Cisco WAN :: C3750 - Mirror Switch Port Traffic To Remote Host IP Address?
May 31, 2013
Is there any way to Mirror a CISCO C3750 Switch Port Taffic to a remote Host IP Address?I know Port Mirror (SPAN/RSPAN) can copy one Interface Packet to another Interface. But I am looking for a way to miror Switch Port Packets to a remote Host (having Public IP Address and running Wirehark). Is it possible?
I have couple C2960G and C3750. Is there any way to filter (on ingress port) type of traffic? I would like to allow IP only, and discard (i.e.) IPX, or other garbage, that any device can produce.I have tried to find something about this, but only thing I have found is feature : protocol filter, which doesn't seems to be working on my hardware.
I have a VMware workstation on my host computer (windows 7) and the VMware workstation has a virtual machine (windows 7) on the host. We were trying to allow internet access only to the Virtual machine, i.e. to minimize exposure of the host to the internet. I tried to use Vlan Access Control list with MAC ACL to deny the host virtual machine from accessing the internet and allow all other traffic including the virtual machine. The configuration works for some time and after some time when the virtual machine continously pings the c3750 switch (wher the VACL is implemented), the host also pings the c3750 switch and re-establishes connection with the internet. But when we configured the c3750 switch to deny the VM and allow all other traffic, it works fine. It seems like the host automatically finds a way to get arround the VACL.
I have a game launcher who do not want to update because:"The system is unable to connect to the update server url... The Windows operating system has a proxy redirecting port 80 to your local machine port 8877.If you have a real proxy, make sure it is configured to allow port 80 .NET remoting traffic. If you do not have a proxy, you may have leftover problems from malware in which case you will have to disable the proxy on your machine."i have made many tests and i have no malware and no proxy! so as the error message says, the problem is because the port 80 is not allowed .NET remoting traffic, how do i allow it ?
I have a host that can successfully connect to a PIX 515E (7.x OS) via VPN Client; however, I have no IP routing to the LAN from the remote host.The VPN IP pool works finem,The LAN default gateway is the inside interface on the PIX; the network is flat L2 behind it.The default route on the PIX points out; no other routes are defined,The VPN remote host can be pinged from LAN hosts, but the VPN remote host cannot ping any LAN host, not even the PIX inside interface.
I just aquired a DGS-1224T and can't figure out how to port mirror all ports. Any utility for download? Web interface is limited on port mirror. possibly an additional utility? Manual looks much different than web interface, makes me think they have a configuration utility but I can't find a download link.
I'm fairly new to Cisco products am in the process of developing my network knowledge on a deeper level. I have a 3825 with a HWIC-4ESW and I'm struggling to fully understand how the two "see" each other. I've setup a V LAN with a layer 3 address on the HWIC and added the switch ports to it. This seemed to allow devices connected to the switch ports to talk to the built-in router ports. I thought this was all making sense until i applied an access-list to the router port. It's a simple ACL i'm just using for testing and the only thing it does is blocks telnet from anywhere. I know the ACL is setup properly because if I connect a device directly to the router port i cannot telnet to the port. However, if i connect a device to one of the switch ports, i am able to telnet to the router port successfully.
It seems that I'm missing something with how traffic flows from the switch port to the router ports and how the two "see" each other.
We have a ME6524 running as a MPLS P router. We want to mirror a port to capture a specific traffic stream (to a probe). As the port is an MPLS LDP port will this work, will both the VACL and SPAN work with MPLS tagged packets, or does the mirror and VACL work after the labels have been removed..?
I'm searching for a managed switch that allows me to not only mirror a port/ports, but also to still use the destination port for the mirrors as a link to the internet/the rest of the network. Aside from this, I still need the VLAN functionality of good switches, and ideally PoE provided, too.
I have seen the majority of the features of this in the NETGEAR GS108E (http:url...), but this doesn't provide PoE to the ports and also requires Windows to log into.Is this a feature of many switches? I can think of many snooping applications where it would be incredibly useful.
I have site to site vpn between cisco asa and cisco 2911 router.asa is static ip and cisco 2911 side is dynamic ip. my site to site vpn is working fine. I am just trying to make PAT over the vpn means i want forward one ip in my public pool to one of my local ip in the cisco 2911 side.
How do I monitor the traffic passing each individual ports on a Cisco SLM2048 Gigabit smart switch.This switch is the core where other switches connects to.I wanted to know which ports carries the most traffic and probably apply some changes.
We want design a topology based on transparent proxies using WCCP. Our proxies can do spoofing of user ip addresses. So, the HTTP request will go out our network with the user ip address as source ip. The HTTP Response will arrive with destination address the user ip address. We want use WCCP to redirect inbound and outbound traffic because we have c3750 with L2 WCCP support. The outbound redirection, when the packet is going out our network is simple. But, the problem is the inbound redirection. How we redirect this packets to proxies by WCCP?. Is it possible?. This redirection is done by c3750 using TCAMs/hardware?. Our throughput could grow until 2-3Gbps and we are worried about the performance.
We have c3750s running NAC 4.8. Occassionally, a workstation will flap between the untrusted and trusted vlans. We updated the NIC drivers on the workstation, we verified SNMP was functioning correctly on the switch, and we allowed the phones to act as the pass-through between the workstation and the switch. What could cause the workstation IP Address to not redirect to a TRUSTED VLAN from the NAC_UNTRUST VLAN? All updates have been downloaded to the workstation.
we have coonection between c3750 and wlc 5508 and it shows that mac address flaps between two interfaces of c3750. [code] two ports are trunking and one port is for management purposes and the other port is for the all other vlans. But it shows that it flaps always. And i think WLC uses one mac address for all device and not for port specific and that causes problem.
We are deploying the ISE MAC address authentication by-pass (mab) feature in our network as an alternative to port security on the switch port. Works well except for certain devices e.g. printers, snmp modules, and Unix/Linux Operating systems which can range from 5-10 minutes to never in authentication/opening the port.
There 's a Cisco IP phone that sits between a PC and the switch port. On the switch port, no MAC address is learned. However, the switch is able to detect the IP phone and deliver power to it: [code] Switch is Catalyst 3750 with IOS version 12.2(58)SE1.
Problem is that at some C65K I have directly connected Unix servers and the don't show MAC address at port, and same has happened at 3560 switched where I have too Unix based equipments connected. When use show mac-address interface XXXX, nothis appears at port and tested them with other equipments that worked fine.
I am experiencing a problem on a Catalyst 4510 (cat4500-ipbasek9-mz.122-53.SG.bin) with 802.1x configured. Client PCs are connected via a mini desktop switch to a Cat 4510 switched port in multi-auth mode. The configuration of the port follows:
!interface GigabitEthernet2/34 switchport mode access ip arp inspection limit rate 30 authentication host-mode multi-auth authentication port-control auto authentication periodic authentication timer reauthenticate server dot1x pae authenticator dot1x timeout tx-period 5 dot1x max-reauth-req 6 spanning-tree portfast ip verify source vlan dhcp-snoopingend
It happens from time to time that the Cat 4510 port stops passing traffic. Reconnecting the mini switch recovers the communication. Client PCs connected to the mini switch seem to be authorized at the moment when the problem occures. The RADIUS Termination-Action attribute is set to RADIUS-Request. The problem is not present if "authentication periodic" is disabled.
We have several of these WS-C2960S-24PS-L running 12.2(55)SE5 C2960S-universalK9-M and need to upgrade to a better.IOS since we have a sitution where CPU would get to 100% but we have only a few ports connected.Also we have several of WS-C3750-48P running 12.2(55) SE6 C3750-IPBASEK9-M.
I volunteer at a school who just purchased two 48 port SGE2010 managed switches. I am not a big fan of the web gui and was hoping to see the standard Cisco command prompt instead of the menu-type interface.
Is there a way to view the MAC table showing which MAC address is plugged into which port on the switch? I have been fighting with the menu and the gui for a while now and do not see this anywhere.
Our client having one c3750 with ipbase license switch.They are connected server and end switches to that switch.Our customer want to increase the speed to accessing the server at that time I am told to use etherchannel.Customer happy about this and implement the etherchannel configuration.Now i need to configure etherchannel upto 4 physical link.server are connected on port no Ge1/0/10,they want to bind four phical link GE1/0/10-13.how to configure etherchannel in this switch?