Cisco Switching/Routing :: 6513 Monitor Session Source Vlan And Lost Packets At Destination

Feb 20, 2012

We have 2 6513 switches with SUP720/PFC3A and various POE modules and a 6748-GE-TX  facing our servers.  Additionally, we have a 4Gbps portchannel trunk interconnecting the switches.    We have approximately 300 Nortel IP 1140e phones in use between the two switches.For the purpose of call recording, we've attempted to mirror the voice vlan using various approaches and have been met with limited success.  We mirrored the VLAN using tx, rx, and both.  When using both we appear to get duplicate packets at the destination interface.We seem to lose packets completely going in one direction or another for a given call. Packets are lost before they get to the destination interface?

View 2 Replies


ADVERTISEMENT

Cisco Switching/Routing :: Monitor Traffic Between Multiple Source To Destination Ports On Nexus 7k?

Nov 5, 2012

i would like to monitor traffic between multiple source ports to multiple destination ports on a nexus 7k. i lknow when you set up monitor session is between source and destination (laptop or traffic analyser) but is there a way i can set up between source and multiple destination ports and capture that traffic ?

View 3 Replies View Related

Cisco Switching/Routing :: Port Mirroring 2651 To Create Monitor Session From Source

May 20, 2013

I have cisco 2651. It contains two FastEthernet interfaces: Fa0/0, Fa0/1.Fa0/1 has an ip address. Fa0/0 hasn't an ip address.I need to create monitor session from source Fa0/1 to destination Fa0/0. Then i want to connect my notebook to Fa0/0 to analyze some traffic from port Fa0/1

View 2 Replies View Related

Cisco Switching/Routing :: 3750 - Tagging Traffic By IP Source And Destination?

Dec 2, 2012

I want to know if there is way to tag traffic with DCSP tags without having to do all the other requirments of QOS setup.  All i want to do is just tag traffic at different DCSP values via source and destination IPs.  We do not have a need to be priortizing traffic on out internal switches.  We just want to tag the traffic so our MPLS provider can distinguish the different types of traffic.
 
Our environments is primarily 3750s in all offices.

View 6 Replies View Related

Cisco Switching/Routing :: Nexus 5010 - Capture From Source To Destination Port On Same Switch

May 19, 2013

Basically I am trying to use Wireshark to do a packet capture on a Nexus 5010. I want to do a monitor session on on the switch so I can capture from a source port to a destination port on the same switch. I can configure the source port but when I go to configure the destination port I get "ERROR: Eth102/1/4: Configuration not allowed on fex interface". I have tried to reconfigure this port as a switchport but "switchport mode access" command does not take. I don't want to make any changes to any other ports but this one.

View 1 Replies View Related

Cisco Switching/Routing :: ERSPAN Source On Nexus 5548 And Destination On Catalyst 6500

Aug 9, 2012

I'm trying to get ERSPAN working with an ERSPAN source on a Nexus 5548 and the ERSPAN destination on a Catalyst 6500.
 
The configuration on the Nexus is as follows:
 
[...]
interface loopback0
ip address 192.168.2.133/32

[Code].....
 
If I do a netdr capture I can see ERSPAN traffic sourced from the Nexus reaching the C6500, but there doesn't appear to be anything sent out the ERSPAN destination inerface (Gi4/6) and there's nothing being received by the probe connected to that interface. I know the traffic seen with netdr is definitely the ERSPAN traffic sourced from the Nexus as I've changed the TTL and DSCP values within the monitor session on the Nexus and can see those changes reflected on the C6500 netdr capture. The attached is a screen grab of the show netdr capture started with debug netdr capture soure-ip-address 192.168.2.133.
 
When I look at the interface I see it shown as up/down (monitoring), but no output or counters clocking up. If I run a local SPAN session on the C6500 it works fine.
 
I've tried changing the destination IP address from that assigned to the C6500 Loopback interface to an IP address assigned to a physical interface, but that still doens't work.
 
The hardware in the C6500 is WS-SUP720-BASE Hw version 3.2 with WS-F6K-PFC3B Hw version 2.4. The IOS version is 12.2(33)SXI6.

View 2 Replies View Related

Cisco Switching/Routing :: 6513 Span Session Limit?

Jul 12, 2012

I have a need to capture some traffic but my core 6513's are already using the limit of 2 span sessions. I can't edit any of the sessions either because I want to source traffic from vlans and you can only do one or the other. Is using a VACL with 'switchport capture' on the destination interface an option ? E.g. I want to source traffic from vlan 10,20,30,40 and send the all to interface Gi10/10 ? Is there any caveats ? I dont need to be too granular with the ACL's but just capture all traffic in those vlans.

View 2 Replies View Related

Cisco Switching/Routing :: SG300 - Session Starts With Two SYN ACK Packets?

Apr 20, 2012

I am having trouble with my Cisco SG300 switch big time. I have two servers with IP addresses 10.17.0.11 and 10.17.0.29 sitting on the same switch which is a Cisco SG300. I initiate a file transfer from 10.17.0.11 to 10.17.0.29. I could see lots of Dup Acks and retransmissions which means something is wrong in the connection. Further, I could see the session initiation a bit bizarre. I could see two SYN packets sent from 10.17.0.11 to 10.17.0.29 and also two SYN ACK packets returned by 10.17.0.29. The switch forms part of a network but since both the servers are sitting on the same switch I suppose the rest of the network doesn't come into play when one server talks to the other.
 
See also the number of Dup Acks and retransmissions. The two switch ports connecting the servers have speed and duplex set to auto negotiate, flow control is enabled. What could cause this sort of problem?Could it be any setting on the switch or the servers' NICs?Or could it be a bad switch that causes this?

View 4 Replies View Related

Cisco Switching/Routing :: Set Up A Monitor Session With 3750 Stack

Aug 20, 2012

i have just set up a monitor session with a 3750 stack .Simple enough task you would think.But i only seem to be seeing broadcast packets !!Now there is definitely unicast traffic being used on the host i am monitoring.I have done the basic commands

-monitor session 1 dest int fas 5/0/24

-monitor session 1 src int fas 5/0/34

View 1 Replies View Related

Cisco Switching/Routing :: Unable To Clear Monitor Session From 6500

Mar 6, 2013

I tried to clear monitor session on 6500 and keep on getting the following error:
 
 %Another session parameters or permit-list is being configured %Please wait for another configuration to complete.
 
how i can go about clearing the monitor session.

View 9 Replies View Related

Cisco Switching/Routing :: Couldn't Clear Monitor Session From 6500

Nov 21, 2011

I tried to clear monitor session on 6500 and keep on getting the following error:
  
%Another session parameters or permit-list is being configured %Please wait for another configuration to complete.
 
how i can go about clearing the monitor session.

View 1 Replies View Related

Cisco Switching/Routing :: How Many VLANs Can Span In Monitor Session On Nexus 7K

Mar 3, 2013

rsbd7k01-p-vdca(config)# monitor session 2
rsbd7k01-p-vdca(config-monitor)# source vlan ?
<1-3967> 
rsbd7k01-p-vdca(config-monitor)# source vlan 1 - 3967
ERROR: vlan 33-3967: Number of source vlans exceeds maximum
rsbd7k01-p-vdca(config-monitor)#

View 3 Replies View Related

Cisco Switching/Routing :: Lost Port Channel Between 6513

Feb 24, 2012

We have 2 6513's that are linked via 2 10 gig interfaces, using an LACP channel.I received an alert this aft stating that the far 6513 was unreachable and the port channel int PO3 had gone down, the 2 10 gig interfaces had also gone down on either side. 5 mins later PO3 had resestablished itself and has been fine since. [code]

View 4 Replies View Related

Cisco Switching/Routing :: Monitor Session In 4948 Don't Show Input Traffic

Jan 9, 2012

I have a switch 4948, with version 12.2.31.sga4 ( I dont found bug about monitor session)  and we try to made port mirroring with a monitor session from a VLAN and port belong at this VLAN have traffic input and output, but in the destination port, I always see it output traffic..
 
Global command 
Red-127#sh run | in moni
monitor session 1 source vlan 1127

[Code].....

View 3 Replies View Related

Cisco Switching/Routing :: CAT6500 / Duplicate Multicast Packets On A Span Session Port?

Apr 17, 2013

If I monitor a trunkport on the rootbridge in both directions  I get Duplicate Multicast Packets on the perticular VLAN.   The first guess is, that this is worked as designed and not a IOS Bug (Platform CAT6500 SUP720 IOS 12.2(33)SXI9 ) Until know I only found an old Cisco press link from 2002 with this subject.

View 2 Replies View Related

Cisco Switching/Routing :: Monitor Session Local SPAN Small Output With 7606

Aug 22, 2012

I am having difficulties with getting SPAN traffic over my WS-X6704-10GE (CFC).
 
CISCO7606
ios 12.2(33)SRE6, SUP720-3BXL
 
Trying to use the span feature, put the commands listed below in and they entered successfully, but the port is not being mirrored.
 
interface TenGigabitEthernet1/1
description PUBLIC
dampening
mtu 9216
ip address x.x.x.x x.x.x.x
 [Code]....

View 1 Replies View Related

Cisco Switching/Routing :: C3750 - Packets Lost

Nov 21, 2011

I have a stack of 2 C3750-switches (WS-C3750G-24TS-1U) with IPBASE-firmware (12.2(52)SE). 
 
When I ping to a machine (in this case a virtual one), the replies are always received on the port where the machine is connected, but on the port-channel connecting to the stack of the 'pinging device' the reply comes only for certain initiators, and not for all.
 
Setting:
Gi1/0/6: Device/Server I want to connect too ; defined as access port
Gi1/0/25 + Gi2/0/25, as Port-Channel 1: The location of the devices I connect (read as: the uplink to the stack of the PC's), defined for Dot1Q-trunking
 
Monitoring setup: Source ports: Both: Gi 1/0/6, Po1 (or Po1 replaced by both interfaces)
 
For the machines which can ping the server I see 2 echo (ping) requests, followed by 2 echo (ping) replies ... So once seen on the Po1, and once seen on the interface Gi1/0/6.

However for other machines, the 2nd reply is missing ; which must be caused by the dropping of these packets in the switch.  At least, I my opinion this must be the reason... But I can't see any (change of) output drops at int Po1, nor at Gi1/0/6.  The CPU doesn't seem to have high usage, and even then, I don't think the error would be constant, as it's always failing for some PC's, and never for others... (at least for a certain time, a few hours it can be constant, the problem dissapears from time to time).

View 1 Replies View Related

Cisco Switching/Routing :: 4900 Capturing VLAN Traffic And Set Destination To GE Ports

Jan 24, 2012

At present we are having a 4900 series switch where we are running one monitor session.Additionaly we are in need of capturing VLAN traffic and set the destination to 2 * GE ports , both are in the same switch.Due to the limitation of two monitor sessions per switch , we thought of putting the destination ports as port channel but it looks like it is not supported.

View 1 Replies View Related

Cisco Switching/Routing :: 6513 To 3750 Vlan Trunk Connectivity

Nov 8, 2011

Currently we have a 6513 core (running IOS and doing limited routing) with VLAN Trunking to about a dozen 3560 edge switches, with various VLANs going to each of the edge switches.  All works well.  We are downsizing and replacing the 6513 core with a 3750G stack.  We have the stack up and running in the lab, and want to slowly (as we move floors) migrate all of the edge switching to the 3750 stack. 
 
The plan is to connect the 3750 stack to the 6513, then slowly migrate the edge switches to the stack (from the 6513).  I would like to put in place 4 x 1GB trunk links between the 6513 and the 3750 stack before I start moving edge switches to ensure adequate bandwidth.  Once all of the edge switches are on the new 3750 stack, I will start to decommission the 6513.
 
What is the best way to configure the links between the cores (old 6513 and new 3750 stack)?  I can easily get the edge switches configured to the 3750, but am worried about the core links.  I really want to avoid having to perform an all-at-once cutover of the cores.  Another question is when do I try and migrate the VTP server role from the 6513 to the 3750 stack?  I could simply make everything transparent, and ditch server-based VTP, as we rarely change or creat VLANs.

View 3 Replies View Related

Cisco Switching/Routing :: SG-300 52 Native VLAN Blocking Network Packets

Jun 15, 2013

SG-300 52 native VLAN blocking network packets

View 3 Replies View Related

Cisco Switching/Routing :: C6509 Loss Of Packets ICMP Sent By Different Hosts In Different VLAN

Oct 17, 2012

I've a big problem with a loss of packets ICMP sent by different hosts in differents VLAN. Here my architecture:
 
Core Switch : 2 Switch's C6509 (Version 15.0 (1) SY1)- Mode VSS - One lien VSL , the other link is defective.Access Switch: C3750 , Connected to Core Switch through 2 fibre optique wires.Topology: redundant ring
 
When I send consecutive ping message I  found always a missing of packets . Furthermore When I insert the  "show ip traffic" command., the parameter "bad hop count" increase after a loss of packets. I've 2 hosts connected in my network and they send packets with TTL =127.
 
In the Core Switch I haven't configured the MEC because it gave me troubles with the packets multicast.

View 1 Replies View Related

Cisco Switching/Routing :: 6513-E / 6513 And WS-X6748-GE-TX Compatibility

Oct 29, 2012

we have a chassis 6513-E and a module WS-X6748-GE-TX, I'd like to know if could I put this module in any slot, since the documentation from Cisco says that any slot from a chassis 6500-E Series can support this module. And then in the documentation of WS-X6748-GE-TX says that this module is not compatible in the slots 1-8 of the 6513 chassis, only from 9th to 13th slots, in those slots from the 6513-E we already have 4x WS-X6748-GE-TX, and we'd like to know if could we put the module in the rest of the slots. The 6513, and 6513-E is kind of confusing.

View 4 Replies View Related

Cisco :: ASA Same Source And Destination

Jul 24, 2011

I have a situation which requires some non best practice stuff to be done. There is a box behind an ASA that has a lot of code that references public DNS names and therefore needs access to itself and a number of other boxes on the same subnet via the public DNS names (that obviously resolve to public IPs). This traffic is dropped on some pretty fundamental ASA characteristics.I know this isn't really ideal, and it should be handled by DNS nstead, but I'm in somewhat of a bind and need to know if the ASA can allow this traffic.I figure I could match the traffic and exempt it from state-checking and that would probably work, but it's not a very graceful solution.

View 2 Replies View Related

Cisco Firewall :: How To Translate Both Source And Destination In ASA 8.2

Apr 16, 2012

I have a internal subnet 192.168.3.0/24 sitting behind an ASA firewal 8.2 and would behind accessing to web server 192.168.11.54 which sits behind the outside interface of the ASA firewall.The access would be like this:
 
1) 192.168.3.0/24 will be accesing to the web server http://192.168.11.54
2) We would like to translate the source 192.168.3.0/24 to the firewall outside IP address
3) We would like to translate the destination web server 192.168.11.54 to 202.90.197.146 as well

How to perform this simultaneous source and destnation address translation in ASA firewall 8.2? Could this be done in ASA firewall 8.2?

View 1 Replies View Related

Cisco Switching/Routing :: GC2960 - Incoming Traffic On VLan Getting Lost?

Apr 11, 2012

We have a switch gc2960. It has ports configured on vlan 27 and vlan 29.It is connected to switch ch3550. It has presence of vlan 27 vlan 29 and also vlan 18 and several other vlans.Our internet firewall is connected to ch3550. It is a fortinet product, so this is not indicated on the diagram.
 
When the two switches were connected on vlan 29 access ports, pc's on vlan 29 on gc2960 worked as expected. vlan 27 clients of course did not work.When we switched the connecting ports to trunk ports, some weird stuff happened. Clients on gc2960 on vlan 29 could ping and resolve dns, but not browse the intenet. The same was true for clients on gc2960 vlan 27. We verified that packets from the web were coming in through the firewall. What we were thinking, is that they somehow were not being tagged to vlan 29 even though we were trunking.
 
When we set native vlan 29 on the trunk, then clients on gc2960 vlan 29 operated as expected. However, clients on gc2960 vlan 27 are still having this problem, we can ping and resolve dns but not browse.Consider the other switch ch2960-jstreet which has presence of vlan 18 and vlan 27. It is also connected on trunk to ch3550. We are not using native vlan on this trunk, and traffic works as expected.Is the lack of presence of vlan 18 a factor as to why gc2960 is not receiving the tagged packets correctly? Should the interface vlan18 on gc2960 have an ip address on the vlan 18 network?

View 5 Replies View Related

Cisco Firewall :: Log Shows Wrong Source / Destination ASA 8.3

May 25, 2011

The Cisco ASDM or the event manager show wrong source/destination for teardown tcp messages:In this example the communication is an ssh session;from 1.1.1.1 -> 2.2.2.2 ssh and the connection is reseted by 2.2.2.2
 
The message build outbound is correct, i.e. source is 1.1.1.1 (message id is 302013)
 
But the teardown is incorrect, i.e. source for the connection is 2.2.2.2 which is definitely not true (message id is 302014)
 
Also there seems to be a documentation bug in syslog messages for ASA 8.4 since the message for the teardown 302014 is gone!

View 3 Replies View Related

Cisco Firewall :: NAT Source And Destination Addresses On ASA5520 Running 7.2(5)?

Apr 22, 2013

Is it possible to NAT source & destination addresses (twice nat) on an ASA5520 running 7.2(5)?

View 4 Replies View Related

Cisco Application :: 4710 - Bypass Traffic With Source And Destination From Loadbalancing

Jul 30, 2012

I have a requirement to  bypass some specific traffic (with particular source to specific internet destination) in ACE 4710.
 
All the webtraffic (http and https) is configured to loadbalance to my proxies , i need to configure some specific traffic with source and destiantion to internet to byepass from this loadbalancing and directly got to outside interface .

View 1 Replies View Related

Cisco WAN :: 7206 - Cannot See Packets Being Accounted If Destination IP Down

Jun 17, 2013

One of end costumers is trying to configure IP Accounting on 7206 running version 12.4(4)XD8,The issue we are having is that while the physical interface is up (the sub interface is part of a metro line which is directly connected) we dont see packets being accounted if the destination IP is down.

View 2 Replies View Related

Cisco Firewall :: Cannot Access FWSM Via Session Command In 6513 (VSS Enabled)

Apr 24, 2012

Today i received FWSM from cisco (RMA), I need to configure it as standby unit for existing FWSM active/standby setup.
 
IOS on RMAed FWSM is 2.3.4 and  cisco VSS supports FWSM IOS 4.0.4 and later.My issue is, I cannot access FWSM (IOS 2.3.4) via session command from cisco 6513 but could successfully consoled it without any problem. I have reloaded it twice and also tried to disable and enable power on it.
 
VSS#sh module switch 2
 Switch Number:     2   Role:  Virtual Switch Standby
Mod Ports Card Type                              Model              Serial No.
--- ----- -------------------------------------- ------------------ -----------
   2    6  Firewall Module                        WS-SVC-FWM-1  -----------

[code]....

why I cannot access FWSM through session command ?Whether this is because of older IOS ? If yes then how to upgrade its IOS ?Is it possible to upgrade IOS via FWSM console ? if yes, Do i need to test on different slot ? 

View 2 Replies View Related

Cisco WAN :: Monitor Session On 2921

May 8, 2011

i have a question regarding the monitor session command. I have following interfaces on my router:i want to monitor the traffic from the source interface Gi0/2 to the destination interface fa1/3,monitor session 1 source interface gigabitEthernet 0/2 brings this error message % Incomplete command.,monitor session 1 source interface gigabitEthernet 0/2?/  :  <0-2>,i don't have any ports on the Gigabit Interfaces. Any ideas how to monitor traffic?

View 1 Replies View Related

Cisco WAN :: 7606 Monitor Session Not Working?

Mar 5, 2012

I've setup and configured the following local monitor session on a 7606 but it doesnt seem to be outputing anything.  Any guess as to why, or what I might be doing wrong?  Gi1/1 is doing ~40Mb/s egress & 15Mb/s ingress.  Both source and destination ports are routed ports.
 
monitor session 10 source interface Gi1/1
monitor session 10 destination interface Gi1/10 ingress
 interface GigabitEthernet1/1
description WAN Link to *********************  ** CORE BACKBONE **
mtu 9000
ip address ************** 255.255.255.252

[code].....

View 1 Replies View Related

Cisco VPN :: Two ASA (v8.4) - IKEv1 And IKEv2 Session In ASDM Monitor?

Oct 25, 2012

I have a L2L tunnel setup between two ASA's (v8.4).  I used the wizard to set these up and selected the defaults of both IKEv1 and IKEv2, thinking that it would select one or the other.  The strange thing is that now I see a separate session between these ASA's, one for IKEv1 and one for IKEv2.  Both are passing traffic.  Is this expected behavior?  Should I disable IKEv1 to force only v2 since both are v8.

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved