Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
898
Views
0
Helpful
12
Replies

Spanning to a port AND having access to host on that port

mmedwid
Level 3
Level 3

‎04-04-2011 10:43 AM - edited ‎03-06-2019 04:26 PM

I tried spanning a VLAN to a port with the config below:

monitor session 1 destination interface Fa2/0/11 ingress untagged vlan 2

But when I added that line I could no longer ping nor RDP the host on that port. 

When I removed monitor session 1 access to the host came back immediately.

So it's definitely the culprit. 

interface FastEthernet2/0/11
switchport access vlan 2
switchport mode access
switchport voice vlan 2
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AutoQoS-Police-CiscoPhone
I then tried changing the access vlan to the data vlan 1 but that yielded the same result.
The host is reachable without the monitor session 1 but adding that hoses connectivity.
How can I have my cake and eat it too??

Labels:
0 Helpful
12 Replies 12

cadet alain
VIP Alumni
VIP Alumni

‎04-04-2011 11:06 AM

Hi,

a destination SPAN port can't be a normal data port that's why it is up/down as you will see if you do a sh interface.

I'm afraid you won't be able to eat this cake.

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

Aileron88
Level 1
Level 1
In response to cadet alain

‎04-04-2011 12:48 PM

Hmmm... I thought you could do this. I'll have a look around.

Adam

0 Helpful

Alvaro Garcia
Level 1
Level 1

‎04-04-2011 12:57 PM

Not all switches support the option of having ann active destination SPAN port.

Please share what type of switch you have and the IOS version.

Regards,

Varo

0 Helpful

mmedwid
Level 3
Level 3
In response to Alvaro Garcia

‎04-04-2011 02:12 PM

c3750-1#sho ver

Cisco IOS Software, C3750 Software (C3750-ADVIPSERVICESK9-M), Version 12.2(46)SE, RELEASE SOFTWARE (fc2)

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to mmedwid

‎04-04-2011 11:12 PM

Hi,

take a look here : http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_46_se/configuration/guide/swspan.html#wp1036749

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

hobbe
Level 7
Level 7

‎04-04-2011 11:37 PM

Hi

AFAIK the span port blocks all outgoing traffic on 3750´s.

I am sorry but I must ask.

Why would you want that ?

I love the fact that i do not have to worry about disturbing the server on the other end when sniffing by answering a packet or something.

and no need to make filters for capture that i do not accidental gets a lot of traffic that is control traffic (ie to my own pc).

My advice would be that If you need control traffic, set up another interface on the sniffer computer and use that for control traffic.

The only time this have been a problem was when I forgot about a monitor session configuration i had made and a month later accidentally connected a pc to that port.

I could get no connection, no dhcp address and so on then i connected my laptop and was quite confused since i did se traffic, after a little while i realised that i saw traffic not destined for this computer and checked the configuration and sure enough it was a destination port.

Ever since then i try to plug each port i use as a monitor destination port with a RJ45 plug that is blind (without cable). That way i know where my destination ports are and no mistakes can be made.

Good luck

HTH

0 Helpful

mmedwid
Level 3
Level 3
In response to hobbe

‎04-05-2011 08:54 AM

The reason is this is a remote site with no spare computers except a laptop for me to do my packet sniffing with Wireshark. 

0 Helpful

Alvaro Garcia
Level 1
Level 1
In response to mmedwid

‎04-05-2011 09:09 AM

Well, you would definitely not able to remotely access the computer while it is connected to the SPAN destination port.

I am assuming that you want to do that to check the sniffer results.

0 Helpful

mmedwid
Level 3
Level 3
In response to Alvaro Garcia

‎04-05-2011 09:11 AM

I'll try starting wireshark, spanning the port, then turning off spanning and see if packets get captured in the interim while I can't

access the laptop.

0 Helpful

hobbe
Level 7
Level 7
In response to mmedwid

‎04-05-2011 09:22 AM

A extra NIC will solve that for you.

A usb ethernet adapter, or if there is a pcmcia/pccard slot or the wireless might work for you.

connect both of the nics to the switch and use the internal nic for sniffing.

Good luck

HTH

0 Helpful

mmedwid
Level 3
Level 3
In response to mmedwid

‎04-05-2011 09:30 AM

For some reason wireshark did not detect any packets when I spanned the port.  I'm checking with my local contact if there's

any way he can dig up a second interface - for the system.  Perhaps he could put it in a docking station.

0 Helpful

Alvaro Garcia
Level 1
Level 1
In response to mmedwid

‎04-05-2011 09:53 AM

You may like check if Wireshark is configured in 'Promiscuous Mode"... and yes, a second NIC or a wireless card would definitely help

0 Helpful
Customers Also Viewed These Support Documents