03-19-2021 05:08 AM
Hi,
I want to set up a SPAN port on cisco 9400 for future troubleshooting, to capture *all* core traffic (important: all trunk/access ports), so that I can analyze it with a wireshark installed on notebook PC in port 6/0/38.
I have 2 questions:
- is the PORT SPAN configuration correct?
monitor session 1 source vlan 1 - 1000 monitor session 1 destination interface Gi6/0/38 encapsulation dot1q
- is it correct to put the destination port in TRUNK or is it more correct in ACCESS?
interface GigabitEthernet6/0/38 description SPAN Port Troubleshooting switchport mode trunk
thanks in advance
03-19-2021 05:16 AM
Look at the guide lines of destination port :
03-19-2021 06:43 AM
I saw the link, but I can't find the answer to my 2 questions, can you help me please?
03-20-2021 12:46 AM
interface GigabitEthernet6/0/38 description SPAN Port Troubleshooting switchport mode access
03-20-2021 05:01 AM
switchport mode access
But does this apply regardless of how "Encapsulation Mode" is set on destination port?
In order to capture all the traffic is it better to have DOT1Q or REPLICATE?
In my case I set it this way:
SW#show monitor session 1 Type : Local Session Source VLANs : Both : 1-1000 Destination Ports : Gi6/0/38 Encapsulation : DOT1Q Ingress : Disabled monitor session session-number destination { interface interface-id [ , | -] [ encapsulation { replicate | dot1q} ] } encapsulation replicate: - Specifies that the destination interface replicates the source interface encapsulation method. If not selected, the default is to send packets in native form (untagged). encapsulation dot1q: - Specifies that the destination interface accepts the source interface incoming packets with IEEE 802.1Q encapsulation.
Thank you so much for help
03-24-2021 01:54 AM
can someone please clarify this for me?
03-24-2021 01:46 PM
this should work for you, until we misunderstand your requirement,
monitor session 1 source vlan 1 - 1000 monitor session 1 destination interface Gi6/0/38
interface GigabitEthernet6/0/38 description SPAN Port Troubleshooting switchport mode access
03-19-2021 01:11 PM
Hi you dont have to mention anything for the destination port just leave it in NoShut mode and thats it
03-19-2021 01:29 PM - edited 03-19-2021 01:33 PM
Hi,
is the PORT SPAN configuration correct?
Yes, that is correct but I would use the actual number of VLANs you have on the switch e.g 5, 10, 20, etc., and not 1000.
- is it correct to put the destination port in TRUNK or is it more correct in ACCESS?
The destination port (g6/0/38) is where your laptop will be connected and needs to be configured as an access port.
HTH
03-19-2021 01:39 PM
Hi, My apologies i was thinking you are using Nexus; in CATOS we will just configure the port "switchport mode access" and in nexus we use "switchport monitor"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide