Port Mirroring - So confused

mvaldez83 · ‎11-09-2012

Hello Everyone,

So I am tasked to enable port mirroring so some voice recording software can function properly. Here is what the requirements are but its simply not making any sense to me. I am hoping someone here who knows port mirroring can look at this and make sense from it.

"A mirroring policy sends a copy of ingress, egress, or both ingress and egress packets that match the policy condition to a specific port. This type of policy may use any condition; the mirror policy action determines the type of traffic to mirror and the port on which the mirrored traffic is received. The policy action mirror command is used to configure mirror to port (MTP) action for the policy. For example, the following policy mirrors infress packets to port 1/10:

-> policy condition c1 source ip

-> policy action a1 mirror ingress 1/10

-> policy rule r1 condition c1 action a1

-> qos apply

When the above rule is activated, any flows coming into the switch from source ip address 192.168.20.1 are mirrored to port 1/10. it also possible to combine the MTP action with other actions. For example:

-> policy condition c1 source ip

-> policy action a1 mirror ingress 1/10 disposition drop

-> policy rule r1 condition c1 action a1

-> qos apply

This policy rule example combines the MTP action with the drop action. As a result, this rule drops ingress traffic with a source IP, but the mirrored traffic from this source is not dropped."

mvaldez83 · ‎11-09-2012

I forgot to mention with working with Cisco 3560 switch with IP Base image.

mvaldez83 · ‎11-09-2012

I found some commands to enable port spanning:

Switch(config)#monitor session 1 source interface Fa0/18

Switch(config)#monitor session 1 destination interface Fa0/2

however i get a invalid input detected at ^ error. with the ^ at the m in monitor.

Ideas?

Abzal · ‎11-10-2012

Hi,

What exactly version of IOS are running on 3560?

You can check with this command:

sh ver

Best regards,
Abzal

mvaldez83 · ‎11-12-2012

Abzal,

I am running the following:

Cisco IOS Software, C3560 Software (C3560-IPBASE-M), Version 12.2(35)SE5, RELEAS E SOFTWARE (fc1)

Compiled Thu 19-Jul-07 18:15 by nachen

Image text-base: 0x00003000, data-base: 0x01100000

ROM: Bootstrap program is C3560 boot loader

BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(25r)SEC, RELEASE SOFTWAR E (fc4)

Sightly1 uptime is 2 days, 1 hour, 57 minutes

System returned to ROM by power-on

System image file is "flash:c3560-ipbase-mz.122-35.SE5/c3560-ipbase-mz.122-35.SE 5.bin"

cisco WS-C3560-48PS (PowerPC405) processor (revision P0) with 122880K/8184K byte s of memory.

Processor board ID FDO1228X0FP

Last reset from power-on

1 Virtual Ethernet interface

48 FastEthernet interfaces

4 Gigabit Ethernet interfaces

The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address : 00:22:56:C6:3B:80

Motherboard assembly number : 73-9676-13

Power supply part number : 341-0029-05

Motherboard serial number : FDO12270VNB

Power supply serial number : DTN122346R5

Model revision number : P0

Motherboard revision number : A0

Model number : WS-C3560-48PS-S

System serial number : FDO1228X0FP

SFP Module assembly part number : 73-7757-03

SFP Module revision Number : A0

SFP Module serial number : FDO12270NHN

Top Assembly Part Number : 800-25859-04

Top Assembly Revision Number : A0

Version ID : V05

CLEI Code Number : COMU210ARA

Hardware Board Revision Number : 0x01

Switch Ports Model SW Version SW Image

------ ----- ----- ---------- ----------

* 1 52 WS-C3560-48PS 12.2(35)SE5 C3560-IPBASE-M

Configuration register is 0xF

Abzal · ‎11-12-2012

On my network I have same switch but with another IOS ver. 12.2(55) and it's OK. It seems limitation of your IOS version.Try to upgrade IOS version.

Please rate helpful post.

Best regards,
Abzal