2-222
Catalyst 2950 and Catalyst 2955 Switch Command Reference
OL-10102-01
Chapter 2 Catalyst 2950 and 2955 Cisco IOS Commands
monitor session
If ingress forwarding is enabled, you can use the SPAN destination port to inject traffic from a network
security device. For example, if you connect a Cisco Intrusion Detection System (IDS) Sensor Appliance
to a destination port, the IDS device can send TCP Reset packets to close down the TCP session of a
suspected attacker.
Examples This example shows how to create SPAN session 1 to monitor both sent and received traffic on source
port 1 on destination port 8:
Switch(config)# monitor session 1 source interface fastethernet0/1 both
Switch(config)# monitor session 1 destination interface fastethernet0/8
This example shows how to delete a destination port from an existing SPAN session:
Switch(config)# no monitor session 2 destination fastethernet0/4
This example shows how to configure RSPAN session 1 to monitor multiple source interfaces and to
configure the destination RSPAN VLAN and the reflector-port:
Switch(config)# monitor session 1 source interface fastethernet0/10 tx
Switch(config)# monitor session 1 source interface fastethernet0/2 rx
Switch(config)# monitor session 1 source interface port-channel 102 rx
Switch(config)# monitor session 1 destination remote vlan 901 reflector-port
fastethernet0/1
Switch(config)# end
This example shows how to configure the destination port for ingress traffic on VLAN 5 by using a
security device that does not support IEEE 802.1Q encapsulation:
Switch(config)# monitor session 1 destination interface fastethernet0/5 ingress vlan 5
This example shows how to configure the destination port for ingress traffic on VLAN 5 by using a
security device that supports IEEE 802.1Q encapsulation:
Switch(config)# monitor session 1 destination interface fastethernet0/5 encapsulation
dot1q ingress vlan 5
This example shows how to disable ingress traffic forwarding on the destination port:
Switch(config)# monitor session 1 destination interface fastethernet0/5 encapsulation
dot1q
You can verify your settings by entering the show monitor privileged EXEC command.
Related Commands Command Description
remote-span Configures an RSPAN VLAN in vlan configuration mode.
show monitor Displays SPAN and RSPAN session information.
To Next Page
Loading...
