Solved

ASA Switch Port Mirroring - bandwidth monitoring

Posted on 2008-10-03
6
7,216 Views
Last Modified: 2013-11-16
I have a Cisco 5505 that I am hoping allows for port mirroring on the built in switch ports. Do you know if this is possible? And if so, how is it configured?

Basically I am attempting to monitor the bandwidth on my network since the inbound traffic is pegging out multiple times a day. I know that that ASA shows yo ua graph of the inbound outbound traffic but I am hoping to locate the specific peers that are causing this headache for me. Thanks in advance for all your help
0
Comment
Question by:bacchus1106
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 4

Expert Comment

by:TNL_Engr
ID: 22635493
The ASA 5505 includes a built-in packet capture utility.  
Open the ASDM
Go to "Wizards", "Packet Capture Wizard"

Run through the wizard to begin capturing packets on whichever interface you are interested in.  These captures can then be saved and reviewed using various analyzer utilities (Wireshark is a good choice.)
0
 

Author Comment

by:bacchus1106
ID: 22635629
I checked and all I see is the Packet Tracer. Under Wizards the only ones I have are:
Startup Wizard
VPN Wizard
High Availablity and Scalability Wizard


Am I not looking in the right place?
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 500 total points
ID: 22636633
Yes, it is possible but none of the other users even touched on it.
The command to setup a port mirror is:
switchport monitor {source interface} {tx, rx, or both}
This sets up the specified port to mirror traffic on a port, ports, or all traffic on the backplane.
Here is the Cisco documentation for this command:
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1411559
It is basically the same thing as a SPAN session on a switch.
Cheers!
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 4

Expert Comment

by:TNL_Engr
ID: 22637319
You may need to upgrade to a newer version.  I'm running ASDM ver 6.0, and ASA ver 8.0(3).
Using the wizard is much easier, and allows for you to specify ingress and egress ports if you can upgrade.  Here is a sample of what the CLI looks like:

! inside
! Capture ip protocol traffic between 192.168.4.30 255.255.255.255 and 0.0.0.0 0.0.0.0.
access-list asdm_cap_selector_inside permit ip  192.168.4.30 255.255.255.255 0.0.0.0 0.0.0.0
access-list asdm_cap_selector_inside permit ip  0.0.0.0 0.0.0.0 192.168.4.30 255.255.255.255

! Apply ingress  capture on the inside interface.
capture asdm_cap_inside packet-length 1522 buffer 524288 access-list asdm_cap_selector_inside
capture asdm_cap_inside interface inside


! MPLS
! Capture ip protocol traffic between 192.168.4.30 255.255.255.255 and 0.0.0.0 0.0.0.0.
access-list asdm_cap_selector_MPLS permit ip  192.168.4.30 255.255.255.255 0.0.0.0 0.0.0.0
access-list asdm_cap_selector_MPLS permit ip  0.0.0.0 0.0.0.0 192.168.4.30 255.255.255.255

! Apply egress  capture on the MPLS interface.
capture asdm_cap_MPLS packet-length 1522 buffer 524288 access-list asdm_cap_selector_MPLS
capture asdm_cap_MPLS interface MPLS

0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22637389
Another thing you can do is just install and setup WireShark - it is a very good free packet capture tool that can analyze and graph the traffic, sources, types, destinations, you name it.
http://www.wireshark.org/
Cheers!
0
 

Author Comment

by:bacchus1106
ID: 22893277
Thanks for the input. The switch port monitor was exactly what I needed.
0

Featured Post

IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question