[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Cisco Switch Monitor port

Posted on 2006-10-31
8
Medium Priority
?
6,957 Views
Last Modified: 2008-04-15
Trying on two model's of cisco switches to get a monitoring port working.  I've found the cisco page to do this and according to it all that needs to be done is:
config mode choose the port you want to be the source port interface Fa0/1 or whatever

then choose the ports you want to monitor by:
port monitor fa0/2...

However i'm on a 3560 and the port monitor command isn't even an option at this point.  Is there something needed to turn this on first?
Thanks,
0
Comment
Question by:stamperb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 3

Expert Comment

by:ctrost
ID: 17844336
0
 
LVL 1

Author Comment

by:stamperb
ID: 17850210
OK i've got it going but when i try to add a second destination port i get:
% This platform allows a maximum of 1 monitor destination(s)

Now this is on a 4507R... I'd presume it can do more than this.
0
 
LVL 1

Author Comment

by:stamperb
ID: 17852396
Maybe the whole story would help.  I have a snort box that i want to monitor my LAN with.  My lan consists of a core 4507R and about 12 3560's.  Each of the 3560's is connected back to the 4507R via fiber.  So presumably i'd place the snort ids box on a port monitoring all the other switches and ports.  Just need to figure out how to do this.
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 
LVL 3

Expert Comment

by:ctrost
ID: 17852587
"A destination port can participate in only one SPAN session at a time. A destination port in one SPAN session cannot be a destination port for a second SPAN session."

4507R(config)#monitor session 1 source interface fastethernet 4/2
!--- This configures interface Fast Ethernet 4/2 as source port.

4507R(config)#monitor session 1 destination interface fastethernet 4/3
!--- The configures interface Fast Ethernet 0/3 as destination port.

Then try doing "monitor session 2 source" and "monitor session 2 destination".  You need different SPAN sessions for each port you want to monitor..................................... I think.


0
 
LVL 1

Author Comment

by:stamperb
ID: 17852673
So the answer is simply that I can not monitor more than 1 port at a time?  I can't hardly believe that is the case.  If this was the case how would IDS work at all in a switched environment.  I know on the HP switches you tell it what port to source and all the destination ports.  
0
 
LVL 3

Accepted Solution

by:
ctrost earned 2000 total points
ID: 17852770
?? Yes you can, just create multiple sessions like above...  then do:
show monitor session 1...or
show monitor session 2

or just show monitor session

i really believe all the information you need (informational as well as configurational) is on the link I posted above......to be honest I don't know anything more about it than you do, I'm just relaying information from that webpage as I interpret it

0
 
LVL 1

Author Comment

by:stamperb
ID: 17853388
OK well i did that for 1 session.  So basically monitoring 1 port that came from 1 of the 3560's.  I no more than turned it on before i hear people next to me saying they've lost connectivity to the exchange server and other shares.  I decided maybe this was a fluke and changed it to another one on a different floor.  Again I heard that people were having issues?  So i presume its causing some problems?  Would this really be the case?  I can't see that it would be dropping things like this for just 1 port worth of traffic?
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
Backups and Disaster RecoveryIn this post, we’ll look at strategies for backups and disaster recovery.
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question