Re: How to setup a span port

dbuckley77 · ‎01-24-2022

I am setting a mirror/span port to capture traffic on a 6807 switch. I setup the span part using the commands below but do i have to configure anything on the actual interfaces? I am assuming I would setup the source port as an access vlan port just like I would any other port with a network host on it right? what about the destination port?

monitor session 1 source interface te2/1/4

monitor session 1 destination interface gi2/6/10

balaji.bandi · ‎01-24-2022

As per your configuration if the device is connected to Te2/1/4 you want to capture all the information or span that port as source. and where your capture recorded (or device connect to sniff the traffic will be connected to 2/6/10 as destination port)

Destination any PC running Wireshark to get information from source port.

#show monitor   - this give you information output of your monitor session

example video :

https://www.youtube.com/watch?v=QfZ8htoltRE

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

dbuckley77 · ‎01-24-2022

That doesn't answer my question. Currently the source and destination port for the mirror I setup are set to default . Do I have to configure anything on those interfaces themselves to get the mirror to work? I am assuming I would have to at least setup the source port as an access vlan X port like I would any other port I plug a network host into. And do I have to configure anything on the port that is the destination port?

balaji.bandi · ‎01-25-2022

You already answered your query in your first post (if you looking Local Span or mirror the traffic from the source port) - once that is configued that port will be soruce and destination as per below.

monitor session 1 source interface te2/1/4 - this where you looking to port traffic to mirros as source.

monitor session 1 destination interface gi2/6/10 - this where destination you going to sniff the traffic.

The video explain bit more to understand - hope this helps you.

Note: command syntax may change platform to platform, but the concept works as same.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

paul driver · ‎01-24-2022

Hello
To mirror (span) a port/vlan/trunk on a switch you would usually create a monitoring session.

example 1: scr/dest same switch
monitor session x source interface <port, vlan>
monitor session x destination interface x/x encapsulation replicate

or

monitor session x source interface x/x ( trunk-port)
monitor session x filter vlan x (filter just on that particualr vlan you wish to mirror)
monitor session x destination interface x/x encapsulation replicate

example 2: scr/dest same different switch
vlan X

remote span

sw1
monitor session x source interface <port, vlan>
monitor session x destination remote vlan x

sw2
monitor session x source remote vlan x
monitor session x destination interface x/x

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

mlund · ‎01-25-2022

Hi

No, you don't have to configure anything special on the source or destination ports, the monitor configuration will be sufficient.

The source port can be either an access-port or a trunk-port. If it is a trunk port the dot1q tags on frames will also be copied to the destination port, however the nic in receiving port may not be configured to deal with dot1q tags, if so it removes those tags.

What you are going to do with the receiving traffic, depends on your needs. I have seen cases when there have been equipment connected that is listening for vioce call setup, to have statistic for billing. But most of the time it have been used for troubleshooting, by using a wireshark.

/Mikael