Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

how to configure port mirroring on a cisco 2950

Posted on 2006-10-26
7
Medium Priority
?
926 Views
Last Modified: 2011-10-03
Hello,

I am evaluating surfcontrol software on a windows 2003 server with sp1. The server is a member server and has 2 nics. 1 for blocking and the other for destination. In order for surfcontrol to work I configured 2 ports on a cisco 2950 switch for port mirroring. Surfcontrol does not work. So i am going back to the company today and calling surfcontrol tech support. I want to make sure that i`ve configured the switch well.
This is how i configured it:

config t
monitor session 1 source interface fastethernet 0/24
monitor session 1 destination interface fastethernet 0/23
show monitor session 1
Source Ports:
    RX Only:       None
        TX Only:       None
        Both:          Fa0/24
Destination Ports: Fa0/23

copy runn start
 Are my configs ok?

Many thanks,
Tacobell2000


0
Comment
Question by:Tacobell2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17812069
Yeah, that looks correct.

Just make sure that fa0/24 is the port that goes out to your firewall if you have one and 0/23 is the port connected to your machine.

Cheers,
Rajesh
0
 

Author Comment

by:Tacobell2000
ID: 17812331
fa 0/24 is the source port and that is connected to 1 of the nics on the surfcontrol server. fa 0/23 is connected to the 2nd nic on the surfcontrol server. The firewall is connected to fa 0/16 on the same switch.
Am i doing this correctly,

Tacobell2000
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 2000 total points
ID: 17813199
No, the idea is to make the packets reach the surfcontrol server and have it processed. So all the outgoing packets will be going to the firewall which is fa0/16.

So you need to mirror all the traffic from fa0/16 to 0/23

By the way this will enable you to monitor the traffic but not really control it. You'll get a feel of how it works. If you want it to be doing its job, you need to make the traffic pass through the surfcontrol server or have your firewall configured for web filtering and point the web filter server's address in the firewall. This way the firewall will first consult with the surfcontrol server before it allows any http traffic. What kinda firewall ?

Cheers,
Rajesh
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 

Author Comment

by:Tacobell2000
ID: 17813501
It is a a 2600 cisco router.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17813567
That doesn't support what we are looking for, so you'll have to route it through the surfcontrol server itself. Just configure the span as I mentioned and call the support person.

Cheers,
Rajesh.
0
 

Author Comment

by:Tacobell2000
ID: 17813625
Thank you very much!
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17813650
Thanks.

Cheers,
Rajesh
0

Featured Post

Enroll in September's Course of the Month

This month’s featured course covers 16 hours of training in installation, management, and deployment of VMware vSphere virtualization environments. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question