monitoring traffic cisco 2600 router

cisco 2651XM router IOS: c2600-adventerprisek9-mz.124-15.T9.bin WIC-1-ADSL card fitted (Dialer0)

I'm using the monitor command on the above router to keep an eye on the traffic on another server thus: monitor session 1 source interface Fa1/0 (server connected here) monitor session 1 destination interface Fa1/1 (PC running wireshark connected here)

It works well but I'd like to do the same thing where the source is the Dialer0 port but the config won't allow it - it only seems to permit a FastEthernet port. Is there a way or another command that will enable me to monitor all traffic at the (source) adsl port and output it to a (destination) FastEthernet port?

Reply to
tg
Loading thread data ...

Not a direct answer to your question, but have you considered using a netflow probe on the Dialer of Zeroness?

Reply to
alexd

Hey, SPAN on an ISR is limited IIRC. Depending on your config, you might be able to use RITE:

formatting link
It works like SPAN, but SRC has to be an interface running IP, and DST as to be an Ethernet. If you need any help setting this up, give me a shout.

/Ruairi

Reply to
Ruairi Carroll

Wow - not heard of that. Docs say only on some platforms.

12.4(20)T and later has an additional packet capture facility.
formatting link
According to
formatting link
Embedded Packet Capture is on the current router platforms however not apparently the 2651XM:(
Reply to
bod43

Hey, SPAN on an ISR is limited IIRC. Depending on your config, you might be able to use RITE:

formatting link
It works like SPAN, but SRC has to be an interface running IP, and DST as to be an Ethernet. If you need any help setting this up, give me a shout.

-------------------

thanks for your feedback and yes I do need help in troubleshooting this. I wanted the Dialer0 as source and F0/0 as the destination output and I did the steps at the above address you gave and but I'm not getting any dialer0 traffic from the destination port Fa0/0. the commands I did were: router(config)#ip traffic-export profile my_rite router(conf-rite)#int dialer0 router(conf-rite)#bidirectional router(conf-rite)#mac-address 0090.27FC.756F router(conf-rite)#exit router(config)#int f0/0 router(config-if)#ip traffic-export apply my_rite .Oct 1 21:27:44.326: %RITE-5-ACTIVATE: Activated IP traffic export on interface FastEthernet0/0

the only thing I'm not sure about is the mac address. I used the mac-address of the NIC in my PC - this is the receiving device. That's correct isn't it?

here's what the 'show run' gave after putting in the above commands:

ip traffic-export profile my_rite interface Dialer0 bidirectional mac-address 0090.27fc.756f

interface FastEthernet0/0 ip address 192.168.0.1 255.255.255.0 ip traffic-export apply my_rite duplex auto speed auto

interface Dialer0 ip address negotiated previous ip access-group 104 out no ip redirects no ip proxy-arp ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer idle-timeout 0 dialer persistent dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname my username ppp chap password 0 password

thanks for any further advice.

Reply to
tg

oops and damn. typical that a few minutes after my above post I realised I had the monitor and destination ports configured round the wrong way. The command: show ip traffic-export int f0/0 showed up this error, so I did the config again and now it appears to be working well and I can see detailed Dialer0 traffic in wireshark on the PC. thanks very much for your help.

Reply to
tg

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.