Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2208
Views
0
Helpful
6
Replies

No traffic on SPAN port

slicerpro
Level 1
Level 1

‎12-13-2016 01:42 PM - edited ‎03-08-2019 08:33 AM

Hi,

I have configuration for our client's IDS as follows:

show monitor session all
Session 1
---------
Type : Local Session
Source Ports :
Both : Gi1/0/21
Destination Ports : Gi1/0/10
Encapsulation : Native
Ingress : Disabled


Session 2
---------
Type : Local Session
Source Ports :
Both : Gi1/0/21
Destination Ports : Gi1/0/5
Encapsulation : Native
Ingress : Disabled

The first session was configured years ago, the second one is the new one. We are trying to migrate to new IDS systems and so we configured the second session. Problem is the second one shows 0 traffic. Upon further investigation, I found out that the first one has been broke for a while as well ...no one knows how long. I have scratched my to no avail.

Here are the port configurations:

show run int Gi1/0/21
Building configuration...

Current configuration : 220 bytes
!
interface GigabitEthernet1/0/21
description FW01-Gi0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1400-1403,1405-1413,4024
switchport mode trunk
spanning-tree guard loop
end

show run int Gi1/0/10
Building configuration...

Current configuration : 95 bytes
!
interface GigabitEthernet1/0/10
description IDS01-monitor
switchport mode access
end


show run int Gi1/0/5
Building configuration...

Current configuration : 95 bytes
!
interface GigabitEthernet1/0/5
description IDS02-monitor
switchport mode access
end

I would also like to point out that the interface counters on the destination ports all show 0s ..so no point checking the IDS machine if nothing is being sent that way. There is traffic on the source interface though.

WE are running a  WS-C3750E-48TD-S on 15.0(1)SE. Any insight will be highly appreciated. Let me know if you need more information.

Labels:
0 Helpful
6 Replies 6

Dennis Mink
VIP Alumni
VIP Alumni

‎12-13-2016 01:49 PM

what does the config look like in relation to the SPAN session

Have you got SPAN working any where at all?

Test it first with a test access port and run wireshark  on the the destination port.

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

slicerpro
Level 1
Level 1
In response to Dennis Mink

‎12-13-2016 01:53 PM

Thanks Dennis for your reply. I'm not clear on how you want me to test with test access port. Do you mean configure a different dst port for testing?

0 Helpful

Dennis Mink
VIP Alumni
VIP Alumni
In response to slicerpro

‎12-13-2016 02:19 PM

correct, a completely different pair of source and destination ports. at least establish if span works at all.

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

slicerpro
Level 1
Level 1
In response to Dennis Mink

‎12-13-2016 02:43 PM

gotcha.. I will report back.

0 Helpful

acampbell
VIP Alumni
VIP Alumni
In response to slicerpro

‎12-13-2016 04:16 PM

Hi,

The port you are trying to span is a trunk.
Can you re-test using below

!
no monitor session 2
monitor session 2 source interface gigabitethernet1/0/21
monitor session 2 destination interface gigabitethernet1/0/5 encapsulation replicate
!

Regards
Alex

Regards, Alex. Please rate useful posts.
0 Helpful

slicerpro
Level 1
Level 1
In response to acampbell

‎12-20-2016 03:05 PM

I changed the configuration so that the source is the vlans instead of the physical port and now its working

0 Helpful
Customers Also Viewed These Support Documents