Solved

Cisco Switch Monitor port

Posted on 2006-10-31
8
6,916 Views
Last Modified: 2008-04-15
Trying on two model's of cisco switches to get a monitoring port working.  I've found the cisco page to do this and according to it all that needs to be done is:
config mode choose the port you want to be the source port interface Fa0/1 or whatever

then choose the ports you want to monitor by:
port monitor fa0/2...

However i'm on a 3560 and the port monitor command isn't even an option at this point.  Is there something needed to turn this on first?
Thanks,
0
Comment
Question by:stamperb
  • 4
  • 3
8 Comments
 
LVL 3

Expert Comment

by:ctrost
ID: 17844336
0
 
LVL 1

Author Comment

by:stamperb
ID: 17850210
OK i've got it going but when i try to add a second destination port i get:
% This platform allows a maximum of 1 monitor destination(s)

Now this is on a 4507R... I'd presume it can do more than this.
0
 
LVL 1

Author Comment

by:stamperb
ID: 17852396
Maybe the whole story would help.  I have a snort box that i want to monitor my LAN with.  My lan consists of a core 4507R and about 12 3560's.  Each of the 3560's is connected back to the 4507R via fiber.  So presumably i'd place the snort ids box on a port monitoring all the other switches and ports.  Just need to figure out how to do this.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 3

Expert Comment

by:ctrost
ID: 17852587
"A destination port can participate in only one SPAN session at a time. A destination port in one SPAN session cannot be a destination port for a second SPAN session."

4507R(config)#monitor session 1 source interface fastethernet 4/2
!--- This configures interface Fast Ethernet 4/2 as source port.

4507R(config)#monitor session 1 destination interface fastethernet 4/3
!--- The configures interface Fast Ethernet 0/3 as destination port.

Then try doing "monitor session 2 source" and "monitor session 2 destination".  You need different SPAN sessions for each port you want to monitor..................................... I think.


0
 
LVL 1

Author Comment

by:stamperb
ID: 17852673
So the answer is simply that I can not monitor more than 1 port at a time?  I can't hardly believe that is the case.  If this was the case how would IDS work at all in a switched environment.  I know on the HP switches you tell it what port to source and all the destination ports.  
0
 
LVL 3

Accepted Solution

by:
ctrost earned 500 total points
ID: 17852770
?? Yes you can, just create multiple sessions like above...  then do:
show monitor session 1...or
show monitor session 2

or just show monitor session

i really believe all the information you need (informational as well as configurational) is on the link I posted above......to be honest I don't know anything more about it than you do, I'm just relaying information from that webpage as I interpret it

0
 
LVL 1

Author Comment

by:stamperb
ID: 17853388
OK well i did that for 1 session.  So basically monitoring 1 port that came from 1 of the 3560's.  I no more than turned it on before i hear people next to me saying they've lost connectivity to the exchange server and other shares.  I decided maybe this was a fluke and changed it to another one on a different floor.  Again I heard that people were having issues?  So i presume its causing some problems?  Would this really be the case?  I can't see that it would be dropping things like this for just 1 port worth of traffic?
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Rasberry PI is a low cost piece of hardware that you can have a lot of fun with through experimenting and building/working on projects like media players, running a low cost computer, build data loggers etc. - see: https://www.raspberrypi.org
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question