09-19-2014 10:05 AM - edited 03-07-2019 08:49 PM
We have a VLAN for QA, the gateway is a CISCO 2811 router. We want to set up a monitor on a switch to replicate all data that goes across this VLAN. We set up a SPAN with the source as the VLAN and a destination is an interface on the switch. We are only getting broadcast messages. I want all traffic from this VLAN to go to our monitor on a CISCO interface. What would I need to make all of this work?
Here is what we have on the CISCO Switch.
4700-SR-B1B#sh monitor session all
Session 1
---------
Type : Local Session
Source VLANs :
Both : 871
Destination Ports : Fa0/46
Encapsulation : Replicate
Ingress : Disabled
09-19-2014 11:01 AM
Try this:
#conf t
#monitor session 1 source vlan <desired vlan ID>
#monitor session 1 destination interface f0/46 -your sniffer device here
and in your "show command i dont see any source configured
09-19-2014 11:20 AM
That is the command I ran, 871 is the VLAN I am using as the source. I tried it again and the output on the show is the same.
09-19-2014 11:23 AM
Guessing you are using wireshark?
Try disabling your firewall, it may be blocking traffic
Anyway, if it still does not work, best solution is to monitor the port going to the router itself
#monitor session 1 source interface <port to router>
#monitor session 1 destination interface f0/46 -your sniffer device here
In your wireshark, you can use filters to filter out unnecessary networks, or show only desired network
09-19-2014 11:31 AM
Its not Wireshark, I am not sure what they set up. the destination port is also in the same VLAN as the source we want to monitor. Will that work? There is no firewall.
09-19-2014 11:36 AM
Well, first of all, whatever vlan that port is (destination) it does not matter
Anyway, I think you better consult the people on whatever device you have placed there considering you are "not sure what they set up" w/c I recommend you should know first.
That device may not support sniffing, but rather WCCP.
Let assume that it does use sniffing and considering that is a device, whatever that is, there should be a way to filter out traffic, or exclude traffic to whatever the purpose that device is.
consult your installer/contractor about that.
09-19-2014 11:47 AM
Thanks, it is Wireshark. All they are seeing is broadcast messages.
09-19-2014 11:49 AM
Well do my recommendation as above :))
#monitor session 1 source interface <port to router>
#monitor session 1 destination interface f0/46 -your sniffer device here
Again use wireshark filters to filter out unneeded traffic, or display only desired traffic.
The "how to filter" in wireshark, pretty simple just there is a big "filter" once you start capturing.
09-19-2014 11:51 AM
Thanks, I will work on this a for a while and let you know.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide