Solved

Setup SPAN to monitor DMZ traffic

Posted on 2016-09-08
2
51 Views
Last Modified: 2016-10-12
Our security recently setup a palo alto and it also was configured as DMZ connecting to a Catalyst 2960S. I was asked to configure SPAN on a port to monitor a port channel.
!
interface port-channel 10
!
interface g0/23
switchport mode trunk
channel-group 10
!
interface g0/24
switchport mode trunk
channel-group 10

Could someone please comment on my command to configure SPAN below? Did I miss anything?
source port: port-channel 10
destination port: G0/4

Switch(config-if)#interface g0/4
Switch(config-if)#port monitor port-channel 10

Thanks!
0
Comment
Question by:techy98
2 Comments
 
LVL 14

Accepted Solution

by:
SIM50 earned 500 total points
ID: 41790146
monitor session 1 source interface po10
monitor session 1 destination interface gig0/4 encap dot1q

to clear:
no monitor session 1
0
 

Author Comment

by:techy98
ID: 41840169
SIM50, I have one more question...would be appreciated if you could help.
What if I want to monitor a port-channel which is currently an uplink to core switch (Catalyst6509), could I do this? would it be any impact to Spanning Tree?
Also, before configuring the destination port, the port was configured as below? Do I need to configure port "no switchport mode access" first?
interface gig0/4
switchport mode access
spanning-tree portfast
spanning-tree guard root
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now