Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
934
Views
0
Helpful
3
Replies

port monitoring destination - multiple ESXi hosts

gddl630.cisco
Level 1
Level 1

‎06-23-2011 02:51 AM - edited ‎03-07-2019 12:56 AM

Presently the destination is an interface Gi5/43, but that is connected to a single host and ideally I need to be able to have the destination be 3 hosts(ESXi).

In brief I have few VMs that run the likes of websense, ntop, iftop & OSSIM and all require second interfaces in promiscuous mode and I am looking for ways to be able to move those machines freely within a vSphere cluster, but for that purpose I need each host to be able to see the traffic from that VLAN 10. this is traffic not only from our virtual estate, but vlan with our firewall and internet connections.

This is what is presently configured on 4507R (Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000-I9S-M), Version 12.2(25)EWA5, RELEASE SOFTWARE (fc1))

monitor session 1 source vlan 10
monitor session 1 destination interface Gi5/43

is it possible to enable 3 ports on that switch to see the traffic from vlan 10? and if so how?

Labels:
0 Helpful
3 Replies 3

Antonio Knox
Level 7
Level 7

‎06-23-2011 04:56 AM

Create 3 sessions (this example assumes the 3 destination interfaces are consecutive)

monitor session 1 source vlan 10

monitor session 1 destination interface Gi5/43

monitor session 2 source vlan 10

monitor session 2 destination interface Gi5/44

monitor session 3 source vlan 10

monitor session 3 destination interface Gi5/45

0 Helpful

gddl630.cisco
Level 1
Level 1
In response to Antonio Knox

‎06-23-2011 05:19 AM

Thanks Antonio,

It seems I have a platform limitation and cannot create more than 2:

monitor session 1 source vlan 10

monitor session 1 destination interface Gi5/43

monitor session 2 source vlan 10

monitor session 2 destination interface Gi7/20

for the third one I get the message below:

core(config)#monitor session 3 source vlan 10

% This platform allows a maximum of 2 concurrent sessions with RX sources and

% 4 concurrent sessions with TX sources.  (Bidirectional sources count as

% both RX and TX; remote VLAN sources count as RX.)

vlan 10 contains our two firewalls - is there anything I can change in the source definition so that this can be configured?

I need to be able to see traffic in/out on both internet connections - there are only 3 active addresses on that vlan - 192.168.110.1 defined on the vlan itself and the two firewalls Gi7/12 and Gi6/23

!

interface Vlan10

description ----- vlan  10 - 192.168.110.0/24 - firewalls -----

ip address 192.168.110.1 255.255.255.0

no ip redirects

!

interface GigabitEthernet7/12

description ----- PA500-NF - vlan 10 - gi7/12 - 192.168.110.253 -----

switchport access vlan 10

switchport mode access

flowcontrol receive off

flowcontrol send off

spanning-tree portfast

end

!

interface GigabitEthernet6/23

description ----- PIX-BT - vlan 10 - gi6/23 - 192.168.110.254 -----

switchport access vlan 10

switchport mode access

flowcontrol receive off

flowcontrol send off

spanning-tree portfast

end

0 Helpful

Antonio Knox
Level 7
Level 7
In response to gddl630.cisco

‎06-23-2011 06:00 AM

This is normal.  I actually forgot that the limit is 2 for VLAN SOURCE sessions. You may want to look into using a TAP for the 3rd port.  Should work fine.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card