we talk about a layer 3 or a layer 2 traffic that cannot be limited on the port itselft. I have tried thinking of many ways but didn't came across any which accomplish this.

SPAN/RSPAN is the only way byt which we can make the port to just receive/listen to the traffic but not to forward any kind of traffic.



Amit Singh
Cisco Employee
Cisco Employee

Make your toplogy a little simple in this case. Donot inter-connect all these switch
, let these switches connect back to 3560 switch as the spoke-only. Configure the SPAN and monitor all the ports. that's the only way you can make this solution work, else no receive only option.


Moahmed Sadek

I appreciate all the replies, but isn't there a workaround like VACL to deny any any IP traffic,

or forcing a port to be in spanning tree blocked state.



Hi Sadek,

As i said i thought about VACL as an option but as we know VACLs provide access control for all packets that  are bridged within a VLAN or that are routed into or out of a VLAN.  Unlike regular Cisco IOS ACLs that are configured on router interfaces  and applied on routed packets only, VACLs apply to all packets. So we reaaly cannot distinguish the packets which are coming in and going out.

Also the spanning tree blocked ports will never get packets as they are blocked.



Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers