Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
11026
Views
2
Helpful
5
Replies

How to setup a span port

dbuckley77
Level 1
Level 1

‎01-24-2022 10:22 AM

I am setting a mirror/span port to capture traffic on a 6807 switch.  I setup the span part using the commands below but do i have to configure anything on the actual interfaces?  I am assuming I would setup the source port as an access vlan port just like I would any other port with a network host on it right?  what about the destination port?

 

monitor session 1 source interface te2/1/4

monitor session 1 destination interface gi2/6/10

1 person had this problem
Labels:
0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎01-24-2022 10:30 AM - edited ‎01-24-2022 10:31 AM

As per your configuration if the device is connected to Te2/1/4 you want to capture all the information or span that port as source. and where your capture recorded (or device connect to sniff the traffic will be connected to 2/6/10 as destination port)

 

Destination any PC running Wireshark to get information from source port.

 

#show monitor   - this give you information output of your monitor session

 

example video :

 

https://www.youtube.com/watch?v=QfZ8htoltRE

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

dbuckley77
Level 1
Level 1
In response to balaji.bandi

‎01-24-2022 10:41 AM

That doesn't answer my question.  Currently the source and destination port for the mirror I setup are set to default .  Do I have to configure anything on those interfaces themselves to get the mirror to work?  I am assuming I would have to at least setup the source port as an access vlan X port like I would any other port I plug a network host into.  And do I have to configure anything on the port that is the destination port?

balaji.bandi
Hall of Fame
Hall of Fame
In response to dbuckley77

‎01-25-2022 02:20 AM

You already answered your query in your first post (if you looking Local Span or mirror the traffic from the source port)  - once that is configued that port will be soruce and destination as per below.

 

 

monitor session 1 source interface te2/1/4   - this where you looking to port traffic to mirros as source.

monitor session 1 destination interface gi2/6/10  - this where destination you going to sniff the traffic.

 

The video explain bit more to understand - hope this helps you.

 

Note: command syntax may change platform to platform, but the concept works as same.

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

paul driver
VIP
VIP

‎01-24-2022 11:47 AM

Hello
To mirror (span) a port/vlan/trunk on a switch you would usually create a monitoring session.

example 1:  scr/dest same switch
monitor session x source interface <port, vlan> 
monitor session x destination interface x/x encapsulation replicate

or

monitor session x source interface x/x ( trunk-port)
monitor session x filter vlan x  (filter just on that particualr vlan you wish to mirror)
monitor session x destination interface x/x encapsulation replicate

 

example 2:  scr/dest same different switch
vlan X

remote span

sw1
monitor session x source interface  <port, vlan> 
monitor session x destination remote vlan x


sw2
monitor session x source  remote vlan x
monitor session x destination  interface x/x 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

mlund
Level 7
Level 7

‎01-25-2022 02:28 AM

Hi

No, you don't have to configure anything special on the source or destination ports, the monitor configuration will be sufficient.

The source port can be either an access-port or a trunk-port. If it is a trunk port the dot1q tags on frames will also be copied to the destination port, however the nic in receiving port may not be configured to deal with dot1q tags, if so it removes those tags.

What you are going to do with the receiving traffic, depends on your needs. I have seen cases when there have been equipment connected that is listening for vioce call setup, to have statistic for billing. But most of the time it have been used for troubleshooting, by using a wireshark.

/Mikael

Customers Also Viewed These Support Documents
Top