Problems Using Port Spanning on Cisco 3550

Posted on 2005-05-06
Last Modified: 2008-01-09
Hi All,

I have purchased a copy of Network Instruments Observer suite, but am having problems with my port spanning on my Catalyst 3550.

Here's my set up.

In the server room, we have a 24 Port Catalyst 3550 which is our core switch, all the servers and other switches are linked through this one.

I have a cable patched into Port 1 on the switch to my machine down here, which has a Network Instruments PCMCIA card in (promiscuous)

If want to port span one of the ports to monitor it and send the traffic through to this port I am entering the following (Port 16 is the example in this)

CATALYST_9#conf t
CATALYST_9(config)#monitor session 1 source interface Fa0/16
CATALYST_9(config)#monitor session 1 destination interface Fa0/1
CATALYST_9#show monitor session 1

Session 1
Type              : Local Session
Source Ports      :
    Both          : Fa0/16
Destination Ports : Fa0/1
    Encapsulation : Native
          Ingress: Disabled

So all looks OK, but as soon as I make these changes, it effectively disables the PCMCIA card connection that is plugged into Port 1

How do I stop this? I can't even ping anything, to get my connection back I have to hyperterminal in from another machine and remove the monitor ports.

Many Thanks
Question by:A4eIT
    LVL 43

    Assisted Solution

    This is normal operation.  The destination SPAN port on the switch does not receive traffic.  You must have two network cards in the "destination" machine if you want it to also act as a "normal" network host.  One card dedicated to the SPAN traffic, the other card acting as your regular network connection.
    LVL 79

    Assisted Solution

    My good friend JFrederick29 is correct. This is normal behavior. Notice the "Ingress:Disabled" that means no packets from your PC will be allowed in the span port. It is now a one-way port. Your Observer application will work just fine if you fire it up, you'll see all the traffic that you have mirrored to it.

    Author Comment

    Thanks for the replies guys, The problem still exists when I've got the secondary network card running on the same network as my regular network connection.

    But as soon as I enable the promiscuous card, it cuts off all my network traffic!! what could be causing that?

    For example, I have a continuous ping to one of the fileservers using the regular connection, but the moment I connect my promiscuous card it starts timing out.
    LVL 10

    Assisted Solution

    enable ingress traffic on port fa0/1
    LVL 79

    Accepted Solution

    ingress traffic on a destination port is not supported on the 3550:

    "When you configure a switch port as a SPAN destination port, it is no longer a normal switch port; only monitored traffic passes through the SPAN destination port. "

    It just does not make sense to me that if you have network access with NIC#1 plugged into switch port 0/X and you enable NIC#2 in promiscuous mode that is plugged into port 0/1, that NIC#1 will stop functioning..


    Author Comment


    Anyone else know why this would be cutting off all my other network connections? It doesn't make sense!
    LVL 10

    Assisted Solution

    Just a suggestion: strip the TCP/IP Protocol and all related driver enhancements off of the PCMCIA NIC so that it is not participating in the local machine's networking.  The promiscuous mode driver will still allow the NIC to capture traffic.  If that fails, I'd say that you have an application/configuration issue -- I do not have any experience with Observer (besides a trial version I toyed with many moons ago) so I'm not quite sure what configuration parameters there are, but it sounds like its grabbing more control than it should.

    What is your hardware and OS that you are running Observer on?

    Author Comment

    I just tried that but it won't capture any traffic that's not TCP/IP (almost everything) :O(

    It's running on my  HP Compaq NC6000 running Windows XP SP2
    LVL 7

    Assisted Solution

    make sure that the promiscuous/listening nic doesn't have a default route in it's ip stack configured.

    SP2? personal firewall disabled?

    This might help:


    Author Comment

    Hi guys, turns out my machine was locking up, as 512MB wasn't enough to handle it

    Author Comment


    I am closing this on behhalf of my colleauge.

    I have split the points fairly between all respondents with a slight bias towards lrmoore for the most feedback.

    Thanks again.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Suggested Solutions

    Title # Comments Views Activity
    Cisco UC520 Call Transfer Issue 7 62
    Systems Enngineer 8 50
    Command - show interface status 3 34
    pfSense IP Helper 4 24
    Article by: IanTh
    Hi Guys After a whole weekend getting wake on lan over the internet working, I thought I would share the experience. Your firewall has to have a port forward for port 9 udp to your local broadcast x.x.x.255 but if that doesnt work, do it to a …
    Let’s list some of the technologies that enable smooth teleworking. 
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now