SPAN and Ingress traffic on 3750
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||
|
Posted by linguafr on June 23, 2008, 6:22 pm
Please log in for more thread options destination port with SPAN enabled. It isn't Session 1 --------- Type : Local Session Source VLANs : Both : 7 Destination Ports : Gi1/0/3 Encapsulation : Native Ingress : Enabled, default VLAN = 321 Ingress encap : Untagged | |||||||||||||
|
Posted by Trendkill on June 24, 2008, 11:01 am
Please log in for more thread options Not sure I understand the question. Ingress means that the span port will also receive regular frames for the access vlan that the span port is in I think. Generally, you don't connect to the sniffer via the same port that sniffs, its a receiving port only (or should be). You use a management interface or second NIC to control the sniffer. So even if the ingress did work that way, you would have to configure an IP on that NIC in that VLAN. Could work, but I've never heard of anyone using a sniffer that way. | |||||||||||||
|
Posted by J.Cottingim on June 24, 2008, 8:18 pm
Please log in for more thread options >
> > Should the ingress option allow me to connect to the host on the
> > destination port with SPAN enabled. =A0It isn't >
> > Session 1
> > --------- > > Type =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 : Local Session > > Source VLANs =A0 =A0 =A0 =A0 =A0 : > > =A0 =A0 Both =A0 =A0 =A0 =A0 =A0 =A0 =A0 : 7 > > Destination Ports =A0 =A0 =A0: Gi1/0/3 > > =A0 =A0 Encapsulation =A0 =A0 =A0: Native > > =A0 =A0 =A0 =A0 =A0 Ingress =A0 =A0 =A0: Enabled, default VLAN =3D 321 > > =A0 =A0 Ingress encap : Untagged >
> Not sure I understand the question. =A0Ingress means that the span port > will also receive regular frames for the access vlan that the span > port is in I think. =A0Generally, you don't connect to the sniffer via > the same port that sniffs, its a receiving port only (or should be). > You use a management interface or second NIC to control the sniffer. > So even if the ingress did work that way, you would have to configure > an IP on that NIC in that VLAN. =A0Could work, but I've never heard of > anyone using a sniffer that way. linguafr, Trendkill is right... allowing ingress will allow the switch to receive traffic from the attached "sniffer." However, it looks like you've spanned the whole VLAN onto an interface. (albeit a gigabit one) Traffic from your host may be making it onto the switch - but it may not have enough bandwidth to receive any responses. Try the same span, but span only one interface (not a trunk port) on the VLAN - see if your "sniffer" works. Also, check the port utilization while spanning the whole VLAN. By the way, Trendkill - I've used that method in the past - when I absolutely had to. It works as long as you don't overwhelm the link. Good Luck. -JC | |||||||||||||
|
Posted by on June 26, 2008, 9:46 am
Please log in for more thread options >
> > > > > > > > Should the ingress option allow me to connect to the host on the
> > > destination port with SPAN enabled. =A0It isn't >
> > > Session 1
1
> > > --------- > > > Type =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 : Local Session > > > Source VLANs =A0 =A0 =A0 =A0 =A0 : > > > =A0 =A0 Both =A0 =A0 =A0 =A0 =A0 =A0 =A0 : 7 > > > Destination Ports =A0 =A0 =A0: Gi1/0/3 > > > =A0 =A0 Encapsulation =A0 =A0 =A0: Native > > > =A0 =A0 =A0 =A0 =A0 Ingress =A0 =A0 =A0: Enabled, default VLAN =3D 32= > > > =A0 =A0 Ingress encap : Untagged
>
> > Not sure I understand the question. =A0Ingress means that the span port
> > will also receive regular frames for the access vlan that the span > > port is in I think. =A0Generally, you don't connect to the sniffer via > > the same port that sniffs, its a receiving port only (or should be). > > You use a management interface or second NIC to control the sniffer. > > So even if the ingress did work that way, you would have to configure > > an IP on that NIC in that VLAN. =A0Could work, but I've never heard of > > anyone using a sniffer that way. >
> linguafr, > > Trendkill is right... allowing ingress will allow the switch to > receive traffic from the attached "sniffer." However, it looks like > you've spanned the whole VLAN onto an interface. (albeit a gigabit > one) > Traffic from your host may be making it onto the switch - but it may > not have enough bandwidth to receive any responses. > Try the same span, but span only one interface (not a trunk port) on > the VLAN - see if your "sniffer" works. Also, check the port > utilization while spanning the whole VLAN. > > By the way, Trendkill - I've used that method in the past - when I > absolutely had to. It works as long as you don't overwhelm the link. > Good Luck. > > -JC- Hide quoted text - > > - Show quoted text - I have used Ingress frequently however I have found that it does not seem to actually work on all platforms. More modern ones dont seem to work. I think that I have found that it did not work on 4500 SE IV 4500 SE V 6500 SUP 720 3750 May of course be software and other hardware dependent. I have formed the view that it works on older stuff and not on newer stuff. The documentation and command line say that it works. As far as I can recall. | |||||||||||||
| Similar Threads | Posted |
| SPAN and Ingress traffic on 3750 | June 23, 2008, 6:22 pm |
| RSPAN Ingress Problem | July 25, 2007, 9:11 am |
| default non-ip traffic handling on 3750 | April 8, 2008, 9:05 pm |
| SPAN limitiation | August 24, 2005, 12:30 am |
| Combined SPAN and RSPAN | July 10, 2006, 6:18 am |
| SPAN port on Cat 4006 | April 4, 2008, 9:00 am |
| port span vlan | May 19, 2008, 8:59 pm |
| SPAN + cisco 6500 | June 24, 2008, 9:48 am |
| enable Span on Cisco Switch 3500 | October 16, 2006, 8:39 am |
| Catalyst 3560 SPAN setting for Snort | April 26, 2007, 6:07 pm |
| 2 VLAN's on 1 Port SPAN - CIsco 6500 | December 21, 2007, 1:08 pm |
| How do you implement SPAN on a 2801 Router with a HWIX-4ESW card installed. | January 2, 2007, 4:02 pm |
| How does typical ISP traffic shaping/bandwidth limiting work ? Do ISP's allow bursty traffic per second ? | January 19, 2006, 3:50 pm |
| traffic-shaping limit ftp traffic | October 7, 2005, 11:51 am |
| Traffic-shaping traffic with precedence 2 | June 12, 2008, 5:05 am |
> destination port with SPAN enabled. =A0It isn't
>
> Session 1
> ---------
> Type =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 : Local Session
> Source VLANs =A0 =A0 =A0 =A0 =A0 :
> =A0 =A0 Both =A0 =A0 =A0 =A0 =A0 =A0 =A0 : 7
> Destination Ports =A0 =A0 =A0: Gi1/0/3
> =A0 =A0 Encapsulation =A0 =A0 =A0: Native
> =A0 =A0 =A0 =A0 =A0 Ingress =A0 =A0 =A0: Enabled, default VLAN =3D 321
> =A0 =A0 Ingress encap : Untagged