• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 147
  • Last Modified:

secure a cat switch 2950

hi i am currently configuring my switch but i also found this link:


the configs i am specifically interested in are:

switch port analyser (span)

span ports allow you to send all the traffic from other ports out to a designated port.  this is normally configured if you need to either place a standard packet sniffer on the designated port or an ids/ips - intrusion detection system & intrusion prevention system - ok .

(config)# monitor session 1 source interface fastethernet 0/1 - 20 both
(config)# monitor session 1 destination interface fastethernet 0/24

storm control

storm control allows you to configure actions at a port level based on overall traffic levels seen per port seen by the switch.  below gives you an example based upon port shutdown should the total throughput of traffic be broadcast based.

(config-if) storm-control action shutdown
(config-if) storm-control broadcast level 70

i have input part of the above commands and they appear to be available on my switch.

question 1. which ports or when should i add these configs above  ?
2 Solutions
monitor session 1 source interface fastethernet 0/1

Open in new window

if you want monitor port 1

Add more if you want to monitor more ports

monitor session 1 source interface fastethernet 0/2

Open in new window

(etc etc etc, add as many as you like, or add none, if that's what you need)

These ports should be in use by a PC or something.

The use this command:
monitor session 1 destination interface fastethernet 0/24

Open in new window

On port 24, connect your laptop/pc etc (it will probably have no internet, just incoming packets from all those ports you specified before). Your NIC can have any IP, Wireshark will still display only packets from the ports you specified earlier.
Understanding Storm Control
Understanding Traffic Storm Control

A traffic storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. The traffic storm control feature prevents LAN ports from being disrupted by a broadcast, multicast, or unicast traffic storm on physical interfaces.

Traffic storm control (also called traffic suppression) monitors incoming traffic levels over a 1-second traffic storm control interval, and during the interval it compares the traffic level with the traffic storm control level that you configure. The traffic storm control level is a percentage of the total available bandwidth of the port. Each port has a single traffic storm control level that is used for all types of traffic (broadcast, multicast, and unicast).

Brief Description of SPAN

What is SPAN and why is it needed? The SPAN feature was introduced on switches because of a fundamental difference that switches have with hubs. When a hub receives a packet on one port, the hub sends out a copy of that packet on all ports except on the one where the hub received the packet. After a switch boots, it starts to build up a Layer 2 forwarding table on the basis of the source MAC address of the different packets that the switch receives. After this forwarding table is built, the switch forwards traffic that is destined for a MAC address directly to the corresponding port.

For example, if you want to capture Ethernet traffic that is sent by host A to host B, and both are connected to a hub, just attach a sniffer to this hub. All other ports see the traffic between hosts A and B:

On a switch, after the host B MAC address is learned, unicast traffic from A to B is only forwarded to the B port. Therefore, the sniffer does not see this traffic:

In this configuration, the sniffer only captures traffic that is flooded to all ports

An extra feature is necessary that artificially copies unicast packets that host A sends to the sniffer port:

SPAN is useful in Intrusion Detection scenarios, and very occasionally in troubleshooting.
mikey250Author Commented:
thanks for the advice given around those specific 2 questions.  much appreciated.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now