I have been told there is a limit (8) on the number of source ports that can be mirrored to a given destination port. I can find no specifications or other documentation to corroborate this claim. Any factual data to confirm or refute this claim?
View 7 RepliesRecently our company purchased 3 Lynksys SGE2010p, At the moment they work as a stack but as we are implementing UCCX we need to mirror 15 ports but during the provisioning i've noticed that the limit is 8 ports per stack. I'm wondering whether this is a known issue or just a known limitation . I believe that most probably i'll need to move back to stand alone mode so i could configure 8 mirrored ports per switch.
View 2 Replies View Relatedi was able to configure (via SF200 web interface) a port mirroring from port FE17 to FE7.i have supressed this port mirroring.when i try to reconfigure a port mirroring from port FE17 to FE3. The SF200 web interface crash. the SF200 seems to reboot.
i have updated the SF200 firmware from V1.1.2.0 to V1.1.2.9.44 when i was able to configure (via SF200 web interface) a port mirroring from port FE17 to FE7.But after having suppressed this port mirroring again, i was not able to reconfigure a new port mirroring from port FE1 to FE3 (the SF200 hangs).
i have also tried to return to default factory setting but this does not solve the issue.i am working on SF200-24P
I have a Cisco Catalyst 3750X switch, and I have configured port mirroring on it. Traffic from 12 of the 1G ports will be mirrored to both 10G ports, and I have connected both 10G ports to a server that captures the traffic.
Currently, I have one of the 12 1G ports connected to another server that replays a pcap file once at maximum speed (i.e. option -t in tcpreplay). I thought that this setup means I should get twice the number of packets (and rate) from the two 10G ports. However, I noticed that although the original pcap file contains 4288 packets, the number of packets from the two 10G ports varies between 31000 to 34000 packets, which is about 7 to 8 times the original number of packets. Why am I getting more than twice the amount of traffic, and why does the output vary?
I have 2 switch groups.
2 SGE2010's with VLAN's defined as 10,20 and 30
Vlan 10 is the management VLAN, and it uplinks to our border router.Vlan 20 is the workstation VLAN, and all workstations point to the switch as their default GW? Vlan 30 is the ip phone VLAN, and all phones use this as their gateway.
I would like to put a LAG between said switches, we have some servers on the ip phone switch that need to be accessed by the workstation clients, and the single 100mb link through the router is probably not going to be enough.As I understand it, because the switches have different networks on them, a simple lag will not work. I did create a lag, and assign ip addresses to each side, however in that mode, it doesn't appear I can block vlan 10 from transiting the LAG, and with out that block I will end up with a logical loop, and spanning-tree will block one of the uplinks, or the LAG itself.
I have created a mirror to copy all packets from Interface gi1 to interface gi28. I don't see any port 80 traffic, or 443 or any revelant traffic. I see mostly broadcast from other devices. I have a security device that is logging all the copied packets from my firewall for malware/IPS, etc inspection.Right now I have it monitoring vlan 1 in the hope that it would resolve this issue but I see no change.
View 1 Replies View RelatedI want to configure port mirroring on SG300 swtich, port monitoring status is "Not Ready" , and i can not monitor the source interface!
View 1 Replies View RelatedI'm troubleshooting a LAN issue I have, and I wanted to hook up wireshark to record traffic over the course of a couple of hours for later diagnostics. I went into the web administration interface, clicked Administration > Diagnostics > Port and VLAN Mirroring, and added a port mirror from the port I wanted to watch to a port to which I had connected a laptop. I picked the Tx and Rx options, and clicked Apply.I did receive lots of traffic in wireshark, but I noticed immediately that the server on the port I had mirrored was suddenly unavailable on the network -- pings timed out. This lasted until I removed the mirror, then the server was suddenly reachable once again.Does this feature not work the way I had thought it does? What I saw looked more like a forward than what I would call a mirror. The documentation leads me to believe mirroring is intended to be used in just the way I was attempting to use it.
View 1 Replies View RelatedIf switches on a network doesn't support remote port mirroring and only local port mirroring, What are the options to still capture all the traffic from all switches on 1 single core switch?
View 1 Replies View RelatedDoes the ESW 520 24P Support Mirroring 20 Ports Traffic to 1 Destination Port?
View 3 Replies View RelatedI volunteer at a school who just purchased two 48 port SGE2010 managed switches. I am not a big fan of the web gui and was hoping to see the standard Cisco command prompt instead of the menu-type interface.
Is there a way to view the MAC table showing which MAC address is plugged into which port on the switch? I have been fighting with the menu and the gui for a while now and do not see this anywhere.
is ASR 1006 supported span port or port mirroring? Any config about that?
View 2 Replies View RelatedI looking to buy SGE 2010 swith, but I have some question:
1. Can I use 4 SFP ports and stack of two switches at the same time.
2. Is it possible to use for stacking ports other than 24, 48?
3. What is maximum possible number of ports to use for stacking (can I get more than 1Gb thruput).
I currently have two SGE2010's with a 4-port LAG configured between them. I'm looking to add another two SGE2010's and I want to add redundancy at the same time. The switches are currently in standalone mode. I don't have fiber connectors and was planning on just using copper for the uplinks.
My questions are:
- Is it possible to use stack mode in conjunction with 4-port LAG groups to create redundant 4-port links between all of the switches? The documentation says that ports 24&48 are reserved for stacking - does that mean I can't specify a LAG instead?
- If 4-port LAGs aren't possible, does that mean that these switches max out at 1Gpbs uplinks if you use stack mode?
I have looked up the command sequence for port mirroring and it seems pretty straight forward however in my case the command will not execute.
I have a 851W with 12.4T
If I do: #monitor session 1 source interface fa 4 (wan port)
i get the response invalid input detected however if I do the same command for fa 1, fa ,2 and fa 3 they work
Using the ? shows the valid entries are [0-4] for fastethernet
I just want to monitor WAN traffic with WireShark, particularly DDNS requests, with a spare PC connected to a free lan port.
I would use a hub on the Wan connection but unfortunately I do not have one at the moment.
I'm trying to setup port mirroring on a Cisco ASA 5510, but when I try to use the switchport monitor command, that command is not recognized.I've selected what interface I want to configure (conf-if), but the switchport command seems to not be part of the IOS.I'm running ASA version 8.2(1)
View 9 Replies View RelatedI've just installed 2 of these in my workplace on a PLC network.I'm now looking to set one of the ports up as my diagnostic port and would like to be able to mirror any of the other ports to this port.I believe it is called SPAN on Cisco switches.The only reference I can find to it is configuring via Telnet which I haven't got a clue about.On my old Wiedmuller switches it was just a few clicks away.
View 3 Replies View RelatedDoes it have this switch some port mirroring capability (SPAN or other)?
View 2 Replies View RelatedI am trying to configure a SNORT IDS system running on a physical machine using Linux as the base OS. I have a small lab network setup with 3 VLANs, a 3548 switch and a 2611 router acting as the router on a stick/inter-vlan router. My goal is to setup SNORT as a host-based IDS system. To do that I know I need to use the "port monitor" command on the switch and I have tested this and it works fine only when the snort system and the traffic I want to monitor reside on the same VLAN.My problem is I want to be able to monitor a trunk link betwee the switch and router to see traffic coming from my 3 VLANs which contain servers. My goal is to run attacks on the servers to test SNORT's effectiveness.
Relevant information from my configuration: interface fa 0/1 on switch is the trunk like carry 3 vlans to the router On the switch:
int fa 0/1
switchport mode trunk
int fa 0/5
port monitor fa 0/1
switchport mode access
The switch will not allow me to configure fa 0/5 as a trunk, only can be an access port.So right now, SNORT does not see any traffic other than traffic from my router to the switch. I assume because this is going over the native VLAN (1 in this case) and that is the same VLAN that SNORT box resides on on interface fa 0/5. So I know the span is working to an extent, but traffic from my other VLANs (server to server traffic) does not show on SNORT at all.I have done some research on Cisco.com and see the following seemingly contradicting information:
VLAN Filtering When you monitor a trunk port as a source port, all VLANs active on the trunk are monitored by default. You can use VLAN filtering in order to limit SPAN traffic monitoring on trunk source ports to specific VLANs Then I see, under the section for the 3500 series: A monitor port cannot be a dynamic-access port or a trunk port. However, a static-access port can monitor a VLAN on a trunk, a multi-VLAN, or a dynamic-access port. The VLAN that is monitored is the one that is associated with the static-access port.
My question is, does that mean the 3548 cannot support spanning a trunk link and having all VLANs on that trunk be monitored correctly to the monitoring port? I know the 3548 is old, but it is the only thing right now I have to work with. I could put the SNORT box inline on the network, but that is another mess in itself.
Is it possible to enable an absolute value rate limit using QOS on a HP ProCurve 5406 switch for a particular IP range on a specific port? Is there a way to configure our HP 5406 with an absolute rate limit on "WAN" port for that server's IP range? I would like to limit it to only being capable of sending 1Mbps worth of traffic over the head end at once.Everything in the documentation points towards priority queues, which as far as I can tell, isn't really what I want.Baring accomplishing this goal using rate limiting is there a better way to prevent our services from accidentally saturating this connection?i thimkong about somthing like that:
class ipv4 rate-limit-port-A1
match ip 10.136.0.0/16 any
exit
policy qos port-a1-ratelimit
class servers-to-be-slowed action rate-limit kbps 1000
exit
interface A1 service-policy port-a1-ratelimit inI'm not sure about this.
Are you only able to have two sessions for port mirroring on a Cisco 4510?
View 1 Replies View RelatedI am working on two SGE 2010 stacked and in routing mode. Everything work fine but before finishing the job, I wanted to lockdown all the network device so they would not be accessible from some subnets. Problem is, I cannot bind my ACLs to any interface. I get "Cannot apply because lack of HW resources." I am running firmware 3.0.0.18, and 3.0.1 release notes don't address that issue. TCAM utilization is at 3% Routing resources shows host: 200, routes:60, ip interfaces: 50 I have tried from the cli and get the same message.
View 3 Replies View RelatedCan I create lag betwen stack unit to increase speed between units ?? stack connection is only 1Gbit on ports 24/48 if posible lag link must be in trunk mode ?
View 4 Replies View RelatedIs there any issues with accessing the browser based GUI using Windows 7 64bit on a SGE2010 switch? I took the switch home and tried on my XP 32bit machine and works fine, but no luck on any windows 7 64bit pc's. I have tried 3 different new pc's on this new switch and no luck at all.
View 2 Replies View RelatedWe have a single SGE2010 in layer 3 mode switch with a Server 2008 DHCP server.
We will be implimenting a Voip netowork where the PC's connect to the voip phone. I would like to create another vlan - 10. I have created the vlan and assigned the IP on the swtich.
Routing seems to be working. I can ping both IP addresses of the switch on either vlan.
I cannot get DHCP working. In the SGE switch I have enabled DHCP Relay, enabled option 82, set my DHCP Interface as VLan1, and specified the DHCP servers IP address. On the ports I have set the port where the DHCP server connects to as a trunk port with Vlan 1 untagged and vlan 10 tagged. I have set the ports where the phones connect as a trunk port with vlan1 untagged and vlan 10 tagged.
I have cisco 2651. It contains two FastEthernet interfaces: Fa0/0, Fa0/1.Fa0/1 has an ip address. Fa0/0 hasn't an ip address.I need to create monitor session from source Fa0/1 to destination Fa0/0. Then i want to connect my notebook to Fa0/0 to analyze some traffic from port Fa0/1
View 2 Replies View RelatedWe've have a 2 SGE2010-48 port, stacked. 4 LAGS are denifed, two on primary, whitch are working, two on slave unit are NOT working. Devices connected to LAGS are de the same and same configuration (Cisco ASA 5510).
View 3 Replies View RelatedI want to know how am i do to change the Vlan1`s IP address because the actual ip will be used in another vlan. Actually i haver 10 vlans in L3 mode (routing) implemented in it.
View 5 Replies View RelatedI have been trying, so far unsucessfully, to trigger backups to a TFTP server of our SGE201 switches. I have testesd TFTP backups via the web interface, and that does work. I need SNMP as I need a scriptable method to trgiger the backups on a regular schedule. I am running the SNMP query from a RedHat Linux server. So far I have the following query work out, but it is failing: [code] The error I am getting is generic, and the same query failed on multiple switches running Software Version 3.0.0.18. The switch is set with the community having full SNMP-admin access from the server's IP address.
View 3 Replies View RelatedI have 5 VLAN's setup in the sge2010. I have one port (uplink for the network) that I want everyone to see. But have separate VLAN's for different departments as to keep them all separate. Everytime i try and Untag that uplink port, i lose my untag in the original VLAN it was tagged in, and it changes to excluded.
View 13 Replies View RelatedWe are experiencing bridge storms and network slow downs and we believe we have traced the issue down to users plugging a cat 5/6 cable between 2 ports on the wall both wired back to a SGE2010 switch.
So we did a test - we plugged a single short cat 6 cable between 2 ports on a SGE2010, our access switch. Suprisingly, even with STP enabled, the switch DID NOT block one of the ports and in a few minutes the ENTIRE NETWORK was down, as CDP, STP, and ARP traffic became a multi-gigabit storm throughout the network.
Why on earth does this switch not block a port that is obviosly looped?
Every other cisco switch since I started on 1900XL's did this in 1999.
I am currently running two SGE2010 in stack and planning to purchase new Sg500 .I have two questions :
1. If these two different products can be managed as one stack.
2. Are the SFP (mini-GBIC) connections compatible and if so what accessories or parts do we need to enable them?
Id like to set up our AP to push our different vlans depending on which ESSID you connect to.
A few things I am unclear on. The switch port on the SGE needs to be in trunk mode I assume.
Do I marry the Management Vlan ID on the AP to the PVID on the SGE port ? Or is the PVID the untagged vlan ID ?
I set the switches port to trunk mode, it's PVID to 10 and set the management vlan ID on the AP to 10 and I get TTL Exceeded in Route when I try to ping.