In s SPAN session , normally the destination prt is used for monitoring purpose only. But could destination port be used to access the equipement or PC connected to that port , for a 2960 LAN BASE image switch .
View 2 Repliesi have configured SPAN over cisco 2960 to monitor source port traffic but after configuration i dont able to get response from destination port as my NMS is attached on destination port so i lost its web interface.
Configuration is as under.
monitor session 1 source interface gigabitEthernet0/5 (Source Port on Vlan 100) monitor session 1 destination interface gigabitEthernet0/1 (Destination Port on Vlan 200)
I am looking to simply monitor Port-Security , Error-Disable and HSRP. I would like to receive an email when any of these are triggered.
Port Security - Port Is shut down
Err-Disable - Port goes into err-disable state (securedown)
HSRP - When HSRP standyby changes are detected
I need to receive emails with any of the able are triggered. What is the easiest way to do this? I know SNMP is the main option but I have never worked with SNMP and dont understand it too much.
Equipment:
2x Cisco 1921 series routers
3x Cisco 2960 POE switches stacked
Been dealing with a strange problem for several days now. It started out with a problem that I thought was VTP related but ended up being something else. I setup a span port on a 3750 that I am connected to that was mirroring the trunk connection coming into the switch.
Never saw an VTP traffic come across the connection but doing a sh vtp status indicated the traffic was arriving and getting processed. When I found some debug commands (debug sw-lan vtp), I was also able to see the packets go between switches. Seeing this issue concerns me that there is other traffic that isnt showing up during a span session.
I know that doing a span on a switch, especially using a trunk port as a source, isnt a good idea. Since I didnt have a TAP at time, this was my only choice. I have since borrowed a NetOptics TP-CU3 tap from a good friend and was able to confirm the VTP traffic was going across the trunk connection between switches.
All of my 3750's are running 12.2.55.SE.
I'm trying to configure a mirror port on a 3750. This configuration needs to replicate data from local ports, but I need that also act as a regular access port.
With the initial configuration, SPAN port, there is no problem, all the data of the configurated ports is replicating in the configurated port. On the port configurated as mirror there is a PC connected for audio recording. When the port is not operating as SPAN there is communications without problem over the LAN. But when I configure the port as SPAN, communication is interrupted.
Here is the actual configuration:
SWITCH1-PISO7#sh monitor session 1
Session 1
---------
Type : Local Session
[Code]......
I'm setting up a montitor session on a NEXUS 7K as below.we are receiving in 150M of data and 0 data going out port 9/25.but port 4/24 shows 300M to the span port?
View 1 Replies View Relatedi am running c3640-is-mz.124-21.bin on a cisco router 3640. i am trying to create a monitor session in the CLI and everytime i type the command Router(config)#monitor session 1 interface ethernet2/1 % Invalid input detected at '^' marker. Router(config)#monitor session 1 interface ethernet2/1 ^% Invalid input detected at '^' marker. i get the error invalid input ?
View 10 Replies View RelatedI have two servers, connected on two(Different) 6513 directly connected switches. Both these servers are in the same Vlan.
I have to monitor communication these two servers. I have a system connected on one of the 6513 switch, where network tool wireshark is installed.
How to configure span port.
switch 6513-1# show run int Gi10/43 --------------------Server 1 is connected
switch 6513-2# show run int Gi9/45 ------------------------Server 2 is connected
switch 6513-2# show run int Gi9/46 ------------------------System on which network tool wireshark is installed.
I read quite a few documents on configuring SPAN on a cisco switch but none of them mention any limitations or any kind of CPU load it can have on a switch. I need to configure this on one of our switches and would like to know if there are any implications related to SPAN.
View 5 Replies View RelatedI have configured SPAN in cisco 3750 switch as below mentioned. but the destination port protocol is down.switch(config)#monitor session 1 source interface gigabitethernet1/0/1switch(config)#monitor session 1 destination interface gigabitethernet1/0/11 ingress vlan 1
View 8 Replies View RelatedIf I monitor a trunkport on the rootbridge in both directions I get Duplicate Multicast Packets on the perticular VLAN. The first guess is, that this is worked as designed and not a IOS Bug (Platform CAT6500 SUP720 IOS 12.2(33)SXI9 ) Until know I only found an old Cisco press link from 2002 with this subject.
View 2 Replies View RelatedIs it possible to configure the span(switch port analyzer) port and restrict it to only listen to ingress and egress of TCP/1433 from the source port?
View 2 Replies View RelatedBasically I am trying to use Wireshark to do a packet capture on a Nexus 5010. I want to do a monitor session on on the switch so I can capture from a source port to a destination port on the same switch. I can configure the source port but when I go to configure the destination port I get "ERROR: Eth102/1/4: Configuration not allowed on fex interface". I have tried to reconfigure this port as a switchport but "switchport mode access" command does not take. I don't want to make any changes to any other ports but this one.
View 1 Replies View RelatedI am having some problems creating a SPAN port on my Cisco 871 (running IOS 12.4-11T). My 871 is connected to a DSL modem, and uses "IP Negotiated" to get its dynamic ip address.I want to monitor the WAN port (FastEthernet4) using SPAN, but when I type "monitor session 1 source interface FastEthernet4" into the cli, it is rejected. I can successfully use any of the other FastEthernet ports, as well as Vlan1 as a source for the SPAN session. I have tried to use Dialer0 instead of FastEthernet4, but it still doesnt work.
View 5 Replies View RelatedI configured 3750 A switch with vlan 20 and its IP address 192.168.20.41Its default gateway was 192.168.20.3Then i configured 3750 B switch with same default gateway and vlan 20 IP 192.168.20.43My question is now when we stack it becomes single switch and now vlan 20 ip address is 192.168.20.43 thats only IP i can see.So how does stack switch choose vlan 20 IP?Does it choose highest IP address between two switches if they have same vlan 20 as in my case?Also when i go to switch 3750 b by session command and do sh ip route it does not show ip default gateway .Also it shows vlan 20 as admin down .
View 5 Replies View RelatedI have been reading several posts in this forum to try to understand ACL behaviour on a standby HSRP 6500, I would be glad to get this cleared.I have two 6509 running HSRP for all Vlans...I created VLAN 100 with standby ip address 192.168.1.129 255.255.255.128
Active 6509 (SW01) ip is 192.168.1.130/25, priority 120
Standby 6509 (SW02) ip is 192.168.1.131/25
I have created a DHCP server on the standby 6509 only on the same VLAN 100 with a defaul router of 192.168.1.129 (i.e. the hsrp vip). I connected a pc directly to the ethernet port on the standby 6509 and put it under VLAN 100 and it obtained its ip 192.168.1.200 from the ios dhcp.Now I want to restrict this PC (and any other on its subnet) to access only a remote server 172.168.10.10 and nothing else. I have created the following access list, allowing traffic to the remote server, ospf and hsrp updates,ios dhcp...
Extended IP access list SWRES
10 permit ospf any any log (172 matches)
20 permit ip any host 172.168.10.10
30 permit ip any host 224.0.0.2
40 permit udp any host 255.255.255.255 eq bootpc
50 deny ip any any log (52 matches)
I have applied this ACL on both the 6509s under interface VLAN 100 ip access-group SWRES in
1. When I ping different subnets on the 6509s from the PC, I still receive icmp replies although I expected the acl to pass traffic destined for the remote server only. I do get deny log messages on the Active 6509, but not on the standby 6509 where the PC is connected.
2. Is permitting bootpc in the acl enough for IOS DHCP server and client operation? Do i need to explicitly permit access to the defaul-router configured in the DHCP, which happens to be the VLAN 100 gateway ip and hsrp vip as well (192.168.1.129)
3. I do get deny logs on both the 6509s from the PC trying to access the local VLAN 100 broadcast address on ports 137, 138.
%SEC-6-IPACCESSLOGP: list SWRES denied udp 192.168.1.200(137) -> 192.168.1.255(137)
I have always done my port monitoring (SPAN) on Cisco layer 3 switches with no issues. This time I am trying to do this on a Cisco 2901 router:
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M2, RELEASE SOFTWARE (fc1)
System image file is "flash0:c2900-universalk9-mz.SPA.151-4.M2.bin
I need to have the source port gig0/0 and destination port gig0/1. There is something about the gig port enumeration (slot/port#) that makes the command rejected. It is self explanatory:
#sh ip int brie
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 xxx.xxx.xxx.xxx YES NVRAM up up
GigabitEthernet0/1 unassigned YES NVRAM up up
Serial0/0/0:0 unassigned YES unset up up
[code]....
It doesn't matter what slot or port number I use, it is always rejected. The command is rejected for Both destination and source gig interfaces. I tried a wide variety of slot/port numbers. To my best understanding the complete port names are: GigabitEthernet0/0 and GigabitEthernet0/1, so why does it think there has to be another digit after 0/0 or 0/1? Does it have anything to do with the Embedded-Service-Engine0/0 being administratively down?
I have Catalyst 2960 S (WS-C2960S-48FPS-L) Switch. I have plugged in SFP module but still interface is down and line protocol down. Is there any configuration to enable SFP module and make the interface up?
This port is connected to nexus 5 k.
I have a Cisco 2960 48-port switch. I enter "sh vlan" and it lists all the VLAN's. One of the VLAN's listed is "10" with the name "EPIC". What is the quickest way to find out what ports, if any, are assigned to this VLAN?
View 2 Replies View RelatedOur company bought a Cisco 2960-S to add to the network, We gave the interface VLAN 1 an IP address, and tried to attached the switch to a jack port on the wall to test if it gets a link or not. The status of the port blinks amber and stays contionous amber, I have searched the manual of the switch and it says that amber means that the port is being blocked by STP.
View 4 Replies View RelatedI have DIR-615, connected via ethernet. I enabled port forwarding for Quake 3, using the range of 27660-27980 to account for custom server ports. Set schedule to "always" although also did "never" but it didn't make a difference. I checked the FAQs for frequent resets vis a vis application outbound requests, which recommended disable uPnP and this had no effect. Symptom: when Quake 3 attempts to connect to the Master Server, the router resets all connections, LAN and WLAN. It takes approximately 30 seconds to regain connection to WAN, although LAN does not drop. Also during this time, the world sigil on the router itself turns orange. This is the only time this happens, when trying to play Quake 3. Previous router to this one was Linksys (by Cisco) BEFSR41, in which simply setting up port forwarding for the client IP address allowed connection. I can find no particular reason why the router resets all interfaces when blocking a port, if it is indeed the firewall triggering this.
Other infos:
Model: Wireless N 615, DHCP enabled on both sides
LAN connect: Category5 to 10/100 NIC onboard to Intel 865GBF
Client firewall: none
Client OS: Windows XP Professional SP3
If I knew the IP address of a host, can we know on which port on the switch its connected. The switch model is 2960
View 6 Replies View RelatedTo rate limit the 2960 switch port to 1 MB.I have made the specified chnages , how ever still it is reaching more tha 1 MB
Hard coded the bandwidth of port to 10 MB and have applied the specified command srr-queue bandwidth limit 10.
One of my engineers issued a command to turn off port security on a number of ports using the range command. The command failed on the first attempt due to a tacacs auth failure which I suspect is due to a low tacacs timeout value. The engineer then reduced the number of ports in the range command and re-issued the config change after which the switch just crashed and rebooted.
The logging buffer on the switch displays the following:
000072: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: System previously crashed with the following message:
000073: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(50)SE3, RELEASE SOFTWARE (fc1)
000074: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Technical Support: [URL]
000075: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Copyright (c) 1986-2009 by Cisco Systems, Inc.
000076: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Compiled Wed 22-Jul-09 07:03 by prod_rel_team
000077: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED:
[Code]........
I have done some searching and this could be related to bug CSCsq71492. I have tried using the output interpreter but it is still down.
I have upgraded a couple of 2960G switches to 12.2.52SE and now discovered that TCP port 4786 is open on the switches.
I have looked in the document{URL}, trying to find a way to disable this function/port, but didn't find anything useful. Any way to disable this function/port?
I have a couple of Cisco 2960's sending syslog messages to a remote syslog-ng on port 514 (standard).
I need to set another Swtich so it sends traffic to the same syslog server but on another UDP port (such as 714),, is that possible,? I cannot find the option on the documentation.
I am configuring a Cat 2960 port for connecting a VOIP phone, authenticated by MAB. On connecting the phone, I get the port authenticated and assigned to the correct VLAN, with LLDP-MED advertising the correct voice vlan. However, I then see no traffic from the phone on the switch. I can see the MAC address of the phone is learned in the right VLANs, but the mac address is showing as "Drop", which normally means the address is statically configured to be blocked. There is no static mac address table blocking configured on the switch.
Switch Version
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 50 WS-C2960-48TC-L 15.0(1)SE3 C2960-LANBASEK9-M
Port configuration
interface FastEthernet0/1
description "Standard user port"
[code].....
I want to implement port-based and MAC-based in these two switches: 2960 & 3560 (both of them have this IOS version: 12.2(55)SE1). And I haven't found a way to implement both of them at the same time. This is what I got:
ip dhcp use subscriber-id client-id
ip dhcp subscriber-id interface-name
ip dhcp excluded-address 192.168.0.0 192.168.0.2
ip dhcp excluded-address 192.168.0.251 192.168.0.255
[code]....
With this configuration I can use port-based, but not MAC based. If I remove the first two lines and change the last line for this one:
address 192.168.0.7 client-id 0112.ae1d.af58.60
Then, the computer with that MAC address got the correct IP, but then the port-based doesn't work. Also, I got this line in the interface what I want to use MAC-based:
ip dhcp server use subscriber-id client-id
I am planning on deploying a 2960 switch and will need to uplink it to a 4510 switch. There are 2 TenGig Ports available and I was thinking of uplinking one of them to the 1Gb SFP port on the 2960. Would this work?
View 4 Replies View RelatedWe're going to be switching some of our gear from Foundry to Cisco, and were looking at the WS-C2960S-48TS-L. We currently have 3 different VLAN's, and I wanted to have 1 uplink back to our firewall (ASA 5550) and then let the firewall do the routing between the subnets. I realize that 1 link will carry the traffic twice then, but is that possibly with those switches to have all three vlans assigned to one port and then just let the firewall do the routing between the vlans or would I need to have 3 uplink ports back to the 5550?
View 1 Replies View RelatedI am testing 2960 24 S with storm-control and Errdisable Port timer interval 60s , connected HUB on fa0/17 to make traffic / loop.After Strom Control detection the interface goes down thats ok after 60s they will try to recover the interface and going up although the loop is still there.For my understanding if the interface detect still a loop on that interface they will disable the port again for 60s and will check again. [code]
View 7 Replies View RelatedI configured port security on my 2960 switches with the following commands: [code]
The problem is that when I should change someone's PC, first I disable port-secirity, then I clear all the mac addresses learned on the interface, then I plug the new PC and enable port-security. The new PC couldn't connect to the network and it's mac address has not be learned on the interface. Why?Which commands should I use to clear an old mac address and enable port-security with the new mac address.
i want use CACTI for monitor my bandwidth so i have a question how can i enable snmp for a switch port ? or i shoudl just enable snmp from configuratiopn terminal and then in CACTI i will choose which port will be monitor? can i do something that CACTI connect to my switch with a encryption key ? i have cisco 2960 48 port switch
View 2 Replies View Related