Solved

Cisco Switch Monitor port

Posted on 2006-10-31
8
6,913 Views
Last Modified: 2008-04-15
Trying on two model's of cisco switches to get a monitoring port working.  I've found the cisco page to do this and according to it all that needs to be done is:
config mode choose the port you want to be the source port interface Fa0/1 or whatever

then choose the ports you want to monitor by:
port monitor fa0/2...

However i'm on a 3560 and the port monitor command isn't even an option at this point.  Is there something needed to turn this on first?
Thanks,
0
Comment
Question by:stamperb
  • 4
  • 3
8 Comments
 
LVL 3

Expert Comment

by:ctrost
ID: 17844336
0
 
LVL 1

Author Comment

by:stamperb
ID: 17850210
OK i've got it going but when i try to add a second destination port i get:
% This platform allows a maximum of 1 monitor destination(s)

Now this is on a 4507R... I'd presume it can do more than this.
0
 
LVL 1

Author Comment

by:stamperb
ID: 17852396
Maybe the whole story would help.  I have a snort box that i want to monitor my LAN with.  My lan consists of a core 4507R and about 12 3560's.  Each of the 3560's is connected back to the 4507R via fiber.  So presumably i'd place the snort ids box on a port monitoring all the other switches and ports.  Just need to figure out how to do this.
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 3

Expert Comment

by:ctrost
ID: 17852587
"A destination port can participate in only one SPAN session at a time. A destination port in one SPAN session cannot be a destination port for a second SPAN session."

4507R(config)#monitor session 1 source interface fastethernet 4/2
!--- This configures interface Fast Ethernet 4/2 as source port.

4507R(config)#monitor session 1 destination interface fastethernet 4/3
!--- The configures interface Fast Ethernet 0/3 as destination port.

Then try doing "monitor session 2 source" and "monitor session 2 destination".  You need different SPAN sessions for each port you want to monitor..................................... I think.


0
 
LVL 1

Author Comment

by:stamperb
ID: 17852673
So the answer is simply that I can not monitor more than 1 port at a time?  I can't hardly believe that is the case.  If this was the case how would IDS work at all in a switched environment.  I know on the HP switches you tell it what port to source and all the destination ports.  
0
 
LVL 3

Accepted Solution

by:
ctrost earned 500 total points
ID: 17852770
?? Yes you can, just create multiple sessions like above...  then do:
show monitor session 1...or
show monitor session 2

or just show monitor session

i really believe all the information you need (informational as well as configurational) is on the link I posted above......to be honest I don't know anything more about it than you do, I'm just relaying information from that webpage as I interpret it

0
 
LVL 1

Author Comment

by:stamperb
ID: 17853388
OK well i did that for 1 session.  So basically monitoring 1 port that came from 1 of the 3560's.  I no more than turned it on before i hear people next to me saying they've lost connectivity to the exchange server and other shares.  I decided maybe this was a fluke and changed it to another one on a different floor.  Again I heard that people were having issues?  So i presume its causing some problems?  Would this really be the case?  I can't see that it would be dropping things like this for just 1 port worth of traffic?
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Power to 2.5 inch hard disk 3 50
compact flash card Type II 2 62
Car computer reset 4 86
RAID, not sure what Type ?? 14 127
In this article we have discussed the manual scenarios to recover data from Windows 10 through some backup and recovery tools which are offered by it.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now