This can be done by Switched Port Analyzer (SPAN) .Once you configure SPAN it will send a copy of the traffic from source port to another port(destination port) on the switch and the traffic can be monitored by connecting to a computer with a wireshark (or similar software) to the destination port and configure it to capture and analyse the traffic.
UNDERSTANDING SPAN TERMINOLOGY
Ingress Traffic: Traffic that enters the switchEgress Traffic: Traffic that leaves the switch
Source (SPAN) port: A port that is monitored
Source (SPAN) VLAN: A VLAN whose traffic is monitored
Destination (SPAN) port: A port that monitors source ports.
CONFIGURATION EXAMPLE
Source SPAN ports are monitored for received (RX - Ingress), transmitted (TX - Egress) or bidirectional (both) traffic. Traffic entering or exiting the Source SPAN ports is mirrored to the Destination SPAN port.In the below example we need to monitor traffic (send and recieve) coming to interface fastEthernet0/2 and this need to be copied to destionation interface fastEthernet0/5 for monitoring.Once we setup this, we can directly connect a laptop with a wireshark to switch interface fastEthernet0/5 and monitor all the traffic sending and receiving on interface fastEthernet0/2
Switch-A# configure terminal
Switch-A(config)# monitor session 1 source interface fastEthernet0/2
Switch-A(config)# monitor session 1 destination interface fastEthernet0/5
Switch-A(config)# exit
Confirming the monitoring session and operation requires one simple command, show monitor:
Switch-A# show monitor
Session 1
---------
Type : Local Session
Source Ports :
Both : Fa0/2
Destination Ports : Fa0/3
Encapsulation: Native
Ingress: Disabled
NOTE : show monitor session 1 detail can be used to see more details
NOTE : Once the port monitoring is activated no traffic is send OUT from destination Interface .It will only recieve the traffic copied from source interface .Also note that this setup do not affect the switching of network traffic on source ports.
0 comments:
Post a Comment