?
Solved

Cisco Switch Monitor port

Posted on 2006-10-31
8
Medium Priority
?
6,947 Views
Last Modified: 2008-04-15
Trying on two model's of cisco switches to get a monitoring port working.  I've found the cisco page to do this and according to it all that needs to be done is:
config mode choose the port you want to be the source port interface Fa0/1 or whatever

then choose the ports you want to monitor by:
port monitor fa0/2...

However i'm on a 3560 and the port monitor command isn't even an option at this point.  Is there something needed to turn this on first?
Thanks,
0
Comment
Question by:stamperb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 3

Expert Comment

by:ctrost
ID: 17844336
0
 
LVL 1

Author Comment

by:stamperb
ID: 17850210
OK i've got it going but when i try to add a second destination port i get:
% This platform allows a maximum of 1 monitor destination(s)

Now this is on a 4507R... I'd presume it can do more than this.
0
 
LVL 1

Author Comment

by:stamperb
ID: 17852396
Maybe the whole story would help.  I have a snort box that i want to monitor my LAN with.  My lan consists of a core 4507R and about 12 3560's.  Each of the 3560's is connected back to the 4507R via fiber.  So presumably i'd place the snort ids box on a port monitoring all the other switches and ports.  Just need to figure out how to do this.
0
What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

 
LVL 3

Expert Comment

by:ctrost
ID: 17852587
"A destination port can participate in only one SPAN session at a time. A destination port in one SPAN session cannot be a destination port for a second SPAN session."

4507R(config)#monitor session 1 source interface fastethernet 4/2
!--- This configures interface Fast Ethernet 4/2 as source port.

4507R(config)#monitor session 1 destination interface fastethernet 4/3
!--- The configures interface Fast Ethernet 0/3 as destination port.

Then try doing "monitor session 2 source" and "monitor session 2 destination".  You need different SPAN sessions for each port you want to monitor..................................... I think.


0
 
LVL 1

Author Comment

by:stamperb
ID: 17852673
So the answer is simply that I can not monitor more than 1 port at a time?  I can't hardly believe that is the case.  If this was the case how would IDS work at all in a switched environment.  I know on the HP switches you tell it what port to source and all the destination ports.  
0
 
LVL 3

Accepted Solution

by:
ctrost earned 2000 total points
ID: 17852770
?? Yes you can, just create multiple sessions like above...  then do:
show monitor session 1...or
show monitor session 2

or just show monitor session

i really believe all the information you need (informational as well as configurational) is on the link I posted above......to be honest I don't know anything more about it than you do, I'm just relaying information from that webpage as I interpret it

0
 
LVL 1

Author Comment

by:stamperb
ID: 17853388
OK well i did that for 1 session.  So basically monitoring 1 port that came from 1 of the 3560's.  I no more than turned it on before i hear people next to me saying they've lost connectivity to the exchange server and other shares.  I decided maybe this was a fluke and changed it to another one on a different floor.  Again I heard that people were having issues?  So i presume its causing some problems?  Would this really be the case?  I can't see that it would be dropping things like this for just 1 port worth of traffic?
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Moving your enterprise fax infrastructure from in-house fax machines and servers to the cloud makes sense — from both an efficiency and productivity standpoint. But does migrating to a cloud fax solution mean you will no longer be able to send or re…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question