I have configured SPAN in cisco 3750 switch as below mentioned. but the destination port protocol is down.
Network Diagram:
switch(config)#monitor session 1 source interface gigabitethernet1/0/1switch(config)#monitor session 1 destination interface gigabitethernet1/0/11 ingress vlan 1
[Code]....
I have CISCO catalyst with VLANs (VLAN ID 33, 36, 40-53) configured. I need to configure port mirroring in Switch 3750 for NAC (Network Access Control). I need to Monitor all the VLANs. Here is the SPAN configuration of switch: [code] Monitor session 1 source vlan 33 , 36 , 40 – 53.Monitor Session 1 destination interface fa 1/0/8 (here I am not able to set encapsulation dot1q ) because the error occurred saying %one or more dest port do not support the encapsulation%.
View 5 Replies View RelatedI'm trying to configure a mirror port on a 3750. This configuration needs to replicate data from local ports, but I need that also act as a regular access port.
With the initial configuration, SPAN port, there is no problem, all the data of the configurated ports is replicating in the configurated port. On the port configurated as mirror there is a PC connected for audio recording. When the port is not operating as SPAN there is communications without problem over the LAN. But when I configure the port as SPAN, communication is interrupted.
Here is the actual configuration:
SWITCH1-PISO7#sh monitor session 1
Session 1
---------
Type : Local Session
[Code]......
Been dealing with a strange problem for several days now. It started out with a problem that I thought was VTP related but ended up being something else. I setup a span port on a 3750 that I am connected to that was mirroring the trunk connection coming into the switch.
Never saw an VTP traffic come across the connection but doing a sh vtp status indicated the traffic was arriving and getting processed. When I found some debug commands (debug sw-lan vtp), I was also able to see the packets go between switches. Seeing this issue concerns me that there is other traffic that isnt showing up during a span session.
I know that doing a span on a switch, especially using a trunk port as a source, isnt a good idea. Since I didnt have a TAP at time, this was my only choice. I have since borrowed a NetOptics TP-CU3 tap from a good friend and was able to confirm the VTP traffic was going across the trunk connection between switches.
All of my 3750's are running 12.2.55.SE.
i have configured SPAN on cisco 4900 series switches its a Loacal SPAN . as there is only commnads to complete this activity but hard luck its not working.
View 5 Replies View RelatedI have cisco 2651 with one L3 interface ip 172.26.18.200. This Cisco is gateway from E1 PRI (PBX Aastra MX-ONE TSW) to SIP (Asterisk). This cisco 2651 connected to cisco 2950 in port Fa 0/12. Fa 0/12 is in VLAN 518 (dot1q).
On cisco 2950 i made next commands:
# monitor session 1 source interface Fa 0/12 both encap dot1q
# monitor session 1 destination interface Fa 0/9
#sho monitor session 1
[Code].....
I read quite a few documents on configuring SPAN on a cisco switch but none of them mention any limitations or any kind of CPU load it can have on a switch. I need to configure this on one of our switches and would like to know if there are any implications related to SPAN.
View 5 Replies View RelatedIs it possible to configure the span(switch port analyzer) port and restrict it to only listen to ingress and egress of TCP/1433 from the source port?
View 2 Replies View RelatedWe have purchased a new Websense 10000 Appliance and I'm not a hundred percent how to set this up. I see that URL Filtering is a possibility and WCCP, which way to move forward on implementing this?
View 4 Replies View Relatedi have linksys modem which already running for differents vlans i cerated another different vlans 10 amd 20 for 10 and 20 i need internet how should i configure internet on another core switch3750
View 0 Replies View RelatedIn 3750 switch,I have configured intervlan routing.I have three vlans Vlan 10,vlan 20,Vlan 30 and I have assigned IP address for that Vlan.In vlan 10,I have connected one systen gigabitethernet 0/1 interface.From my system I am able to ping vlan 10 ip address but I can't able to ping other vlan ip address (vlan 20,vlan 30).Is it possible to up the protocol for all that time.
View 2 Replies View RelatedWe have a few stacked 3750 switches with vtp transparent configured...some plugged in a fiber from another network into our stacked switches...that network/switch has vtp server configured...once that switch connected to our stack of switches, it turned that stack switch into vtp server...causing the previous vlans configured to erase thus causing management issues with the stacked switches..
View 4 Replies View Relatedseeking for configuration assitance on etherchannel between catalyst 3750 and 6506
View 3 Replies View RelatedOur servers are hosted at the Main site, site office A access to the Main site for Internet and servers. We are thinking NextG to take over when the link between sites goes down.
To start with, what is the configuration for 3750 at Site A and the Main site:
1) Trunking for both switches
2) Routing
3) the automatic failover configuration for the switch at Site A.
I am uploading new configurations to my Cisco 3750 stacked switch and noticed that after the load I cannot log back into the switch because my password somehow was changed. After performing password recovery and getting back into the swtch, I noticed the configuration register was 0xF. I have never seen this before. The config-register command does not seem to be supported to change it back to factory default. The switch is on a ship which has several power hits when they switch power from shore to ship power.Can this cause the configuration register to change? What is the best way to change the configuration register?
View 1 Replies View RelatedI'm fairly new at trying to create isolated network segments on Cisco switches. What I'm trying to do is have multiple isolated paths that originate from my v Sphere infrastructure travel through a layer 2 link, v LAN, up to a MLS, and ultimately out to to the internet through a firewall. Each sub net might ultimately have a number of hosts on it, but I don't think the make up of those hosts will matter here.
My initial thought was creating v LAN tagged port groups on v Switches on my v Sphere infrastructure. Physical connections will go from my ESXi hosts to the 2900 series Cisco switch connected to trunk ports. Both v LANs would be configured on the switch but not assigned to physical ports. The physical connection to the 3750 would also be a trunk port connection from the 2960. The 3750 would have SVI's created that are attached to VRFs that would control route traffic. This might be totally wrong but from what i've read it seems to be going down the correct path I think.
Two part question, is this the best way to go about designing this network? If so I seem to be really struggling with the SVI/VRF part. Every time I create an SVI all of my hosts on the 10.10.10.x network can ping them, regardless of which v LAN they're on.
I just cannot seem to isolate the 172 network.
I am building a new network and intended on using the min-link feature on my port-channels between a 3750-X series switch and Nexus 4k.
However reading further into this it seems this feature is only supported on higher end models. I cannot find any reference to the min-links feature in the 3750-X configuration guide. Is this an available feature?
The 3750-X model is WS-C3750X-24T-L running IOS 12.2(55)SE3 IP Services
My thoughts is that the is only an LACP supported feature so I may not see the command until I have entered an LACP specific command on the port-channel but unfortunately I do not have a 3750X to verify this on at present.
I have one server which run some application for wireless user. this server forward multicast packet to wireless user. server and wlc physically connect to cisco 3750 switch.i want the server forward the multicast packet to wireless users.server access vlan 4.wlc controller have 2 vlan: 90 and 110.and wireless user some of vlan 90 and some of vlan 110.i enable igmp snooping on wireless controller. and enable globally command but it is not working.which additional configuration i need on cisco switch.
Switch(config)# ip igmp snooping
I have stack of 2 switches 3750?I config etherchannel between them.
here is result
2 Po2(SD) LACP Fa1/0/15(I) Fa2/0/15(I)
Both ports are up up but standalone Int port channel 2 is down down.Need to know if this is default behaviour when we config etherchannel between stack switches?
I have a 2911 router connected to a 3750 switch. I have configured vlan interfaces on the 2911 router:I am using the vlan 89 (89.2) as the management ip address for me to remotely get to the switch. Is this a proper configuration or could this cause issues in the future.
View 4 Replies View Relatedboot system switch all flash:c3750-ipservicesk9-mz.122-55.SE1/c3750-ipservicesk9-mz.122-55.SE1.bin;flash:c3750-ipservices-mz.122-25.SEE2/c3750-ipservices-mz.122-25.SEE2.bin We have two stack of 3750 switches. When I enter above command getting below mentioned error, two images are showing switch 1, but one image only showing in switch 2, i.e 1st image in show boot command.
%Command to set boot system switch all flash:c3750-ipservicesk9-mz.122-55.SE1/c3750-ipservicesk9-mz.122-55.SE1.bin;flash:c3750-ipservices-mz.122-25.SEE2/c3750-ipservices-mz.122-25.SEE2.bin on switch=2 failed
How do I create static smartport macro on Catalyst 2960 & 3750 equivalent to below static smartport macro:
macro name NOT_USED
description UNUSED_PORT
switchport
switchport mode access
switchport access vlan 100
shut
@
I am able to create above smartport macro on Catalyst 3760 & 6500, but not on 2960 & 3750 (see below):switch(config)#macro ? auto Macro autoexecution settings global Enter global macro configuration
Since Avaya phones do not run CDP, how does the phone know which DHCP pool to pull from to get its IP address if the PC is connected to the phone.
Let's say I have a interface config like this
interface gigabitethernet1/0/1
cisco3750(config-if)#switchport mode trunk
cisco3750(config-if)#switchport access vlan 126
[code]....
And two DHCP scopes configured on the switch. What keeps the phone from pulling from the wrong scope?
I'm trying to configure scp for secure configuration backup. I've configured the SCP server with an account and password but, I keep getting the no such file or directory error
AP-C2R1C5-3750#sh run | b arch archive path scp://mchenry:PASSWORD@172.20.22.229//C:/Program_Files/OpenSSH/Cisco_Configs/Switch_Config
username mchenry privilege 15 password 7 XXXXXXXXXXXXXXXXXXXXX
ip scp server enable
Error: %scp: /C:/Program_Files/OpenSSH/Cisco_Configs/Switch_ConfigSep-17-16-04-44.172-1: No such file or di
SWITCH#ping 172.20.22.229 Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.20.22.229, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 33/33/34 ms
3750 switch connects to Blade-switch_1 and Blade-switch_2 Spanning-tree mode is configured as rapid-pvst on 3750 switch, do I need to configure rapid-pvst on both blade-switches or keep the default pvst config.3750 is running VTP domain HQ and transparent mode Both Blade_switches are running VTP domain CLI and transparent mode To configure Etherchannel between 3750 and blade-switch_1 do I need to have all devices in same vtp domain?
View 16 Replies View RelatedI am hoping you can provide me with some opinions, feedback, thoughts on the following. We have some Cisco 6509 switches in our environment currently hitting around 60% usage on the Router overall statistics.
Now we are looking at implementing an intrusion detection system but by being as least invasive as possible to the network. Our thoughts are to utilize a SPAN port on the switches to send traffic to the NIDS device but we have concerns of the following. The limitations of SPAN sessions on 6509's . The overhead on the switch of turning a SPAN session on and leaving it on permanently.
I am trying to configure RSPAN for one of my client. They have Server-Client VTP architecture. Voice Recording Server is connected to C4507. Agents are connected to C2960 and C3750. I got 2 sessions configured and the connectivity is a as follows:
1. Voice Recording Server-----C4507-----C2960-----C2960-----Agent IP Phones (Session 1)
2. Voice Recording Server-----C4507-----C3750-----Agent IP Phones (Session 2)
Recording works with Session-2 but not with Session-1. I understand the problem could be due to multiple reasons: 1.1. C2960 is working in client VTP mode so i cannot add remote span command under the vlan configuration. 1.2. C2960 has LANLITE IOS image which i am not sure if it supports Remote Span.
I currently have IOS image cat4500e-entservices-mz.122-53.SG5.bin. According to my research it appears SPAN is supported on this OS. However, after looking at procedure notes using websites like here:
[url]... I cannot find and obviously not figure out how to use the SPAN command. My main objective is to simply setup a port mirror on one of my TenGigabitEthnet interfaces and from what I read SPAN is the best way to setup a tap interface on a cisco switch.
I have a Cisco 881 router running 15.1(4)M4. I am trying to configure SPAN on it to mirror my outside interface (source) to one of my LAN interfaces (dest).
!--- WAN interface
interface FastEthernet4
description Comcast WAN$ETH-WAN$
[Code]......
As you can see from the above output there is a problem with the command on this interface. When I try to set Fa0 as my source it works fine:
rtr(config)#mon session 1 source int fastEthernet 0
rtr(config)#
Is this because fa4 is layer 3 and fa0 is a switchport? If so, is there another way to set fa4 as the source?
I have a need to capture some traffic but my core 6513's are already using the limit of 2 span sessions. I can't edit any of the sessions either because I want to source traffic from vlans and you can only do one or the other. Is using a VACL with 'switchport capture' on the destination interface an option ? E.g. I want to source traffic from vlan 10,20,30,40 and send the all to interface Gi10/10 ? Is there any caveats ? I dont need to be too granular with the ACL's but just capture all traffic in those vlans.
View 2 Replies View Relatedi will be creating combination of SPAN and RSPAN on catalyst 6506 according to the link
[URL]
im planning to implement this on two 6506 switches will this work? or do i violate the number of monitor session? sorce span?
sw1
monitor session 1 source interface Fa5/18monitor session 1 destination interface Fa5/48
monitor session 2 source interface Fa6/34monitor session 2 destination interface
[Code].....
I've learned recently that the Nexus 7000 only allows the configuration of a maximum of 2 Monitor sessions for spanning traffic. I only have one monitor session left and I need to do the following. 2 Core Nexus 7000 boxes with 2 different traffic probes/sniffers to each nexus( eg Sniffer 1 connects to Switch A on interface eth 1 and to Switch B on eth 1 ; Sniffer 2 connects to Switch A on eth 2 and to Switch B on eth 2.) My plan was to setup a standard session with multiple sources and destinations then on the interfaces connecting to the sniffers run a trunk and do 'sw trunk allowed xxxxx' and filter what I need to go to each sniffer box. However I've recently found out that some of my source traffic is coming from Port-Channel interfaces. Is there a way I can get around this and still do the filtering within only 1 monitor session ?
View 1 Replies View RelatedI am in the early planning stages for a 6509 to Nexus 7K migration. Based on my experience with the 7K's at a previous company where we ran into a lot of issues, I am trying to be very careful.
I am more at home with the 6500 chassis and know what I can do with them. I remember running into a limitation on the Nexus that involved their not supporting span sessions like the 6500's do. Is that still the case ?
If that isnt an option in the short term, I will need to look at a substantial investment in ethernet tap's to replace the lost span functionality because the security group's heavy use of span sessions.
