Solved

Setup SPAN to monitor DMZ traffic

Posted on 2016-09-08
2
61 Views
Last Modified: 2016-10-12
Our security recently setup a palo alto and it also was configured as DMZ connecting to a Catalyst 2960S. I was asked to configure SPAN on a port to monitor a port channel.
!
interface port-channel 10
!
interface g0/23
switchport mode trunk
channel-group 10
!
interface g0/24
switchport mode trunk
channel-group 10

Could someone please comment on my command to configure SPAN below? Did I miss anything?
source port: port-channel 10
destination port: G0/4

Switch(config-if)#interface g0/4
Switch(config-if)#port monitor port-channel 10

Thanks!
0
Comment
Question by:techy98
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 14

Accepted Solution

by:
SIM50 earned 500 total points
ID: 41790146
monitor session 1 source interface po10
monitor session 1 destination interface gig0/4 encap dot1q

to clear:
no monitor session 1
0
 

Author Comment

by:techy98
ID: 41840169
SIM50, I have one more question...would be appreciated if you could help.
What if I want to monitor a port-channel which is currently an uplink to core switch (Catalyst6509), could I do this? would it be any impact to Spanning Tree?
Also, before configuring the destination port, the port was configured as below? Do I need to configure port "no switchport mode access" first?
interface gig0/4
switchport mode access
spanning-tree portfast
spanning-tree guard root
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question