VLAN Trunking

I have been working on by BSCI that I have totally forgotten how to configure switches (pitiful) anyways I want to set up NTOP on my network and monitor the traffic.

Please excuse my elementary knowledge. I swear I knew more about switches. But Im a WAN engineer so mostly deal with routers on a daily basis.

I set up fastethernet 0/3 as a trunk port
switchport trunk encap dot1q
switchport mode trunk

Now if I want to only allow VLAN 2 through this port, I wouldnt place it to access VLAN2 correct?

I also want to create a span port to monitor this trunking port

So I enabled port monitor on FastEthernet 0/4 for this port via

fate0/4
port monitor faste0/3

But whenever I try to port monitor via VLAN2 it defaults to VLAN1.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

networker050184

If I have this correct you want to only allow VLAN2 across the trunk? If that is the case why make it a trunk and not just an access port? If you want to limit the VLANs on a trunk use the switchport trunk allowed vlan command.

What kind of switch is this you are setting up the monitor on? Try something like this.

monitor session 1 source (isource) (direction)
monitor session 1 destination (destination)

flipmad

2924XL.

I will use the switchport allowed command.

The monitor session isnt allowed on this switch. I was wondering if I create a Span port for FA04, will allow me to monitor the trunking port

According to Cisco documentation
The Catalyst 2900XL and 3500XL do not support SPAN in the Rx direction only (Rx SPAN or ingress SPAN) or in the Tx direction only (Tx SPAN or egress SPAN). All SPAN ports are designed to capture both Rx and Tx traffic.

By the way, thanks for replying so quickly. I appreciate the assistance.

networker050184

Try putting the interface into VLAN2 and then monitor the VLAN and not the interface.

It looks like there are some restrictions with monitoring on the older model switches. One more reason to get some new model switches.

Catalyst Switched Port Analyzer (SPAN) Configuration Example

mzinz

blake15 wrote: »

I have been working on by BSCI that I have totally forgotten how to configure switches (pitiful) anyways I want to set up NTOP on my network and monitor the traffic.

Please excuse my elementary knowledge. I swear I knew more about switches. But Im a WAN engineer so mostly deal with routers on a daily basis.

I set up fastethernet 0/3 as a trunk port
switchport trunk encap dot1q
switchport mode trunk

Now if I want to only allow VLAN 2 through this port, I wouldnt place it to access VLAN2 correct?

I also want to create a span port to monitor this trunking port

So I enabled port monitor on FastEthernet 0/4 for this port via

fate0/4
port monitor faste0/3

But whenever I try to port monitor via VLAN2 it defaults to VLAN1.

conf t
int fa0/3
switchport trunk encap dot1q
switchport mode trunk
switchport trunk allowed vlan 2

Now, maybe someone can correct me here, but if you're only trying to pass VLAN2 traffic, couldn't you set up an access port in VLAN2 on both ends? (or would that detag the traffic as it passed it to the other side?)