I have created a mirror to copy all packets from Interface gi1 to interface gi28. I don't see any port 80 traffic, or 443 or any revelant traffic. I see mostly broadcast from other devices. I have a security device that is logging all the copied packets from my firewall for malware/IPS, etc inspection.Right now I have it monitoring vlan 1 in the hope that it would resolve this issue but I see no change.
View 1 Replies
I want to configure port mirroring on SG300 swtich, port monitoring status is "Not Ready" , and i can not monitor the source interface!
View 1 Replies View RelatedI'm troubleshooting a LAN issue I have, and I wanted to hook up wireshark to record traffic over the course of a couple of hours for later diagnostics. I went into the web administration interface, clicked Administration > Diagnostics > Port and VLAN Mirroring, and added a port mirror from the port I wanted to watch to a port to which I had connected a laptop. I picked the Tx and Rx options, and clicked Apply.I did receive lots of traffic in wireshark, but I noticed immediately that the server on the port I had mirrored was suddenly unavailable on the network -- pings timed out. This lasted until I removed the mirror, then the server was suddenly reachable once again.Does this feature not work the way I had thought it does? What I saw looked more like a forward than what I would call a mirror. The documentation leads me to believe mirroring is intended to be used in just the way I was attempting to use it.
View 1 Replies View Relatedi was able to configure (via SF200 web interface) a port mirroring from port FE17 to FE7.i have supressed this port mirroring.when i try to reconfigure a port mirroring from port FE17 to FE3. The SF200 web interface crash. the SF200 seems to reboot.
i have updated the SF200 firmware from V1.1.2.0 to V1.1.2.9.44 when i was able to configure (via SF200 web interface) a port mirroring from port FE17 to FE7.But after having suppressed this port mirroring again, i was not able to reconfigure a new port mirroring from port FE1 to FE3 (the SF200 hangs).
i have also tried to return to default factory setting but this does not solve the issue.i am working on SF200-24P
I have a Cisco Catalyst 3750X switch, and I have configured port mirroring on it. Traffic from 12 of the 1G ports will be mirrored to both 10G ports, and I have connected both 10G ports to a server that captures the traffic.
Currently, I have one of the 12 1G ports connected to another server that replays a pcap file once at maximum speed (i.e. option -t in tcpreplay). I thought that this setup means I should get twice the number of packets (and rate) from the two 10G ports. However, I noticed that although the original pcap file contains 4288 packets, the number of packets from the two 10G ports varies between 31000 to 34000 packets, which is about 7 to 8 times the original number of packets. Why am I getting more than twice the amount of traffic, and why does the output vary?
I have been told there is a limit (8) on the number of source ports that can be mirrored to a given destination port. I can find no specifications or other documentation to corroborate this claim. Any factual data to confirm or refute this claim?
View 7 Replies View RelatedRecently our company purchased 3 Lynksys SGE2010p, At the moment they work as a stack but as we are implementing UCCX we need to mirror 15 ports but during the provisioning i've noticed that the limit is 8 ports per stack. I'm wondering whether this is a known issue or just a known limitation . I believe that most probably i'll need to move back to stand alone mode so i could configure 8 mirrored ports per switch.
View 2 Replies View RelatedIf switches on a network doesn't support remote port mirroring and only local port mirroring, What are the options to still capture all the traffic from all switches on 1 single core switch?
View 1 Replies View RelatedDoes the ESW 520 24P Support Mirroring 20 Ports Traffic to 1 Destination Port?
View 3 Replies View RelatedI'm administrator of small network. I wish to replace my old switches by new SG300-10 and SG300-16 managed switches. I have big trouble in my network because everyone can assign IP his neighbour (or any IP) to his network card. I have policy that IP is 172.16.1.X with x is home number. Could I do that IP based ACL assigned to port where is cable from home example 29, permit only IP 172.16.1.29 (mas 255.255.254.0) (from specified port only permit packets with specified source IP (LAN user IP) other (if user set not his IP) is denied) ?
I want know that before buying equipment. How to configure that ?
I think IPv4 Based ACE, action: permit, source IP: 172.16.1.x (nr of home), widcard 0.0.0.0, destination: any, protocol: any, source port: any ?
and in ACL Binding, I have to bound this ACL to port where user whose IP is in ALC is connected?
I have a Cisco SG300-20. I have read the documentation and cannot seem to locate the instructions for port forwarding. I need to forward TCP port 8088 to IP address 192.168.14.110 on the switch.
View 5 Replies View RelatedThe switch has been set to Level 3 Routing. Port 27 has been in use as a Fiber Transceiver with no problems for several weeks. This week I tried connecting a second Fiber Transceiver to Port 28, and it would not work.
Swapped the physical GBIC modules in the ports, and the situation remained exactly the same: Port 27 works, Port 28 would not work.
Connected to the copper-part of the combo Port 28, it immediately connected and worked fine.
Connected an external Fiber Transceiver Box in place of the GBIC in Port 28, and it immediately connected and worked fine.
Swapped the new Fiber jumper (Port 28) with the existing Fiber jumper (Port 27), and the new connection came up immediately and worked fine. The existing connection would not work when connected to Port 28.
By "not working", I am not able to ping across the connection. The link light comes on and blinks. The transmit/receive statistics show as if data is processing on this switch, but on the other side of the Port 28 connection, the switch shows Transmit traffic, but no Recieve traffic.
today i got a sg 300-10mp PoE managed switch.
I plug the network cable and set an IP to GUI to the default IP (192.168.1.254)the problem is the port doesn't show light when connect to notebook. How am i supposed to enter GUI.
why the port is like in shutdown state and not enable? do i need to do anything via console??
Any snmpset commands to modify port vlan membership on SG300-28 switches? I checked [URL] however this information is apparently only valid for catalysts.
The latest firmware is installed and the provided MIB files are used.
I recently bough for a home lab a sg300-10 switch. I have enabled layer 3 routing on it and have come across a puzzling issue. The switch is the default gw on this network, and in front of the switch there is a cable modem (ip route 0.0.0.0 0.0.0.0 192.168.0.7).
This is my config:
config-file-header
switch5ed948
v1.2.7.76 / R750_NIK_1_2_584_002
[Code].....
I have configured a Microsoft Server 2008 R2 with Radius Server and connect it with a Cisco SG300 Switch.
If a new device connect to the switch it goes automatically to the guestnet. If a device with the correct certificate and a valid useraccount connect to the switch, the deivce goes in to the local company network.
Now my problem: If I connect a device which is in the domain and which have installed the correct certificate and want to login with a new domain user (which is not cached in windows) I can not login.
The following message appears: "There are Currently no Logon Servers Available"
I think the problem is that the authentication process only starts after a user have succsess logged in in windows.
Now I search for a solution which allows me to conntact the Logon Server for Domain Login before the User has logged in.
I want to know if the SG300-28P can support 24 ports with 15,4w per port at the same time.
View 3 Replies View RelatedI've got an SG300-10 connected back to back (trunked) with a Cisco 3560X switch, across a fibre link and am seeing some big inconsistencies in terms of unicast data transferred across the ports between them.
During a night time window of 4am - 6am I run backups which involves a large copy of files, that almost saturates a GigE link - we can see from the 3560X end that the link is running at a bit over 800MBit/sec of throughput, sustained. The duration of this transfer is consistent with the size of the files being transferred (ie just over an hour, and is what I'd expect for a data transfer of about that amount). Back-of-the-envelope calculations indicate that the 3560X is measuring this data throughput correctly.
However on the SG300 end of the link, which is also being polled by the same application (Cacti), I'm observing spikey counts of only around 20MBit/sec during that window. These counters are very obviously incorrect - there's a huge amount more data moving across the port than that. The incorrect calculations are showing on both the trunk port out of the SG300 (uplink) as well as the interface where the NAS is connected in (which is an access port).
Cacti is polling the OID: .1.3.6.1.2.1.2.2.1.16.57 which translates to IF-MIB::ifOutOctets.57 = Counter32.I'm running version 1.3.0.62 but this problem is not new to this release - previous releases and 1.2 based releases also had this problem.
It looks like multicast traffic may be being counted correctly (that's only a suspicion though), however what I am certain of is that there is a very large discrepancy with the unicast traffic counts.Is this OID the correct one to be using for this switch?
is ASR 1006 supported span port or port mirroring? Any config about that?
View 2 Replies View RelatedI have my network with severals SG300 switches.I have one of them like my core switch working in layer 3 mode. With 2 vlans and vlan interfaces to each vlan.Everything is working ok.But now i have to connect one 3com unmanage switch that have host from vlan 1 and 2. How should i connect this switch to my Cisco sg300 switch?
[code]...
I have looked up the command sequence for port mirroring and it seems pretty straight forward however in my case the command will not execute.
I have a 851W with 12.4T
If I do: #monitor session 1 source interface fa 4 (wan port)
i get the response invalid input detected however if I do the same command for fa 1, fa ,2 and fa 3 they work
Using the ? shows the valid entries are [0-4] for fastethernet
I just want to monitor WAN traffic with WireShark, particularly DDNS requests, with a spare PC connected to a free lan port.
I would use a hub on the Wan connection but unfortunately I do not have one at the moment.
These are our first switches and seems like GUI is lot different than the online. Out intervlan routing is o not working. I am absolutely sure that I setup the switch in L3 mode since it allows me to create mutiple interfaces. I am hoping that this GUI issue is related to interVLAN routing.
Below is the blog I started for InterVlan issue [URL]
This is the link for online simulator and what I see in its IP tab. I know this switch is not SG300. [URL]
This is what I see on our switch.
Our switch version
switchd64684#show version
SW version 1.1.0.73 ( date 19-Jun-2011 time 18:10:49 )
Boot version 1.0.0.4 ( date 08-Apr-2010 time 16:37:57 )
HW version V01
1) I have a Cisco SG300-28P. I plan to add a SG300-52. Would it be possible to manage the new switch through the SG300-28P web browser ?
2) There are 2 fans in the POE model SG300-28P. How many fans are they in the non POE switch SG300-52 ?
I'm trying to setup port mirroring on a Cisco ASA 5510, but when I try to use the switchport monitor command, that command is not recognized.I've selected what interface I want to configure (conf-if), but the switchport command seems to not be part of the IOS.I'm running ASA version 8.2(1)
View 9 Replies View RelatedI've just installed 2 of these in my workplace on a PLC network.I'm now looking to set one of the ports up as my diagnostic port and would like to be able to mirror any of the other ports to this port.I believe it is called SPAN on Cisco switches.The only reference I can find to it is configuring via Telnet which I haven't got a clue about.On my old Wiedmuller switches it was just a few clicks away.
View 3 Replies View RelatedDoes it have this switch some port mirroring capability (SPAN or other)?
View 2 Replies View RelatedCan I connect a single Cat5e cable between two SG300-28 and link them? If so what must I configure?
View 1 Replies View RelatedI have SG300-28P that I am using as layer-3 switch. Recently I ran in to SG300-52 switch and even though loading same firmware doesn't give me option to do layer-3 switching. For SG-300 I see options in GUI to create vlan interfaces under IP information section, while SG300-52 has IP information option only under the management section.let me know if these are 2 different hardware types and L3 is not possible on SG300-52. If its possible to enable L3 switching on SG300-52?
View 2 Replies View RelatedI am trying to configure a SNORT IDS system running on a physical machine using Linux as the base OS. I have a small lab network setup with 3 VLANs, a 3548 switch and a 2611 router acting as the router on a stick/inter-vlan router. My goal is to setup SNORT as a host-based IDS system. To do that I know I need to use the "port monitor" command on the switch and I have tested this and it works fine only when the snort system and the traffic I want to monitor reside on the same VLAN.My problem is I want to be able to monitor a trunk link betwee the switch and router to see traffic coming from my 3 VLANs which contain servers. My goal is to run attacks on the servers to test SNORT's effectiveness.
Relevant information from my configuration: interface fa 0/1 on switch is the trunk like carry 3 vlans to the router On the switch:
int fa 0/1
switchport mode trunk
int fa 0/5
port monitor fa 0/1
switchport mode access
The switch will not allow me to configure fa 0/5 as a trunk, only can be an access port.So right now, SNORT does not see any traffic other than traffic from my router to the switch. I assume because this is going over the native VLAN (1 in this case) and that is the same VLAN that SNORT box resides on on interface fa 0/5. So I know the span is working to an extent, but traffic from my other VLANs (server to server traffic) does not show on SNORT at all.I have done some research on Cisco.com and see the following seemingly contradicting information:
VLAN Filtering When you monitor a trunk port as a source port, all VLANs active on the trunk are monitored by default. You can use VLAN filtering in order to limit SPAN traffic monitoring on trunk source ports to specific VLANs Then I see, under the section for the 3500 series: A monitor port cannot be a dynamic-access port or a trunk port. However, a static-access port can monitor a VLAN on a trunk, a multi-VLAN, or a dynamic-access port. The VLAN that is monitored is the one that is associated with the static-access port.
My question is, does that mean the 3548 cannot support spanning a trunk link and having all VLANs on that trunk be monitored correctly to the monitoring port? I know the 3548 is old, but it is the only thing right now I have to work with. I could put the SNORT box inline on the network, but that is another mess in itself.
Are you only able to have two sessions for port mirroring on a Cisco 4510?
View 1 Replies View RelatedI have cisco 2651. It contains two FastEthernet interfaces: Fa0/0, Fa0/1.Fa0/1 has an ip address. Fa0/0 hasn't an ip address.I need to create monitor session from source Fa0/1 to destination Fa0/0. Then i want to connect my notebook to Fa0/0 to analyze some traffic from port Fa0/1
View 2 Replies View RelatedI'm replacing 2 3COM 4500 Swithes with the SG300-52 Cisco switch. We have 3 VLANs, 10, 20, 100. The switch is set for Layer 3 and I have setup DHCP relay. what settings i should set on the Cisco for the following setups:
3COM Setup
#
interface GigabitEthernet1/0/1
[Code].....
We have several of the SG300 Serices switches. We use them to route VLAN traffic to Remote Offices, Internet Connections, and WiFi Access Points.In one remote office we have a SG300-10 setup to route the HQ Network and the remote Office Subnet. The SG300 is Connected to HQ via Fiber and has multiple Tagged VLANs on it. If I do speed tests over the Fiber Link on the Incoming Tagged Netwotk I get Decent performance, 80Mbs. If I switch to a networtk that is not priginating from HQ, and have the SG300-10 route packet, I get dismal performance. 15-20Mbs.
I Fireded up a New SG300-28P FW v1.2.7.76. Added a the HQ VLAN 101 and new VLAN 1025 . Mapped some Tagged and untagged ports for each. Switch was connected to HQ Network as untagged VLAN 101. I put a laptop on an Untagged VLAN 101 port. Ran some tests, cam back with 750-850Mbs. Great. Put the same laptop on a Tagged 101 Port, Configured the NIC for Tagged VLAN 101, Same test, same Speeds, 750-850Mbs.I then Configured laptop for Tagged VLAN 1025. Connected to tagged VLAN 1025 port. Ran speed tests, resuts were 15-20Mbs!
I then Configured laptop for Untagged VLAN 1025. Connected to unagged VLAN 1025 port. Ran speed tests, resuts were 15-20Mbs!It was only the Laptop and the Connection to the HQ net on the SG300-28P. Why is the performance of this unit soooooo poor when it needs to route?Other Switches have FW v1.0.0.27 or FW v1.1.2.0. They have Similar speed issues. All Configured for Layer 3.
