VLAN Trunking
flipmad
Member Posts: 184
in CCNA & CCENT
I have been working on by BSCI that I have totally forgotten how to configure switches (pitiful) anyways I want to set up NTOP on my network and monitor the traffic.
Please excuse my elementary knowledge. I swear I knew more about switches. But Im a WAN engineer so mostly deal with routers on a daily basis.
I set up fastethernet 0/3 as a trunk port
switchport trunk encap dot1q
switchport mode trunk
Now if I want to only allow VLAN 2 through this port, I wouldnt place it to access VLAN2 correct?
I also want to create a span port to monitor this trunking port
So I enabled port monitor on FastEthernet 0/4 for this port via
fate0/4
port monitor faste0/3
But whenever I try to port monitor via VLAN2 it defaults to VLAN1.
Please excuse my elementary knowledge. I swear I knew more about switches. But Im a WAN engineer so mostly deal with routers on a daily basis.
I set up fastethernet 0/3 as a trunk port
switchport trunk encap dot1q
switchport mode trunk
Now if I want to only allow VLAN 2 through this port, I wouldnt place it to access VLAN2 correct?
I also want to create a span port to monitor this trunking port
So I enabled port monitor on FastEthernet 0/4 for this port via
fate0/4
port monitor faste0/3
But whenever I try to port monitor via VLAN2 it defaults to VLAN1.
Comments
-
networker050184
Mod Posts: 11,962 Mod
If I have this correct you want to only allow VLAN2 across the trunk? If that is the case why make it a trunk and not just an access port? If you want to limit the VLANs on a trunk use the switchport trunk allowed vlan command.
What kind of switch is this you are setting up the monitor on? Try something like this.
monitor session 1 source (isource) (direction)
monitor session 1 destination (destination)An expert is a man who has made all the mistakes which can be made. -
flipmad
Member Posts: 184
2924XL.
I will use the switchport allowed command.
The monitor session isnt allowed on this switch. I was wondering if I create a Span port for FA04, will allow me to monitor the trunking port
According to Cisco documentation
The Catalyst 2900XL and 3500XL do not support SPAN in the Rx direction only (Rx SPAN or ingress SPAN) or in the Tx direction only (Tx SPAN or egress SPAN). All SPAN ports are designed to capture both Rx and Tx traffic.
By the way, thanks for replying so quickly. I appreciate the assistance. -
networker050184
Mod Posts: 11,962 Mod
Try putting the interface into VLAN2 and then monitor the VLAN and not the interface.
It looks like there are some restrictions with monitoring on the older model switches. One more reason to get some new model switches.
Catalyst Switched Port Analyzer (SPAN) Configuration ExampleAn expert is a man who has made all the mistakes which can be made. -
mzinz
Member Posts: 328
I have been working on by BSCI that I have totally forgotten how to configure switches (pitiful) anyways I want to set up NTOP on my network and monitor the traffic.
Please excuse my elementary knowledge. I swear I knew more about switches. But Im a WAN engineer so mostly deal with routers on a daily basis.
I set up fastethernet 0/3 as a trunk port
switchport trunk encap dot1q
switchport mode trunk
Now if I want to only allow VLAN 2 through this port, I wouldnt place it to access VLAN2 correct?
I also want to create a span port to monitor this trunking port
So I enabled port monitor on FastEthernet 0/4 for this port via
fate0/4
port monitor faste0/3
But whenever I try to port monitor via VLAN2 it defaults to VLAN1.
conf t
int fa0/3
switchport trunk encap dot1q
switchport mode trunk
switchport trunk allowed vlan 2
Now, maybe someone can correct me here, but if you're only trying to pass VLAN2 traffic, couldn't you set up an access port in VLAN2 on both ends? (or would that detag the traffic as it passed it to the other side?)_______LAB________
2x 2950
2x 3550
2x 2650XM
2x 3640
1x 2801