I am puzzled. There are a couple of posts in this thread that appear to have the output of show monitor session 1 when you were monitoring vlans. Why was it ok then and not ok now?

HTH

Rick

I just mean that I can't capture an image and post it.  I'll provided that output though.

Thanks for the explanation. Is port 1, which you say is connected to an external switch, configured as an access port or as a trunk port? Are the devices connected on ports 1, 2, 3 able to communicate successfully? (so there would be traffic to capture we just are not capturing it)

HTH

Rick

I am not sure why it would be different but I am grasping at straws here. Would you configure the monitor session to monitor just a single port where we know it connects to a single device (so ports 2 or 3) with output to 12.

HTH

Rick

I did try that earlier without any changes to what I am seeing on wireshark.  I have seen a couple of tcp hits from port 3 (dell server) but nothing on port 2 when I navigate to the webpage or run tcping.  I really only have the ability to use the laptop on port 2.  I don't have access to the server on port 3. I talked to the guy that manages the monitoring server.  I've plugged the cable back into the dell and I'm waiting to see if there is any difference on his end now that I've removed the trunk configuration from port 12.

Will the port monitoring continue to be the normal mode for Gig1/0/12? When Gig1/0/12 is the destination for port monitoring it does not send or receive normal traffic and only sends the traffic from the monitor session. (in this case I am not sure that it makes much difference how the port is configured. but it will certainly not operate as a trunk and so having it configured as just access port seems more appropriate)

Also can you tell us a bit about this network monitoring that the server does using Gig1/0/12? Is this monitoring using packet capture data (in which case the port monitoring continues to be needed). Or is this monitoring which sends requests and receives information, or just receives reports from network devices (in which case port monitoring will not be used and perhaps it makes a bit more difference how the port is configured)?

HTH

Rick

I don't know what software package is being used on the server to monitor traffic but we were asked to configure the port for that interface as a monitoring port.  No one in this building has ever configured a monitoring port before so we used our best guess as to its configuration.  The initial though was that it would need to be able to see the vlans, that is why it was incorrectly configured as a trunk. It should just be a monitoring port from now on.

Thank you for the clarification. If they specifically asked that it be set up as a monitoring port we must assume that this is what they need it to be. In that case the switchport should be configured as a simple access port. I am not sure if it is significant, but could you arrange that after the config change is made on the interface that the switch is rebooted? I have seen some instances where something in the config was changed but somehow remnants of the older config seem to persist.

HTH

Rick

port 1 is connected to a brocade switch that I do not control. 

port 2 is connected to a laptop that is able to communicate to websites outside of our building

port 3 is connected to one port of a dell server

port 12 is usually connected to the other port on the dell server that has some kind of network monitoring software.  I don't have any control over this server.

I take the cable that is connected to port 12 and stick it on a laptop with wireshark so I can see the traffic. 

show monitor session 1

Type : local session

source Ports :

both : Gi1/0/1-3

destination : Gi1/0/12

Encapsulation : Native

ingress : Disabled

Since your ports are different VLAN, can you try 1 port and let us know as we recomended before

how monitor session 1

Type : local session

source Ports :

both : Gi1/0/1-3 ( remove 2 and 3 from here)

destination : Gi1/0/12

make sure you have some traffic going in and out of gi 1/0/1 to capture.

Hello

Your Local span session at this time looks correct, Just wondering if your traffic analyzer is working accordingly  and nothing is negating it working on the device attached to your span destination port?

Can you turn off any software fw running on the capture device just for testing purposes?

Lastly reading you previous config posts please note spanned sources cannot be vlans and ports at the same time you cannot mix them, its either one of the other

Again I think I am grasping at straws - but the behavior that you describe would be consistent with a scenario where the connection of your laptop with wireshark was to some port other than 1/0/12. Can you verify that your monitoring laptop is connected to 1/0/12?

HTH

Rick