SPAN port on Cisco 4000 switch

pts.
Tags:
Cisco
Networking
Networking Equipment
Routers
Security
I am in the process of setting up Websense (internet access filtering) with my Pix firewall. One of the step in the Websense setup is to set up a SPAN port on my core switch, so that Websense can monitor all traffic. I have not set up a SPAN port in the past and I am looking for some guidance. The Websense server is connected to port 20 on blade 3 of the switch. All the the SPAN documentation I read speaks of configuring two ports (one being where the sniffer is attached, which in may case in the Websense server) but I don't understand what the second port needs to be.

Answer Wiki

Thanks. We'll let you know when a new response is added.

if i understand you correctly what you want is to set up a vspan session, where you monitor a vlan(s) instead of a port, if you want to monitor the traffic from one vlan use the command
conf)#monitor session (session#)source interface (mod/num) or vlan (vlan-id)
if you want to monitor multiple vlans then use the trunk port interface and you can monitor any or all vlans in the trunk

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Imazing
    I just finished an install of Websense. Although I use 3COM switches but I had to do the same thing. One port is the port that the Websense server (monitor port on 3COM) uses and the other would be the port that the Pix is on (Anylsys Port on 3COM). Reason being that this way all trafic going to you PIX will also be sent to you Websense server. I hope you can use this to setup you Cisco Switch
    0 pointsBadges:
    report
  • Odyleones
    Hi Hinesjrh, For info: Mostly the good setup for a web filtering is to have a two lan card.The purpose: 1 port = use to monitoring and blocking 1 port = use for communication The monitoring port has no ip address and the other port has an ip address.Actually you can have 1 port for both monitoring/blocking and communication port but it is not advisable. Here is a sample config: interface FastEthernet 3/20 ==>sniffing port of ur websense description Websense Monitoring & Blocking Port duplex full speed 100 port monitor FastEthernet3/10 spanning-tree portfast ! interface FastEthernet3/10 ===>the port of the firewall description link to firewall leg spanning-tree portfast ! interface FastEthernet3/11 description Websense Communication Port spanning-tree portfast Hope this would help you...if you need some more assistance feel free to email me...
    0 pointsBadges:
    report
  • Odyleones
    Hi, Sample explanation about the communication port. Assuming that your firewall is located at VLAN 100 VLAN 100 = 192.168.100.0/24 Gateway = 192.168.100.1 Firewall = 192.168.100.2 Websense Lan Card: 1 lan card (lets call it E1)= for sniffing 1 lan card (Lets call it E2)= communication port The E1 port should be connected to the same VLAN where your firewall is connected but take note this port had no ip address.This port is for your sniffing(Blocking and monitoring) For E2 port you connect this also to vlan 100.This time you need to put an ip address.Sample: 192.168.100.3 This E2 port is used to communicate with your servers or AD(Active directory)or to your firewall.So be sure that your Websense server is part of your network domain or network servers.This communication port is needed cause this port is the one incharge in communicating with your firewall or AD for credentials.Actually you can have 1 port for sniffing and communication but it is not wise to do so. Hope this would help you enlighten about the other port.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following