Cisco IOS // Port Mirroring

assuming gns3 with c3725 appliance and debian/buster guest

IMAGE HERE

PC1

ip 10.1.1.1/24 10.1.1.254
save

c3725 GT96100-FW + NM-16ESW (L2 for SPAN) – not NM-1FE-TX

conf t

interface fa0/0
    ip address 10.1.1.254 255.255.255.0
    no shutdown
    exit

interface fa1/0
    switchport access vlan 1
    switchport mode access
    no shutdown
    exit

interface vlan1
    ip address 10.2.2.254 255.255.255.0
    no shutdown
    exit

interface fa1/1
    spanning-tree portfast
    no shutdown
    exit

show ip interface brief

no monitor session 1
monitor session 1 source interface fa1/0
monitor session 1 destination interface fa1/1
! encapsulation dot1q
end

show monitor session 1

write mem

PC2

ip 10.2.2.1/24 10.2.2.254
save
ping 10.1.1.1

Acceptance

tcpdump -i eth1

here’s a screenshot

Additional notes

draft

show interfaces status | include connected

one can also mirror several ports at once

monitor session 1 source interface fa0/1 - 24 rx
monitor session 1 destination interface gi0/1

Resources

https://networkengineering.stackexchange.com/questions/6317/show-connected-up-interfaces-on-cisco-devices

https://www.ciscozine.com/how-to-analyze-traffic-with-span-feature/

Back pressure from a SPAN port https://community.cisco.com/t5/switching/back-pressure-from-a-span-port/td-p/2232560

https://www.cisco.com/c/m/en_us/techdoc/dc/reference/cli/nxos/commands/fund/show-running-config-diff.html

troubles

SPAN not supported on some routed interfaces? https://community.cisco.com/t5/switching/span-not-supported-on-some-routed-interfaces/td-p/2092457


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun