02-19-2018 06:19 PM - edited 03-08-2019 01:56 PM
Hi Guys ,
Need some help on here . Because Meraki switch only support 1 destination SPAN port hence inorder to duplicate the traffic , i tried connect to cisco 2960 and configure multiple destination SPAN to archieve the objectives.
However , after configuration i realised that in the cisco 2960 destination dont have the same traffic captured . It only capture broadcast traffic only . Any idea ? Is the method below supported ? I have confirmed the Source SPAN at cisco 2960 is contain span traffics.
Diagram :
Meraki switch (Destination SPAN)---- (Source SPAN) Cisco 2960 -----(Multiple destination SPAN)
CLI command :
monitor session 2 source vlan 1 (Have tried interface also not working)
monitor session 2 destination interface Gi1/0/2 - 3 encapsulation replicate
02-19-2018 06:53 PM
If you plug your laptop directly into the Meraki, do you see all the traffic? I just want to make sure the issue is with the 2960.
You could also check the Output rates on Gig1/0/2-3 to make sure they match up to what you are seeing in wireshark. It could be an issue with your capture device. Are you sure there isn't a firewall blocking the traffic on the client and promiscuous mode is enabled in wireshark?
Also, some capture devices don't know how to handle vlan tags so make sure if you are doing encapsulation replicate, your end device and do that. Most Windows PCs will not be able to capture these packets.
I would do interface instead of vlan even though you said that didn't work either. Configuration looks good otherwise.
02-19-2018 09:08 PM
02-20-2018 04:59 AM
Hello,
Good to know. What is the configuration of the span source on the 2960? Is the meraki preserving the vlan tag? If so, the source interface on the Cisco switch will need to be a trunk.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide