Solved

How to span ports on Cisco 2948L3 switch?

Posted on 2006-06-15
3
610 Views
Last Modified: 2010-05-19
Don't know if span ports is the correct term for what I need to do.

Firewall is connected to Port x on the firewall.
I'm going to install a web monitoring software package on Server 2.  Server 2 is connected to Port y on the switch.

For things to work I need all traffic to and from the firewall to be visible by Server 2.  The software documentation says to span the ports so traffic on Port x is also transmitted on Port y.  If I had a hub instead of a switch then this step wouldn't be necessary--but who wants a hub for a backbone.

I could connect a hub to Port x and connect the firewall to the hub as well as NIC2 on Server 2, but I'd rather use the capabilities of the switch to do this instead.

How do I do that?  If there is a better way to do it other than spanning ports I'm open to that as well.  If it makes it easier I can bring a second NIC in server 2 online.

Here are the results from "show version":
Cisco Internetwork Operating System Software
IOS (tm) L3 Switch/Router Software (CAT2948G-IN-M), Version 12.0(7)WX5(15a)  RELEASE SOFTWARE
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Thu 06-Jan-00 18:31 by integ
Image text-base: 0x60010928, data-base: 0x605A0000

ROM: System Bootstrap, Version 12.0(7)W5(15) RELEASE SOFTWARE

Switch uptime is 21 weeks, 6 days, 20 hours, 10 minutes
System restarted by power-on at 13:38:45 eastern Thu Jan 12 2006
System image file is "bootflash:cat2948g-in-mz.120-7.WX5.15a.bin"

cisco Cat2948G (R5000) processor with 57344K/8192K bytes of memory.
R5000 processor, Implementation 35, Revision 2.1
Last reset from power-on
48 FastEthernet/IEEE 802.3 interface(s)
2 Gigabit Ethernet/IEEE 802.3z interface(s)
121K bytes of non-volatile configuration memory.
16384K bytes of processor board Boot flash (Read/Write)

Configuration register is 0x2142


Here are the results for a "show running":
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname switch
!
enable secret 5 $1$sk.f$FB/vUTKhiY07B5MFAhyfR/
enable password duh
!
clock timezone eastern -4
sdm size ipx-bvi-network 32
sdm size ip-adjacency 2048
sdm size ipx-node 2048
sdm size ip-prefix 8192
sdm size ipx-network 6144
sdm size ip-mcast 3072
sdm size udp-flooding 256
sdm size l2-switching 1024
sdm autolearn
ip subnet-zero
ip multicast-routing
bridge irb
!
!
!
interface FastEthernet1
 no ip address
 no ip directed-broadcast
 no ip mroute-cache
 bridge-group 1

<Interface FE2 to 47 is skipped>

interface FastEthernet48
 no ip address
 no ip directed-broadcast
 no ip mroute-cache
 bridge-group 1
!
interface GigabitEthernet49
 no ip address
 no ip directed-broadcast
 shutdown
!
interface GigabitEthernet50
 no ip address
 no ip directed-broadcast
 shutdown

!
interface BVI1
 ip address 10.55.5.2 255.255.255.0
 no ip directed-broadcast
 no ip route-cache cef
!
ip classless
!
bridge 1 protocol ieee
 bridge 1 route ip
bridge 1 priority 1
!
line con 0
 transport input none
line aux 0
line vty 0 4
 password blah
 login


Thanks for the help


0
Comment
Question by:averyb
3 Comments
 
LVL 9

Accepted Solution

by:
stressedout2004 earned 500 total points
Comment Utility
Unfortunately, SPAN a.k.a port snooping is not supported on 2948G-L3 and I don't know of any other option other than port SPAN to mirror the traffic from port x to port y. I believe your better off with just connecting a hub on port x. Maybe the other folks have better ideas.
0
 
LVL 28

Expert Comment

by:mikebernhardt
Comment Utility
It appears that stressedout2004 is correct. It's probably about the only Cisco switch that doesn't support it! Either use a hub, or buy a different switch.
0
 
LVL 4

Author Comment

by:averyb
Comment Utility
Not the answer I wanted to hear, but still an answer.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now