cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1308
Views
15
Helpful
9
Replies

SPAN port cisco 9400 troubleshooting

byrollo rg
Level 1
Level 1

Hi,
I want to set up a SPAN port on cisco 9400 for future troubleshooting, to capture *all* core traffic (important: all trunk/access ports), so that I can analyze it with a wireshark installed on notebook PC in port 6/0/38.
I have 2 questions:

 

- is the PORT SPAN configuration correct?

monitor session 1 source vlan 1 - 1000
monitor session 1 destination interface Gi6/0/38 encapsulation dot1q

- is it correct to put the destination port in TRUNK or is it more correct in ACCESS?

interface GigabitEthernet6/0/38
description SPAN Port Troubleshooting
switchport mode trunk

thanks in advance

9 Replies 9

balaji.bandi
Hall of Fame
Hall of Fame

I saw the link, but I can't find the answer to my 2 questions, can you help me please?

interface GigabitEthernet6/0/38
description SPAN Port Troubleshooting
switchport mode  access

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

switchport mode  access

But does this apply regardless of how "Encapsulation Mode" is set on destination port?
In order to capture all the traffic is it better to have DOT1Q or REPLICATE?
In my case I set it this way:

SW#show monitor session 1
Type                     : Local Session
Source VLANs             :
    Both                 : 1-1000
Destination Ports        : Gi6/0/38
    Encapsulation        : DOT1Q
          Ingress        : Disabled
		  
monitor session session-number destination { interface interface-id [ , | -] [ encapsulation { replicate | dot1q} ] }
encapsulation replicate:
 - Specifies that the destination interface replicates the source interface encapsulation method. If not selected, the default is to send packets in native form (untagged).
encapsulation dot1q:
 - Specifies that the destination interface accepts the source interface incoming packets with IEEE 802.1Q encapsulation.

Thank you so much for help

can someone please clarify this for me?

this should work for you, until we misunderstand your requirement, 

 

monitor session 1 source vlan 1 - 1000
monitor session 1 destination interface Gi6/0/38 
interface GigabitEthernet6/0/38
description SPAN Port Troubleshooting
switchport mode  access

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

usman ali dar
Level 1
Level 1

Hi you dont have to mention anything for the destination port just leave it in NoShut mode and thats it

Reza Sharifi
Hall of Fame
Hall of Fame

Hi,

 

is the PORT SPAN configuration correct?

Yes, that is correct but I would use the actual number of VLANs you have on the switch e.g 5, 10, 20, etc., and not 1000.  

- is it correct to put the destination port in TRUNK or is it more correct in ACCESS?

The destination port (g6/0/38) is where your laptop will be connected and needs to be configured as an access port.

HTH

 

 

 

Hi, My apologies i was thinking you are using Nexus; in CATOS we will just configure the port "switchport mode access" and in nexus we use "switchport monitor"

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco