Solved

how to configure port mirroring on a cisco 2950

Posted on 2006-10-26
7
921 Views
Last Modified: 2011-10-03
Hello,

I am evaluating surfcontrol software on a windows 2003 server with sp1. The server is a member server and has 2 nics. 1 for blocking and the other for destination. In order for surfcontrol to work I configured 2 ports on a cisco 2950 switch for port mirroring. Surfcontrol does not work. So i am going back to the company today and calling surfcontrol tech support. I want to make sure that i`ve configured the switch well.
This is how i configured it:

config t
monitor session 1 source interface fastethernet 0/24
monitor session 1 destination interface fastethernet 0/23
show monitor session 1
Source Ports:
    RX Only:       None
        TX Only:       None
        Both:          Fa0/24
Destination Ports: Fa0/23

copy runn start
 Are my configs ok?

Many thanks,
Tacobell2000


0
Comment
Question by:Tacobell2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17812069
Yeah, that looks correct.

Just make sure that fa0/24 is the port that goes out to your firewall if you have one and 0/23 is the port connected to your machine.

Cheers,
Rajesh
0
 

Author Comment

by:Tacobell2000
ID: 17812331
fa 0/24 is the source port and that is connected to 1 of the nics on the surfcontrol server. fa 0/23 is connected to the 2nd nic on the surfcontrol server. The firewall is connected to fa 0/16 on the same switch.
Am i doing this correctly,

Tacobell2000
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 500 total points
ID: 17813199
No, the idea is to make the packets reach the surfcontrol server and have it processed. So all the outgoing packets will be going to the firewall which is fa0/16.

So you need to mirror all the traffic from fa0/16 to 0/23

By the way this will enable you to monitor the traffic but not really control it. You'll get a feel of how it works. If you want it to be doing its job, you need to make the traffic pass through the surfcontrol server or have your firewall configured for web filtering and point the web filter server's address in the firewall. This way the firewall will first consult with the surfcontrol server before it allows any http traffic. What kinda firewall ?

Cheers,
Rajesh
0
Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

 

Author Comment

by:Tacobell2000
ID: 17813501
It is a a 2600 cisco router.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17813567
That doesn't support what we are looking for, so you'll have to route it through the surfcontrol server itself. Just configure the span as I mentioned and call the support person.

Cheers,
Rajesh.
0
 

Author Comment

by:Tacobell2000
ID: 17813625
Thank you very much!
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17813650
Thanks.

Cheers,
Rajesh
0

Featured Post

What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This program is used to assist in finding and resolving common problems with wireless connections.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question