10-04-2010 11:36 AM - edited 03-06-2019 01:18 PM
I have a setup that i need to capture traffic from 6 non cisco switches for a one port traffic analyzer.
(the solution of remote span and span vlan is not supported on these switches)
So my solution would be to get the traffic from the 6 switches on 6 ports on the 3560 switch.
So to prevent loops, i need to make the ports receiving the traffic from the non-cisco switched to be receive only ports.
To receive the tarffic on 6 ports ( receive only) and then span the traffic to the analyzer
Is a thing like this possible?
How I could configure a port so as not to forward any frames?
Best Regards
Mohamed Sadek
10-04-2010 12:10 PM
Hi Md. Sadek,
I have checked the requirements which you have but we really cannot make the switch to just receive traffic and not to send it acrross. If we talk about a layer 3 or a layer 2 traffic that cannot be limited on the port itselft. I have tried thinking of many ways but didn't came across any which accomplish this.
SPAN/RSPAN is the only way byt which we can make the port to just receive/listen to the traffic but not to forward any kind of traffic.
HTH
Rahul
10-04-2010 12:13 PM
Make your toplogy a little simple in this case. Donot inter-connect all these switch
, let these switches connect back to 3560 switch as the spoke-only. Configure the SPAN and monitor all the ports. that's the only way you can make this solution work, else no receive only option.
Cheers,
10-04-2010 11:28 PM
I appreciate all the replies, but isn't there a workaround like VACL to deny any any IP traffic,
or forcing a port to be in spanning tree blocked state.
Thanks
Mohamed
10-05-2010 02:50 AM
Hi Sadek,
As i said i thought about VACL as an option but as we know VACLs provide access control for all packets that are bridged within a VLAN or that are routed into or out of a VLAN. Unlike regular Cisco IOS ACLs that are configured on router interfaces and applied on routed packets only, VACLs apply to all packets. So we reaaly cannot distinguish the packets which are coming in and going out.
Also the spanning tree blocked ports will never get packets as they are blocked.
HTH
Rahul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide