Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Moitoring 2 switches which span port enabled

Status
Not open for further replies.
banalas

banalas

IS-IT--Management
May 23, 2001
22
US
I have to switches 6509 and 5000 both have a span port on them how can i monitor the traffic from both switches , can i do connecting to switches to a switch and connect my monitoring station to that switch, will i be able to do that or is there any different way

Please help

Thanks

 
Sort by date Sort by votes
I would consider looking at spanning on an aggregation point. Do you have these two switches connected together? Do they share a common vlan (ie vlan1) which contains the traffic you're intersted in? You can span 1 or more vlans but could get pretty busy for your network management station. Realize that monitoring the traffic from two large switches such as these could generate a tremendous amount of data. Can you simplify the traffic you're interested in by narrowing down on the application, hosts or specific segments?
 
Upvote 0 Downvote
I have what looks like the same scenario. I'd like to hear from inetworku on how this might work. From my reading, I can mirror several ports to a monitor port on a switch, but I can't see how to monitor several ports on two switches from a single monitor port. I've been considering the obvious- gunthnp's idea of having the IDS sit on both switches.

I have two C2950T-24's connected together by the two gig ports using etherchannel. 12 ports on each switch are on the vlan that I want to watch. The IDS monitor NIC is currently plugged into port 24 on switch 1. I can see this being tricky since all traffic (including 3 other vlans) goes through the etherchannel port. Gunthnp's suggestion is probably the simplest, but I'd like to know if this is possible.
 
Upvote 0 Downvote
you can also try rspan if the feature is available on both switches. you can configure two different monitoring sessions on one switch and one of them can monitor local ports and the other can monitor remote ports. once again the ios/cos images must support it.

search for remote spanning or remote span
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
335
Zero6
Zero6
CPM86
  • Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
352
CPM86
CPM86
Gartech
  • Locked
  • Question
LAN Port Test Device
Replies
3
Views
336
ipohead
ipohead
inlsp05
  • Locked
  • Question
2811&2960 48 volts wiring diagram
Replies
1
Views
405
BOKA
BOKA
BleuBell
  • Locked
  • Question
Command Rejected : Exceeded NNI ports Allowed
Replies
0
Views
251
BleuBell
BleuBell

Part and Inventory Search

Sponsor

Back
Top