05-04-2009 09:37 AM - edited 03-06-2019 05:31 AM
We have a Websense server connected to a Catalyst 2970, and also a PIX 515 through which outbound http traffice passes for users to surf the web.
The problem is, when I enter the "monitor session 1 destination" command on the interface the Websense server is connected to, we can no longer reach the server.
We had this working on a 2950, but it would occasionally lock up, so we are trying a 2970.
One difference I noticed in the output of "show monitor session 1 detail" is that the Ingress Encapsulation is NATIVE on the 2950, and it shows UNTAGGED on the 2970.
Not sure if that is relevant, and I see now way to manually set that to NATIVE.
Any thoughts?
05-04-2009 10:18 AM
Hello Gordon,
if you are trying to manage the server using the same port that is destination of the traffic this can be a problem.
you need to add an option to enable incoming traffic on the destination port
Enter ingress with keywords to enable forwarding of incoming traffic on the destination port and to specify the encapsulation type:
â¢dot1q vlan vlan-id-Accept incoming packets with IEEE 802.1Q encapsulation with the specified VLAN as the default VLAN.
â¢untagged vlan vlan-id or vlan vlan-id-Accept incoming packets with untagged encapsulation type with the specified VLAN as the default VLAN.
see
so if you want to accept untagged frames from the destination port use ingress untagged.
Hope to help
Giuseppe
05-04-2009 11:03 AM
I tried:
switch# monitor session 1 destination interface gig 0/23 ingress vlan 41
vlan 41 being the vlan that the websense and the firewall are both on.
this also kills our ability to reach the websense server.
05-04-2009 11:23 AM
HelloGordon ,
Have you also tried ingress untagged vlan 41 ?
Hope to help
Giuseppe
05-04-2009 11:29 AM
Guiueseppe,
I have tried untagged, dot1q, and plain vlan 41.
This worked on the 2950, but doesn't work on the 2970, which is at a newer IOS version.
The only difference I can see between the two switch configs is the Ingress encapsulation.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide