Dear friends. Today, let's discuss on how to configure a SPAN port on a Cisco Switch.
Network Setup
MacBook 10.0.0.152/24 -->f0/9 L2 switch --> f0/1 L2 switch --> Unifi Router 10.0.0.99/24 --> Internet
Dell 10.0.0.151/24 --> f0/5 L2 switch --> f0/1 L2 switch --> Unifi Router 10.0.0.99/24 --> Internet
Plan
Macbook will generate traffic to the internet. Dell laptop will capture all it's live traffic using WireShark.
Terms
Source interface: The interface where the traffic will be captured.
Destination interface: The interface where all the captured traffic will be mirrored to.
Steps
1. At the L2 switch, configure the span source interface. In this case, I want to capture all of the traffic generated from MacBook to Internet. Therefore, port f0/1 will be used as span source interface because all traffic will go through this port to go to the internet.
| Switch(config)#monitor session 1 source interface fastEthernet 0/1 |
2. Configure the destination interface. All traffic that is being captured at span source interface will be mirrored to this port.
| Switch(config)#monitor session 1 destination interface fastEthernet 0/5 |
3. Please take note that the destination span port's protocol status will be changed to down once you've configured it as destination interface.
Switch#sh int f0/5 status
Port Name Status Vlan Duplex Speed Type Fa0/5 monitoring 1 a-full a-100 10/100BaseTX
Switch#sh int f0/5
FastEthernet0/5 is up, line protocol is down (monitoring) |
4. To check on current SPAN port setup on that switch.
Switch#show monitor session 1
Session 1--------- Type : Local Session Source Ports : Both : Fa0/1 Destination Ports : Fa0/5 Encapsulation : Native Ingress: Disabled |
5. Live traffic that is being captured at port f0/1 of the L2 switch can be seen as per below. You're only seeing ICMP traffic because I'm generating continuous ping to 4.2.2.2 from the MacBook (10.0.0.152).
I hope that this post will benefit us all. Thank you for your time.
- Soulpower
No comments:
Post a Comment