Cisco Switching/Routing :: Port Monitoring On A 2901 For Purpose Of Packet Capture?
Jul 26, 2012
I have always done my port monitoring (SPAN) on Cisco layer 3 switches with no issues. This time I am trying to do this on a Cisco 2901 router:
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M2, RELEASE SOFTWARE (fc1)
System image file is "flash0:c2900-universalk9-mz.SPA.151-4.M2.bin
I need to have the source port gig0/0 and destination port gig0/1. There is something about the gig port enumeration (slot/port#) that makes the command rejected. It is self explanatory:
#sh ip int brie
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 xxx.xxx.xxx.xxx YES NVRAM up up
GigabitEthernet0/1 unassigned YES NVRAM up up
Serial0/0/0:0 unassigned YES unset up up
[code]....
It doesn't matter what slot or port number I use, it is always rejected. The command is rejected for Both destination and source gig interfaces. I tried a wide variety of slot/port numbers. To my best understanding the complete port names are: GigabitEthernet0/0 and GigabitEthernet0/1, so why does it think there has to be another digit after 0/0 or 0/1? Does it have anything to do with the Embedded-Service-Engine0/0 being administratively down?
View 4 Replies
ADVERTISEMENT
Apr 1, 2013
I operate between c6509-E, what did you flooding? its just packet capture gi1/3 but i dont know it and is it attack?also same seq no switch gots it?what is problem?
View 2 Replies
View Related
Aug 16, 2012
I have been searching the message boards and wasn't having much luck. I am running some monitoring sessions on my 6509 and on the VLAN I am monitoring, I am experiencing a really large packet loss. If we hook up a laptop to the destination port and run wireshark we are seeing between 80% and 90% packet loss. I dont see the packet loss on the show port command, but I do on the show int vlan command.
The config is as follows:
Session 2
---------
Type : Local Session
Source VLANs :
RX Only : 500
[Code].....
I was doing some reading on Egress vs Ingress and I am wondering if the Egress SPAN replication state could be causing the packet loss that we are seeing or does the ingress & learn command override that?
View 0 Replies
View Related
Aug 8, 2012
I want to make packet sniffer which capture the IP packet and then extracting QOS filed from it's header
View 1 Replies
View Related
May 19, 2013
Basically I am trying to use Wireshark to do a packet capture on a Nexus 5010. I want to do a monitor session on on the switch so I can capture from a source port to a destination port on the same switch. I can configure the source port but when I go to configure the destination port I get "ERROR: Eth102/1/4: Configuration not allowed on fex interface". I have tried to reconfigure this port as a switchport but "switchport mode access" command does not take. I don't want to make any changes to any other ports but this one.
View 1 Replies
View Related
Jan 16, 2012
In s SPAN session , normally the destination prt is used for monitoring purpose only. But could destination port be used to access the equipement or PC connected to that port , for a 2960 LAN BASE image switch .
View 2 Replies
View Related
Oct 1, 2012
when performing packet capture in a FWSM
[code]...
View 2 Replies
View Related
Aug 1, 2012
I am looking to simply monitor Port-Security , Error-Disable and HSRP. I would like to receive an email when any of these are triggered.
Port Security - Port Is shut down
Err-Disable - Port goes into err-disable state (securedown)
HSRP - When HSRP standyby changes are detected
I need to receive emails with any of the able are triggered. What is the easiest way to do this? I know SNMP is the main option but I have never worked with SNMP and dont understand it too much.
Equipment:
2x Cisco 1921 series routers
3x Cisco 2960 POE switches stacked
View 1 Replies
View Related
Oct 30, 2012
I'm trying to use EPC on ASR1001 running IOS-XE 3.4, and it won't work. Configuration commands are accepted by the router, but there are no packets in the capture buffer.In release notes for IOS-XE, in the 2.5 section, there is a statement that EPC is not supported on ASR1k. Is it true also for newer versions of IOS-XR?
View 1 Replies
View Related
Feb 5, 2012
I have a need to capture traffic on an ASR 1001 subinterface, but what I have found is that the Embedded Packet Capture feature is not supported on this platform. Are there any simple alternatives to capture egress traffic on a subinterface or am I SOL? This is a walk in the park on normal IOS routers...
View 1 Replies
View Related
Oct 24, 2011
I have a piece of software that I suspect is sending unwanted data over the internet to some IP address. I'm not an expert in anything related to computer networks, but I figure I could use such software after playing around a little with it.What application could I use that would so the following:
a) capture all the bytes the application is trying to send out so that it seems to the application it is doing it and see the place it was trying to send it
b) after inspecting the data, if it was ok, send the packages to wherever it was supposed to go so that it seems the original application sent.
View 6 Replies
View Related
Nov 27, 2012
I want to capture packet on gi0/0 of PE1 in order to show customer that all his traffic is encapsulated and transmitted by L2VPN (ldp signaling) in his lab.
CE1-----------(g0/1)PE1(g0/0)------------PE2-----------CE2
PE1 and PE2 are Cisco3945 and L2VPN is working well. I tried cisco RITE(Router IP Traffic Export Packet Capture) feature, but the output was not what I expected. I tried both export mode and capture mode. Only LDP hello message I got, looks like RITE is only interested in IP packet. Monitor session wasn't effective as well because it is not a switch.
Is there any other way/workaround to capture customer's traffic encapsulated in L2VPN?
What I did on PE1 when I was trying RITE export mode:
ip traffic-export profile test
bidirectional
[Code].....
View 3 Replies
View Related
Oct 20, 2011
I would like to capture packets which are going through an IPSEC tunnel. The packets originate in the appliance (syslog) and are sent to the remote via a VPN. I can see the encapsulated packets going out to the peer and I can see the ISAKMP packets to and from the peer. Because the packets originate within the appliance, they do not appear on any interface to be captured.
Is there some way to capture these packets before they are encapsulated?I attempted to capture packets on the asa-dataplane, but they are in a format that I cannot decode, and I cannot put a filter on the capture.
Hardware is ASA-5520
Software is version 8.3(2)
View 2 Replies
View Related
Feb 7, 2012
How to mirror port only http get packet on 4948 or 6500 ?
View 4 Replies
View Related
Mar 5, 2013
our C3750 like the one described here [URL]
We have the port on the switch set like this:
switchport port-security maximum 25
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
In case a device connected to the port is inactive for more than 2 minues ( aging time ) the first frame/packet the device generates arrives to the port on the switch, but the switch does not forward it to the appropriate port ( discards it or whatever ).
So far I tested on
1 30 WS-C3750E-24PD 15.0(2)SE2 C3750E-IPBASEK9-M
2 30 WS-C3750E-24PD 15.0(2)SE2 C3750E-IPBASEK9-M
3 52 WS-C3750G-48PS 15.0(2)SE2 C3750-IPBASEK9-M
[Code].....
When we remove port security from the port, it works perfectly fine, as expected.
It seems this is not HW or IOS version related. It seems it is not a stack synchronization issue, it does not matter if a device is connected to the first or other stack member. I tested on C3560 too, here there are no problems, so seems it is 3750 related.
View 1 Replies
View Related
Jan 15, 2012
how to capture the incoming and outgoing packets on the balancer?The load balancer is connected in between the customer DCN and cisco switches 2960.The reason of capturing both incoming and outgoing packets on the balancer is to prove to our customer that there is no packet loss issue on the balancer, and it could be some issue on their DCN network.Since it is a production server, I will need to ensure that there is no impact to the incoming and outgoing traffic on the balancer and other networking equipments as well.
View 1 Replies
View Related
Apr 27, 2012
On my 6509-E, all the modules show this:
Region F1: INVALID
Region F2: INVALID
Currently running ROMMON from S (Gold) region
Is this alright? Is the Gold region like a default region where ROMMON is always installed. And are F1 and F2 just storage partitions that are available to hold backup copies of the ROMMON? From what I read, it sounds like I can copy ROMMON images to F1 and F2, either the same version as the Gold region or different versions. Is that correct? Why would I want to copy different ROMMON versions to F1 and F2?
View 3 Replies
View Related
Aug 2, 2011
ATT notified my company we have a virus infected pc on one our networks which sits behind a Cisco ASA 5505 running 7.2(4). The set up is a basic inside/outside NAT configuration. They gave us the destination ip address and port which the our pc is contacting. I have been tasked to track down the infected pc. I created the following access-list and applied to the inside interface:
access-list VIRUS extended permit TCP ANY host x.x.x.x EQ YYYYY log debugging interval 600 access-group VIRUS in interface inside
I enable logging to the console whose output did not list the IP address of the infected pc, only the ip address of the DNS servers we were using. I then used the following capture commands to try locate the internal ip address of the infected pc:
capture in-cap interface inside access-list VIRUS-CAP buffer 1000000 packet 1522 capture in-cap access-list VIRUS-CAP interface inside
Neither step worked and the resulting console output overwhelmed the firewall in a very short period of time. Before attempting this task again, I would like to know if I am going about this the right way or if there is a better methodology?
View 24 Replies
View Related
Aug 1, 2012
Is there a way to configure a VACL capture on 3560-x, we need more than 2 SPAN sessions. Feature navigator indicates that this feature is supported but it seems like it's not implemented in the IOS yet.
View 1 Replies
View Related
May 29, 2012
I know that an ELAM can be setup on a 6500 running ipservices 12.2(33)SXJ, however I noticed that following commands are not available on a 6500 router running advipservices 12.2(33)SXJ:show platform capture elam asic etc
So I wanted to know if there is an alternate way to setup an ELAM for troubleshooting purposes?
View 1 Replies
View Related
Jan 21, 2013
We are running in our DC one of the CISCO 2911 terminal server which is connected with HP ARC sight logger.
it is possible to capture user who execute ‘Telnet” or “show line” in the log, I mean all the command entries by user.
How to enable any config on 2911.
View 11 Replies
View Related
Jun 2, 2012
Why I cant correctly use ip sla command. I only have on my 2901 such commands: ip sla ?
key-chain Use MD5 Authentication for IP SLAs Control Messages
responder Enable IP SLAs Responder
server IPPM server configuration
There is my "sh ver"
ROM: System Bootstrap, Version 15.0(1r)M15, RELEASE SOFTWARE (fc1)
And...What should i do. if i want to create a failover with to WANs
View 2 Replies
View Related
Mar 10, 2012
I am attempting to configure a Cisco 2901 router using IOS 15 to properly perform NAT/PAT translation between LAN and the internet connection.
My Configuration:
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
no cdp enable
no mop enabled(code)
View 28 Replies
View Related
Feb 3, 2013
I am trying to implement an etherchannel on a cisco 2901 (IOS 15.1). i have already created the port-channel but i cannot assign the gig interface to the channel group.
View 1 Replies
View Related
Jun 6, 2013
I recently installed a cisco 2901 router. The router is connected to hosts using a SG 200-50 50-Port Gigabit Smart Switch
Problem is the router internal interface keeps shutting down without notice and randomly. At that time I cannot ping the interrface from a LAN PC even though I can ping other hosts on the LAN. The ISP link is okay since I can put a static IP on my computer and access the net.
View 8 Replies
View Related
Feb 18, 2013
I need to break into a 2901 router to recover the passwords. Cisco's methodology for password recovery on 2900 seriews routerssays to remove the compact flash card and reboot into RMON. There is no external compact flash card on a 2901. Is there acompact flash card inside the box? Or can you use the older method of rebooting and then hitting ctl+break to boot into RMON?
View 5 Replies
View Related
May 2, 2012
i'm interested if it's possible to set the NTP server via DHCP on an 2901 Router with 15.2(2) image.
i configured the interface gigabit 0/0 as dhcp client. The DHCP Server sends to me DNS, Default GW and NTP. All is working fine, but the NTP will not be configured. i tried to add an DHCP option request, but there is no NTP (42) value. [code]
is there any way to add the value NTP (42) for the DHCP request or isnt it possible?
View 4 Replies
View Related
Jun 10, 2013
Does the 2901 have etherchannel capabilities? If so, how to configure it? I mean, I can type "show etherchannel 1" in it, so I would assume if I can show it, I better be able to configure it, right?What about the 2911?
View 1 Replies
View Related
Dec 5, 2011
i want to use the cisco 2901 router with two adsl cards(EHWIC-VA-DSL-B) and would like to know if that possible without any restrictions with the ip base license.
View 2 Replies
View Related
Jun 29, 2012
I have a Cisco 2901 with the 4port gigabit ethernet switch module that I'm trying to get configured to have a seperate subnet for each port. So far I have it set up so each subnet is a vlan, then on each port I use the switchport access vlan command to tell it which subnet I want that port to be on. However, there is one port that I need to have 2 subnets on. The way I found to do that was to use switchport trunking on that port, but it doesn't seem to be working properly. how they would configure this? Right now I have vlan 101 as x.x.x.17/28 and vlan 103 as x.x.x.53/30. I think where I'm getting hung up is the proper association between the physical port and the vlan subnets.
View 5 Replies
View Related
Oct 21, 2012
I have two 6509E's configured with VSS. In this configuration, is it possible to monitor the CPU and memory of each switch independently using SNMP?
View 1 Replies
View Related
Feb 27, 2013
how to configure SLA monitorin for Dual Path default route in Layer 3 switches, like C3560?
View 2 Replies
View Related
Nov 30, 2011
I had a lot of problems with TCAM table in the past and made changes in SDM ended whit that. But now want to be proactive and anticipate the problems in my TCAM table.
If the my template is "default desktop" they support a number of indirect IPv4 routes of 2k. I wanna know automatically by my management tools if this number reaches 1.9k.
That way I can take corrective actions before the problems starts on my network.
View 5 Replies
View Related
