[c-nsp] Port monitoring
Ran Liebermann
ranmails at gmail.com
Sat Mar 26 09:50:59 EST 2005
Hi Gary,
You can use the 'ingress' option at the end of the SPAN configuration, such as:
monitor session 1 destination interface f0/48 ingress
Please refer to this link:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2940/12122ea2/2940scg/swspan.htm#wp1218090
--
Ran.
On Tue, 22 Mar 2005 15:37:56 +0000, Gary Roberton
<gary.ciscomail at gmail.com> wrote:
> Hi
>
> We have a few customers that want to put surf control servers in our
> network. The problem that we have found is that surf control is a
> pasive device and needs to be connected to a hub to 'see' what is
> happening on the network. We want to use switches not hubs and
> thought we could use the 'port monitor' command. This now seems to
> have been replaced by using the 'span' technique. However, span seems
> to only allow the port to receive packets and not allow the server to
> transmit.
>
> Is the only answer to have two NICs in the the server - one for
> checking the traffic it sees and the other to send out the FIN packets
> to the clients trying to get to blacked sites?
>
> We are looking across 2950, 3550 and 23750 switches.
>
> Thanks in advance
>
> Gary
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list