|
Question : BiDirectional SPAN on Cisco Catalyst 3750
|
|
I am trying to enable SPAN on my Catalyst 3750 for Websense use. I followed the steps in this Cisco article to get it going: http://www.cisco.com/warp/public/473/41.html#topic5
I have the ports configured correctly and Websense can see all of the data that is going to my PIX firewall but when this is enabled, my Websense computer loses all other network connections. Websense tells me I can get it going so I have full network ability as well as getting all the data going to the PIX but my Cisco guy at a 3rd party company says it is impossible. Websense talked about ingress or egress as being the key but I have no idea what this even means or if it is supported on my switch.
When I run "Show monitor session 1" this is what I get:
Session 1 --------- Type : Local Session Source Ports : Both : Gi1/0/24 Destination Ports : Gi1/0/23 Encapsulation : Native Ingress: Disabled
Is ingress or egress the key to doing this and if so how do I enable it?
|
Answer : BiDirectional SPAN on Cisco Catalyst 3750
|
|
The 3750 (along with most of Cisco's IOS switches) does not support "inbound" traffic on SPAN destination ports:
"When it is active, incoming traffic is disabled. The port does not transmit any traffic except that required for the SPAN session. Incoming traffic is never learned or forwarded on a destination port."
(Taken from: Catalyst 3750 Switch Software Configuration Guide)
You will need a second NIC in your Websense box, or deployment the network monitoring agent on some other, dual-NIC machine.
|
|
|