Port mirroring on a Catalyst 6513

I am setting up Surf Control within out network and have been told to mirror a port. I setup the mirror using the command: set span source_port destination_port.

The SPAN looks to be fine.

Destination     : Port */**
Admin Source    : Port #/##
Oper Source     : Port #/##
Direction       : transmit/receive
Incoming Packets: disabled
Learning        : enabled
Multicast       : enabled
Filter          : -
Status          : active

 My questions are:

Do the destination port and source port have to be in the same vlan. If yes, does the IP address of the destination port device, have to be the same as that of source port device?

I want Surf Control to have a transparent solution, so the users do not have to worry about username or password, an I do not want user to have to type in a proxy address.
slugeramaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

giltjrCommented:
Umm, I am not sure what port mirroring and suft control have to do with each other.

Port morring will cause a copy of all packets that are to/from the source port to be sent to the destination port.  This is done transparently.

Surf controll will NOT be able to be used as a proxy if it is connected to the destination off the mirror port.

I do not belevie that surf control can be used as a transparent proxy, you will need to have to update the browser to point to the proxy server.

Typical setup:

  desktop PC <-- switch ---> Proxy <--switch---> Internet Router

what you seem be be wanting

  desktop PC <-- Switch --> Internet
                          /\
                           |   Transparent copies of data
                           |
                          \/
                       Surf Control
0
mikebernhardtCommented:
You can use a protocol called WCCP to redirect http traffic to surf control and then have it fed back to the 6513. That is done at Layer 3 though, not in Cat OS, either in the MSFC or using Native code:
http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a008020211d.html
0
FrabbleCommented:
The source port will need to be passing the web traffic you wish to monitor.
The Surf Control machine will need network access, so yes, the VLAN of the destination port it plugs into needs to be the same as the source port and the machine should have its own IP address in the network for that VLAN. You also need to allow incoming packets.

You should consider that you're limited to one (two?) SPAN like this and will prevent you from using it for diagnostic purposes.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

slugeramaAuthor Commented:
Frabble:

I tried your suggestion of allowing incoming packets:
set span source_port destination_port inpkts enabled

What I noticed after this was a message talking about SPAN LOOPING and that the source port actually became the destination port and the destination port became the source port. I quickly disabled the span and found out that the internet was no longer available for about a minute but then came back online. I was very worried for a while, so I feel I may have been required to do something before enabling incoming packets.

The SPAN is no longer configured on the switch at the moment, so I am bacl to square one. Should I have disabled the SPAN then configured it again with the above command?
0
mikebernhardtCommented:
If the little picture that giltjr drew is what you want, you really should check out WCCP as I suggested earlier. It does exactly that, allowing Surf control to be transparent.
0
giltjrCommented:
I done some reading on WCCP and mikebernhardt is 100% correct.  If you want my diagram, then WCCP is the way to go.
0
FrabbleCommented:
Apologies slugerama, I thought the SurfControl machine did the monitoring and blocking on the same interface.

Did some further research and found this:
http://www.surfcontrol.com/uploadedfiles/Best_Practices_Guide_SWF.pdf

As it says, you use two network cards on the machine. One is used for monitoring your internet bound traffic on the inside and will connect to the destination SPAN port, the other is for access/control and connects to another switch port.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FrabbleCommented:
Should have also said the the SPAN configuration is as you have posted above.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.