Monitor Port 2950 - How>? 2

[bpinning]

Hi all,

I'm a bit new to Cisco and was after a little help with mirroring all traffic on FastEthernet 0/1 to FastEthernet 0/2, for our SurfControl Web Filter machine.

Any and all assistance if greatly appreciated,

Thanks,

Brett.

 

[lambent]

mon session 1 source interface fastEthernet 0/1 both
mon session 1 destination interface f0/2 ingress vlan x

where "vlan x" is the "default vlan for untag ingress traffic". Change the VLAN-ID according to your need. Usually this is the VLAN-ID of your access port. If you're running trunking on source ports, the it's the native VLAN of your trunk port and you need some additional options like this

mon session 1 source interface fastEthernet 0/1 both
mon session 1 destination interface f0/2 encapsulation <dot1q/isl> ingress vlan x

 

[dk87]

One thing I would like to point out is that although the SurfControl machine will receive all the data, it will act as if it is not attached to the network (for example, when you log on, it will tell you that the domain is not available and you will not be able to see it from other machines) unless you have a second NIC connected to a different port.

 

[bpinning]

Thanks,

Yes, I will have a second Nic attached to the network so it can send back to denials to the network.

Do you have the actual commands to "hold my hand", i'm kinda new to this whole cisco code.

Thanks,

Brett.

 

[lambent]

em...what do you mean by "hold my hand"?

 

[bpinning]

I don't know the actual commands that need to be entered,

What comes after:

User Access Verification

Password:
CAT2950ITC3>enable
Password:
CAT2950ITC3#

I can do most other stuff but I have never attempted to mirror a port.

Just to confirm, I want to mirror FastEthernet0/1 to FastEthernet0/2 so it can be monitored by a machine.

Thanks,

Brett.

 

[lambent]

you need to type "conf t" to enter the config mode:

conf t
mon session 1 source interface fastEthernet 0/1 both
mon session 1 destination interface f0/2 ingress vlan x
end

You can use the SPAN destination port to inject traffic from a network security device. For example, if you connect a Cisco Intrusion Detection System (IDS) Sensor Appliance to a destination port, the IDS device can send TCP Reset packets to close down the TCP session of a suspected attacker.

The following example shows how to configure the destination port for ingress traffic on VLAN 5 by using a security device that does not support 802.1Q encapsulation.

conf t
mon session 1 source interface fastEthernet 0/1 both
mon session 1 destination interface f0/2 ingress vlan 5
end

The following example shows how to configure the destination port for ingress traffic on VLAN 5 by using a security device that supports 802.1Q encapsulation.

conf t
mon session 1 source interface fastEthernet 0/1 both
mon session 1 destination interface f0/2 encapsulation dot1q ingress vlan 5
end

If you already decided to use a 2nd NIC then you can ignore the "ingress vlan x" option:

conf t
mon session 1 source interface fastEthernet 0/1 both
mon session 1 destination interface f0/2
end

 

[bpinning]

Thanks,

Thats definitely what I meant by "holding my hand"

A good old star for you.

Thanks again,

Brett.

PS; Really should do my CCNA one Day.