How to mirror trunk port as source port of cisco catalyst switch

King_1988 · ‎02-14-2024

Dear All,

Can you please tell if we mirror trunk port (with native vlan) as source how we have to configure in cisco switch? How destination server will detect native vlan packets.

switch config (Trunk port : 1/0/24):

------------

interface GigabitEthernet1/0/24
switchport trunk native vlan 10
switchport mode trunk
end

monitor session 1 source interface gi1/0/24 both

And also if we configure trunk without native vlan as uplink can we mirror the port as source interface?

David Ruess · ‎02-14-2024

Hello,

You can check here under the "source port" section and trunks:

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/10570-41.html#toc-hId--1701314165

By default it will monitor all VLANs. AS for it keeping the tag I believe it will as its part of the capture if its not on the native VLAN. Although I would have to lab it up to be completely sure.

-David

balaji.bandi · ‎02-14-2024

what is the requirement - you would like span the traffic what ever passing over 1/0/24 then that should work source as that port and configure where the destination you like to mirror the traffic :

example :

monitor session 1 source interface Twe1/0/1
monitor session 1 destination interface Twe1/0/2

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-9500-series-switches/218111-verify-span-and-erspan-on-catalyst-9000.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

King_1988 · ‎02-14-2024

Hi,

Thanks for the reply. We have done this same way. Actually my question was that can we mirror a trunk port as source? we have already taken a free port for destination which is connected to a span server. So how the destination span server will separate the traffic mirrored from a trunk port? Will it work as per your given two commands?

balaji.bandi · ‎02-14-2024

All the traffic on that Trunk port will be mirrored based on the destination (and destination port can not be source port - that is limitation)

if you you doing to locally on the same switch to mirror the traffic, but if you want to send to destination different switch port, then you should consider using RSPAN.

So how the destination span server will separate the traffic mirrored from a trunk port? Will it work as per your given two commands?

as long as source and destination not same port, that should work as expected.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

David Ruess · ‎02-15-2024

Yes you can have a trunk port as a source. B7uy default it will capture all VLANs. You can limit this with a filter as well.

King_1988 · ‎02-14-2024

Ok thanks. Got it. In case of Native vlan for the source port, the below mirror config will work or need any other command?

interface GigabitEthernet1/0/24
switchport trunk native vlan 10
switchport mode trunk
end

monitor session 1 source interface gi1/0/24 both

monitor session 1 destination interface gi1/0/20

King_1988 · ‎02-14-2024

Also how to packet capture from the destination port (mirroring) to see the traffic?

balaji.bandi · ‎02-15-2024

You can connect on destination port any device like Wireshark you can able to see the traffic.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help