Cisco Switching/Routing :: Not Capturing Span Traffic On WS-4510 / SupervisorV / 12.2(54)SG1
Mar 22, 2012
I have configured Span port on our 4510. We have an application 5view server to monitor trafic connected to G9/17 Since we have changed the network connection from physical Giga port and add a Port-channel instead, we don't see any more trafic from the new Port-channel to G9/17
We have the configuration below on our 4510 :
monitor session 1 source interface Gi4/6
monitor session 1 source interface Po20
monitor session 1 filter vlan 311 - 312 , 375
monitor session 1 destination interface Gi9/17
From the commands show, we don't see the trafic duplication from the source to the destination port :
Port Source
4510-5567#sh int po20
Port-channel20 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 0016.9de2.a818 (bia 0016.9de2.a818)
[Code].....
View 2 Replies
ADVERTISEMENT
Nov 21, 2011
I have configured SPAN session on 2960 switch, source port being a VLAN and destination being one of the fastethernet ports. All I see in the capture is control traffic (HSRP, RIP, Syslog, DNS..etc). However I dont see any real data traffic being captured. Below is how I have SPAN configured..
monitor session 1 source vlan <vlan_id> both
monitor session 1 destination interface fa0/42
View 1 Replies
View Related
Jan 24, 2012
At present we are having a 4900 series switch where we are running one monitor session.Additionaly we are in need of capturing VLAN traffic and set the destination to 2 * GE ports , both are in the same switch.Due to the limitation of two monitor sessions per switch , we thought of putting the destination ports as port channel but it looks like it is not supported.
View 1 Replies
View Related
Aug 6, 2012
I am aware that the 3750 switches are not able to support Netflows, so I have created a SPAN port and spanning traffic from a specific port. I would like to create a seperate VLAN and trunk the traffic from the SPAN port down to the 6509 switch and then capture all the traffic for that VLAN on the 6509.
View 4 Replies
View Related
Nov 21, 2012
I have two servers on one subnet that each need to replicate to a single server on another subnet. They also need to replicate to each other. This replication is unidirectional so I will refer to the 2 server subnet as the source subnet and the single server subnet as the destination subnet. In order to keep this replication running without killing the MPLS links on either end, we are trying to use a policy-map that limits bandwidth from the source subnet.The Problem:We have created a policy that polices traffic during specific times of day and limits the bandwidth as prescribed, however, bandwidth is also being limited between the 2 servers on the source subnet which is not needed or desired.Class 512K set dscp ef police 1024000 bps 1024000 byte conform-action transmit exceed-action dropClass Map match-any 512K (id 4) Match access-group name DAGExtended IP access list DAG 10 permit ip host 10.20.0.3 host 10.20.0.10 time-range DAG-REP (active) (22793 matches) 20 permit ip host 10.20.0.4 host 10.20.0.10 time-range DAG-REP (active) (14156 matches)The service policy is applied on the input side of the 2 interfaces on which our devices are connected.As you can see, the access list identifies the interesting traffic as traffic from two specific hosts to one specific host. The problem we are having is that bandwidth is also being throttled between the two source hosts even though it is not defined to do so.What can I do to limit traffic from the two source devices to the single destination device without limiting bandwidth between the two source devices?
View 1 Replies
View Related
Dec 30, 2012
Im trying to span a trunk port and capture the dot1q headers on the destination. I'm positive I have it configured right (encap replicate) but wireshark just isn't seeing them. Im trying to capture them on a seperate NIC on my Windows 7 64bit pro box. The NIC is a realtek RTL8169 and it just won't capture the headers. I've also tried the built-in motherboard NIC (which is also a realtek) with the same results.
View 19 Replies
View Related
Dec 12, 2011
Been dealing with a strange problem for several days now. It started out with a problem that I thought was VTP related but ended up being something else. I setup a span port on a 3750 that I am connected to that was mirroring the trunk connection coming into the switch.
Never saw an VTP traffic come across the connection but doing a sh vtp status indicated the traffic was arriving and getting processed. When I found some debug commands (debug sw-lan vtp), I was also able to see the packets go between switches. Seeing this issue concerns me that there is other traffic that isnt showing up during a span session.
I know that doing a span on a switch, especially using a trunk port as a source, isnt a good idea. Since I didnt have a TAP at time, this was my only choice. I have since borrowed a NetOptics TP-CU3 tap from a good friend and was able to confirm the VTP traffic was going across the trunk connection between switches.
All of my 3750's are running 12.2.55.SE.
View 8 Replies
View Related
Apr 24, 2012
I am looking to find a command or counter to tell me if a cisco switch port on a 4510 was ever up and passed traffic. I want to shutdown all unused switchports on our access switches. But before I do that I need to make sure device is just not off or the person is away on vacation. If I do sh int interface, is there a counter I can reference.
View 4 Replies
View Related
Jan 31, 2012
On a Catalyst 6500, we configured a SPAN session with VLAN 300 as a source. We configured the session bi-directional ("both" keyword). We connect a sniffer on the SPAN destination port.
Strangely enough, we only see the traffic from the VRF to the firewall, but not the reverse traffic ! What can be the problem ?
View 2 Replies
View Related
Apr 22, 2013
I have pair of 5596 switches in vPC. One host say "HOST A" is connected to the primary vPC peer and other "HOST B" on secondary vPC peer.Both are in same VLAN 10. Both hosts are vpc orphan ports as their NIC is configured in active/standby mode.I have configured span session on both vPC peers with span source as VLAN 10 in rx mode.Span destination is connected to secondary vPC peer. The issue here is that I am not able to capture the traffic originating from HOST A destined to HOST B which is traversing vPC peer-link.Same issue occurs for the traffic in reverse way and span destination on primary vPC peer. In a nutshell, any traffic which crosses vPC peer-link is not getting captured.
What could be the issue and is there any solution for it. Below mentioned is the span config and relevant interfaces. [code]
View 4 Replies
View Related
Nov 2, 2011
Is it possible to configure the span(switch port analyzer) port and restrict it to only listen to ingress and egress of TCP/1433 from the source port?
View 2 Replies
View Related
Mar 19, 2013
We have a Cisco 2811 running ITP IOS. On that router we run the SMPP service. A client on the network connects to this service, and we need to capture the traffic for debug.
I've tried traffic-export, but I cannot see any outbound traffic.I'm guessing that this is due to the fact that the outbound SMPP traffic is not transit traffic as it is generated by the router itself.
Is there any way to capture the outbound traffic?
View 4 Replies
View Related
Nov 28, 2011
Quick question. I have a site - site tunnel that is up and running between a Pix 515E and a 3050 appliance.Tunnel is up and running but on the pix side I dont see traffic from a couple of subnets behind the inside interface.On the vpnallow access list there are no hits So I setup a capture on the inside interface to see if the packets is making it to the inside interface and nothing. There is some traffic making it thru the tunnel that would have to hit the inside int first and even that doesnt showup in the capture.
View 1 Replies
View Related
Dec 30, 2011
I am monitoring 2 or more source interfaces which are running 1G traffic on each interface. Destination is 10G interface.There are 2 kinds of traffic running through the source interfaces: icmp and regular IP traffic. I am only interested in capturing icmp traffic. How can I achieve my goal?I don’t have any vlan traffic at all. Router is c6500.
source (1G) destination (10G)
------------------------- Router --------------------------------------Linux
|
| source (1G)
|
|
View 1 Replies
View Related
May 5, 2013
I have a RSPAN session configured between a Cisco 3750 and Cisco 2950 switches and I dont see the traffic I am expecting to see on the destination port. I only see broadcast traffic .. HRSP hellos etc. Below is what I have configured on both switches.
3750 (gi1/0/33)----TRUNK------(fa0/47)2950(fa0/4)-----windows server
3750
---------
monitor session 1 source interface gi1/0/18
monitor session 1 destination remote vlan 901
[code].....
View 3 Replies
View Related
Oct 31, 2011
I am having issues working on my QOS between 4510 and 3550 switch connecting on layer 3 through a service provider. I have class maps and policy map setup on both sides and then policy map attached to interfaces however i dont see any traffic matching in policy map on 3550 switch, i do see some traffic matching on 4510 but the speed with which its increasing has my doubts about it. When i make voip calls ( VOIP switches are sitting behind 3550 and are mainly 3550 pwr 24 port switches with phone ports configured for auto qos voip cisco-phone and trusting cos) i rarely see the RTP matching in class under policy map.
View 5 Replies
View Related
Apr 11, 2013
I am currently running 12.2 (53) and am looking to move up to the 15+ train. Are there any pre-reqs prior to the upgrade that any one is aware of?Unfortunately I have no "lab environment" to test it in. I have production switches with minimal impact to the campus and if done late night I could have it restored back before open of business the following morning. My FW is up to the latest version and I have found nothing in the release notes specifically stating that there would require any stepped upgrades up to v15 and higher.
View 6 Replies
View Related
Jun 11, 2013
We have an issue where switches are failing weekly in a switch closet. In the past month we have gone through several 3750G switches and a couple 4510s. The power supplies have eventually made a popping noise and had to be replaced. on the 4510s we've tried two chassis and gone through several power supplies.The switches have been behind UPS systems so should be receiving conditioned power.Could load from the PoE devices really be causing this? I wouldn't think it's power since they are behind a UPS.
View 5 Replies
View Related
Jul 10, 2012
This has been happening repeatedly time to time! we just replace the part! But now it has come to trouble us again.It happening only in one module like 6 to 10 ports wont work.
we run IOS cat4500e-universalk9.SPA.03.02.00.SG.150-2.SG.bin will there be any bug in it?
View 10 Replies
View Related
Dec 13, 2011
I am hoping you can provide me with some opinions, feedback, thoughts on the following. We have some Cisco 6509 switches in our environment currently hitting around 60% usage on the Router overall statistics.
Now we are looking at implementing an intrusion detection system but by being as least invasive as possible to the network. Our thoughts are to utilize a SPAN port on the switches to send traffic to the NIDS device but we have concerns of the following. The limitations of SPAN sessions on 6509's . The overhead on the switch of turning a SPAN session on and leaving it on permanently.
View 1 Replies
View Related
Mar 12, 2013
I am trying to configure RSPAN for one of my client. They have Server-Client VTP architecture. Voice Recording Server is connected to C4507. Agents are connected to C2960 and C3750. I got 2 sessions configured and the connectivity is a as follows:
1. Voice Recording Server-----C4507-----C2960-----C2960-----Agent IP Phones (Session 1)
2. Voice Recording Server-----C4507-----C3750-----Agent IP Phones (Session 2)
Recording works with Session-2 but not with Session-1. I understand the problem could be due to multiple reasons: 1.1. C2960 is working in client VTP mode so i cannot add remote span command under the vlan configuration. 1.2. C2960 has LANLITE IOS image which i am not sure if it supports Remote Span.
View 2 Replies
View Related
Jul 23, 2012
We have multiple switches(Cisco 4510, 4507R, 3560's) within our network. I've been looking over the port settings between them and noticed that not all ports that are connected directly from switch to switch are trunked the same. Some are desirable on one switch and forced truck on the other switch.
View 5 Replies
View Related
Sep 4, 2011
I am using Cisco 4510 Switch with Default LAN Base image. Now I have purchased 10G Upgrade license. The part number for Upgrade license is WS-C4500-10G-LIC. I have received a CD from Cisco (named as 'Includes License and Warranty'). Any License upgradation is required for this license? Or this is only a paper License.
I could not find out any .lic file on the CD. Also there is no paper with PAK.
View 3 Replies
View Related
May 3, 2012
I just upgraded all of our switches on campus to Version 15.0(2)SG4 after about a month of testing. On two switches so far, we are seeing that clients can not connect, and the switch isnt detecting a link. I dont see anything out of the ordinary in int status, port-security, or errors on the interface. Plugging in a different computer does nothing. Only thing that works, is a shut, no shut of the interface. After that, its connected.
View 7 Replies
View Related
Apr 4, 2013
I have a Catalyst 4510 that is running IOS version 15.X that has a bug and Cisco recommends upgrading the IOS. Are there additional steps required to perform an IOS upgrade due to licencing Cisco put in place?
View 5 Replies
View Related
Oct 27, 2010
I am planning to enable MAC address filtering (one port on 4510 & another 3560). I want to allow only that MAC address to communicate via that port with the rest of the network and internet.
4510 has PC connected and 3560 had polycom connected. [code]
View 5 Replies
View Related
Mar 2, 2013
I have cisco 2960 and Catlyst 4510 switches now we are planning to implement IPV6.
i have the fallowing IOS on my switches.
C2960-lanbasek9-mz.122-50.se5
Cat4500e-entservicesk9-mz.122-54.sg1.bin
The above ios will support for IPV6 or I have to purchase new IOS, which version will support.
View 1 Replies
View Related
Feb 21, 2013
I got a 6509 version 12.1(22)E2 that I am replacing with a 4510E version 3.40SG with Supervisor Engine 7-E. The 6509 is configured with 20 channel-group for dual fiver connection to ten 3550 switches with trunking enabled with isl encapsulation. The 6509 is the VTP server to each of the 3550 switch clients. There are 40 Microsoft Servers attached ot the Gig RJ45 port modules.
I have attached the 4510 to the 6509 with dual fiber connection configured as a channel group with trunking enabled. I am configuring the 4510 the same as the 6509 except I have to use trunking with dot1q encapsulation because isl is not supported on the 4510. I no longer want to use VTP with the 4510 and have set the it as transparent mode. Each of the 3550 switches are changed from isl trunking encapsulation to dot1q and VTP mode is changed to transparent when they are moved from the 6509 to the 4510.
I want to move the switches over a few at a time and not all at once. The first 4 switches attached with no problems and ran with no problems for the user access to the servers still on the 6509 for a week. Then I found out DHCP was not working for the devices attached to the switches on the 4510. I moved one of our domain controllers form the 6509 to the 4510 to fix the DHVP problem. I have now added 2 more switches with users that use an application on a server still on the 6509 and they are getting disconnect errors after logging into it and using it. Other applications on different server also on the 6509 are having no problems. I moved the switches back to the 6509 to get the users up during business hours. I now plan on moving the server for the application that was failing to the 4510 in hopes that it will fix the problem.
Is there something I can do to speed up the connection between the 6509 and the 4510 so I can continue this transition without having to move the servers to the 4510 as I move the users?
View 1 Replies
View Related
Dec 31, 2011
I have CISCO catalyst with VLANs (VLAN ID 33, 36, 40-53) configured. I need to configure port mirroring in Switch 3750 for NAC (Network Access Control). I need to Monitor all the VLANs. Here is the SPAN configuration of switch: [code] Monitor session 1 source vlan 33 , 36 , 40 – 53.Monitor Session 1 destination interface fa 1/0/8 (here I am not able to set encapsulation dot1q ) because the error occurred saying %one or more dest port do not support the encapsulation%.
View 5 Replies
View Related
Feb 12, 2013
I currently have IOS image cat4500e-entservices-mz.122-53.SG5.bin. According to my research it appears SPAN is supported on this OS. However, after looking at procedure notes using websites like here:
[url]... I cannot find and obviously not figure out how to use the SPAN command. My main objective is to simply setup a port mirror on one of my TenGigabitEthnet interfaces and from what I read SPAN is the best way to setup a tap interface on a cisco switch.
View 2 Replies
View Related
May 1, 2013
I have a Cisco 881 router running 15.1(4)M4. I am trying to configure SPAN on it to mirror my outside interface (source) to one of my LAN interfaces (dest).
!--- WAN interface
interface FastEthernet4
description Comcast WAN$ETH-WAN$
[Code]......
As you can see from the above output there is a problem with the command on this interface. When I try to set Fa0 as my source it works fine:
rtr(config)#mon session 1 source int fastEthernet 0
rtr(config)#
Is this because fa4 is layer 3 and fa0 is a switchport? If so, is there another way to set fa4 as the source?
View 4 Replies
View Related
Jul 12, 2012
I have a need to capture some traffic but my core 6513's are already using the limit of 2 span sessions. I can't edit any of the sessions either because I want to source traffic from vlans and you can only do one or the other. Is using a VACL with 'switchport capture' on the destination interface an option ? E.g. I want to source traffic from vlan 10,20,30,40 and send the all to interface Gi10/10 ? Is there any caveats ? I dont need to be too granular with the ACL's but just capture all traffic in those vlans.
View 2 Replies
View Related
Mar 16, 2011
i will be creating combination of SPAN and RSPAN on catalyst 6506 according to the link
[URL]
im planning to implement this on two 6506 switches will this work? or do i violate the number of monitor session? sorce span?
sw1
monitor session 1 source interface Fa5/18monitor session 1 destination interface Fa5/48
monitor session 2 source interface Fa6/34monitor session 2 destination interface
[Code].....
View 1 Replies
View Related
