Cisco 892FSP - SPAN Ports behavior

Dear Cisco-community,

I'm trying to reflect an uplink port (Gi8) of my Cisco892 to a switchport (IG2). Is this a bug or a feature that I can't mirror uplinks(Gi8-9), but switchports(Gi0-7) do not work?

Uplink does not:

C892-(config) #monitor session 1 source interface gigabitEthernet?
<0-9>The GigabitEthernet interface number

C892-(config) #monitor session 1 source interface gigabitEthernet 8
% Of incomplete orders.

C892-(config) #monitor session 1 source interface gigabitEthernet 8?
% Unrecognized command

Switchport œuvres

C892-(config) #monitor session 1 source interface gigabitEthernet 7
C892-(config) #.

Version:

Cisco IOS software, software C800 (C800-UNIVERSALK9-M), Version 15.5 (3) M3, VERSION of the SOFTWARE (fc2)
Technical support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Updated Tuesday, June 20, 16 13:57 by prod_rel_team

Cisco C892FSP-K9 (revision 1.0) with 488524K / 35763K bytes of memory.
10 gigabit Ethernet interfaces
1 module of virtual private network (VPN)
Configuration of DRAM is 32-bit wide
255K bytes of non-volatile configuration memory.
250880K bytes of ATA CompactFlash (read/write) system

Thank you!

I do not know the answer - but in general, you can only monitor switch ports, not routed layer 3 ports.

Tags: Cisco Network

Similar Questions

Spanning Ports of layer Multiple 3 jumps away

Someone got experience spanning ports of switches which are several layer 3 jumps away network sniffing workstation?

Hello

You should watch ERSPAN. It uses a GRE tunnel to carry the traffic on the network.

http://www.Cisco.com/en/us/docs/switches/LAN/catalyst6500/IOS/12.2Sx/configuration/guide/span.html#wp1048235

Hope this helps

Martin

SPAN port question

Our security guys wants to snort installation on a Linux box with a SPAN port to capture all traffic network (not just traffic VM). What are my options? I think I should do VMDirectPath for a 1 GB integrated network interface and turn it into a SPAN port for the virtual machine. Is there another approach, I'm missing?

Snort will be on a VM with RHEL. I try to avoid using physical blade assets simply because we need a SPAN port. I think that my best course of action will be to use DirectPath to the network card of the snap in a virtual machine.

How to add a VLAN to trunk on Cisco SF200-24 port

Hi all

I have question want to ask:

I have Cisco switch SF200-24, I want to Setup VLAN as below:

1 to 10 of Harbour = Vlan 100

11 to 21 Harbour = Vlan 200

22-24 Harbour = Vlan 300

Port GE1 = Trunking (primary)

Port GE2 = Trunking (secondary)

How to add all the VLAN 100, 200, 300 go through primary and secondary circuits?

What port should I connect to management switch?

Thank you

> How to add every VLAN 100, 200, 300 go through primary and secondary circuits?

first set the ports as trunks via the "VLAN management'-> 'Settings of the Interface' - click on the corresponding port, click on the button"Edit"and select"Trunk"in the list.

Once these (GE1 and GE2) ports as trunks, you can now assign all the VLANS you want through "Management of VLAN"-> "a Port VLAN membership." Select the first port (GE1), click on "join the VLAN" and select VLAN all desired from the list on the left and put them in the list on the right.

and you're done.

> Which port I can connect to management switch?

the default management IP switch is part of the default VLAN1. If you want to keep access to the switch, assign "VLAN1" to one of the ports of access, or change management VLAN number other than 1 - but in this case remember to apply the correct IP settings in order to satisfy the subnet assigned to the new VIRTUAL LAN.

Cisco UCS Server - Port HDMI

Cisco dear team,

One of our customer asked for a HDMI Port on Cisco's UCS servers.

Can someone help me with this please?

In the affirmative, please let me know in which Cisco UCS Server is available?

Kind regards

Farhan.

As far as I know, none of the UCS servers have an HDMI port.

Interface issues Netgear Smartswitch to the Cisco 881 LAN port

Hi, we have 100 routers Cisco 881 in our network and they work all fine for the Linksys, 3Com, switches etc. The problem we encountered is interfacing to switches from Netgear. Netgear switches use automatic detection on their ports and it doesn't seem to be compatible with auto MDIX detection on the LAN Cisco 881 4 serial ports on the router 881 hub. Someone has encountered this problem before? A cross over cable solve the problem? Since both executed MDIX autosensing they never synch - so probably a cross on would not make much. I see this with all Netgear smartswitches. If you put a small switch between the Netgear switch and router Cisco 881 everything works well except to pass traffic to port 9000. Any ideas would be appreciated.

See you soon,.

Len

Hello

There should be no problem using crossover cable. You can try disabling autoMDI/MDIX (not auto mdix) on the cisco device and keep a straight cable but if it fails, use a crossover cable.

Concerning

Alain

Remember messages useful rate.

Configuring the Cisco UCS 5108 ports

Hi all

I'm new in the world of the Cisco UCS server and am setting up Cisco UCS 5108 blade server. The server has two Cisco UCS 6324 interconnections fabric I did the initial Setup on and I try to configure the ports for the blades. Looking through the various articles and tutorials after setting global policies, I see the whole world establishment of uplink and server ports. What I read the uplink ports are plugged directly into the switches (I work with two cisco nexus switches), and server ports are used to connect to the chassis.

I wonder once the configured ports server what exactly are supposed to connect to? I assumed they would also connect to the switch nexus with the uplink ports. However, every time I set up the server ports and plug them in, the switch doesn't seem to have flooded and we lose all connectivity. If I unplug, the connection is restored almost immediately.

The current configuration, that I work with is two ports uplink on each fabric interconnect (4 2 total in each switch of nexus), two server ports on each (4 2 total, in every nexus switch). The only other element connected to the nexus switches is a SAINT who will be configured as a boot and storage of the UCS 5108.

Looks like you have a Mini UCS (6324), with 4-port 10 GB (each FI/IOM) with port QSFP 40 GB that can provide network connectivity linking rising, or if configured as a server port, could be used to connect to a server in a rack compatible Cisco UCS, or connect to a 5108 additional with IOM 2204XP chassis. The blades installed in your initial 5108 chassis 6324 FI/IOM of housing have internal connectivity to the FIs / IOM without the need to configure ports 'server'...

Please take a look at some of the visuals in the datasheet below.

http://www.Cisco.com/c/en/us/products/collateral/servers-unified-computing/UCS-6300-series-fabric-interconnects/datasheet-C78-732207.html

Unified ports can also be configured as a FC ports for connectivity of FC switch upstream or directly related to CF Storage processors.

After having watched the datasheet, let me know if you have any other questions, and I'll try to address them.

You'll not need actually configure ports such as ports 'server' unless you connect servers in a rack.

Please configure any ethernet SFP type connected to your switches nexus upstream as 'network' uplinks. I guess that you don't plan on a disjoint config layer 2 (where each FI has several sets of uplinks will different devices upstream, or the same device with different VLANS allowed on each link). If you are, we can have a separate thread about how you need to configure that.

Thank you

Kirk...

Cisco UCS - FC ports not visible

on my fabric UCS of interconnection, no ports appear under ports CF.

all are rather visible under Ethernet Ports.

they have the good GBIC FC

am I missing something? have already checked under LAN and SAN Manager of uplinks

What kind of fabric Interconnect you 6100 s or 6200 s? If 6100 s then you need plug-ins that support the FC ports.

If you have a 6200 s, you must configure your Ports unified:

http://I0.WP.com/www.virtualizetips.com/wp-content/uploads/2012/02/ucs1a...

If you need more information, attach also the output of the command «See the fabric - interconnect inventory to enlarge»

Hope that helps.

-Kenny

Is it possible to completely disable port 23 on a Cisco device?

When we run the command 'show the ports-open-plan control host' on any of our routers (but more precisely a CGR 2010) we are witnessing port 23 in a listening state.

Active internet connections (servers and established)
State of Service Local prot address foreign address
tcp *:22 *:0 SSH-Server LISTENING
tcp *:23 *:0 Telnet LISTEN
udp *:123 *:0 LISTEN TO NTP

Our listeners are wary of even if we have shown that we do not have telnet activated on VTY lines only SSH, and there is an ACL in place for extra protection. Is it possible to completely disable port 23 to prevent it from running at ALL on startup? I have scoured the internet for a solution to this and have developed dry. I think there must be a way to do this, but he can't know. Is it possible to do it at all? And if not I would really like to find official documentation from Cisco, indicating that ports are by default and cannot be disabled so that I have something to give our listeners.

Thank you!

You cannot stop the telnet service completely on a router IOS, including the CGR 2010. This can be done on NX - OS ('no telnet service').

As Leo points out and as you mentioned that you are already doing, secure the vty lines is considered a good practice. You could also add font control plan. I saw that configuration to NERC audits used in nuclear power plants here in the United States.

As far as something if official Cisco, you open a TAC case or work with your dealer to get something of the business unit.

Reference Dell m6220 aggregated at Cisco 6506

I transition my old 1955 Dell blade chassis to my 'new' Dell m1000e blade chassis to the House and I encountered a problem. I'm posting in the network as it is more closely related to one than the other available categories.

Setup: Dell m1000e with six stand-alone m6220 passes (not stacked) connecting to a Cisco 6506. Each m6220 spans four Gb blades in the 6506... M6220-a1, port 17, plugs into 6506, port g1/1; M6220-a1, port 18, plugs into 6506, port g2/1; M6220-a1, port 19, plugs into 6506, g3/1 port; M6220-a1, port 20, plugs into 6506, port g4/1. M6220-a2, port 17, plugs into 6506, port g1/48; M6220-a2, 18 port, connects to 6506, port g2/48; M6220-a2, port 19, plugs into 6506, g3/48 port; M6220-a2, port 20, plugs into 6506, g4/48 port; the process repeats supposed for the rest of m6220.

OFFSET groups: po1 (12, 17-20) to po1 (g1/1-g4/1); PO6 (a2, 17-20) to po6 (g1/2-g4/2)

All is well. the Television ether on the Cisco displays LACP is in place and working well, like the fact the same command on the side of Dell.

I did all the LAGS interfaces trunks and originally supposed to Dell was like Cisco while none allowed VLAN defined means all the VLANS allowed. I've since read that Dell default behavior is to only authorized WHAT VLAN specified. I've added the appropriate VLAN on the side of Dell.

Pings between m6220 very well work. Pings to the rest of the network the m6220 very well working. Pings between the 6506 and the blades are not.

The blades run ESXi 5.5U2 and I added two interfaces tissue management vSwitch. I first tried to make the m6220 g1/1 an access port, but that did not work. I tried making a port trunk and setting one VLAN, but this does not work either.

What information is needed to help with this?

Thank you.

I'm done just erase everything and start over. Sometimes when you have changed all sorts of things, create a clean starting point, it is what is needed.

Daniel, thanks for the reply and suggestions.

Here's the configs that worked as I expect. I hope someone can benefit from my efforts.

Cisco 6506:
interface Port-channel1 description m1000e-ModuleA1 switchport switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel2 description m1000e-ModuleB1 switchport switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel3 description m1000e-ModuleC1 switchport switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel4 description m1000e-ModuleC2 switchport switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel5 description m1000e-ModuleB2 switchport switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel6 description m1000e-ModuleA2 switchport switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet1/1 description m1000e-ModuleA1-Port17 switchport switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode active ! interface GigabitEthernet1/2 description m1000e-ModuleB1-Port17 switchport switchport trunk encapsulation dot1q switchport mode trunk channel-group 2 mode active ! interface GigabitEthernet1/3 description m1000e-ModuleC1-Port17 switchport switchport trunk encapsulation dot1q switchport mode trunk channel-group 3 mode active ! interface GigabitEthernet1/46 description m1000e-ModuleC2-Port17 switchport switchport trunk encapsulation dot1q switchport mode trunk channel-group 4 mode active ! interface GigabitEthernet1/47 description m1000e-ModuleB2-Port17 switchport switchport trunk encapsulation dot1q switchport mode trunk channel-group 5 mode active ! interface GigabitEthernet1/48 description m1000e-ModuleA2-Port17 switchport switchport trunk encapsulation dot1q switchport mode trunk channel-group 6 mode active ! interface GigabitEthernet2/1 description m1000e-ModuleA1-Port18 switchport switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode active ! interface GigabitEthernet2/2 description m1000e-ModuleB1-Port18 switchport switchport trunk encapsulation dot1q switchport mode trunk channel-group 2 mode active ! interface GigabitEthernet2/3 description m1000e-ModuleC1-Port18 switchport switchport trunk encapsulation dot1q switchport mode trunk channel-group 3 mode active ! interface GigabitEthernet2/46 description m1000e-ModuleC2-Port18 switchport switchport trunk encapsulation dot1q switchport mode trunk channel-group 4 mode active ! interface GigabitEthernet2/47 description m1000e-ModuleB2-Port18 switchport switchport trunk encapsulation dot1q switchport mode trunk channel-group 5 mode active ! interface GigabitEthernet2/48 description m1000e-ModuleA2-Port18 switchport switchport trunk encapsulation dot1q switchport mode trunk channel-group 6 mode active ! interface GigabitEthernet3/1 description m1000e-ModuleA1-Port19 switchport switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode active ! interface GigabitEthernet3/2 description m1000e-ModuleB1-Port19 switchport switchport trunk encapsulation dot1q switchport mode trunk channel-group 2 mode active ! interface GigabitEthernet3/3 description m1000e-ModuleC1-Port19 switchport switchport trunk encapsulation dot1q switchport mode trunk channel-group 3 mode active ! interface GigabitEthernet3/46 description m1000e-ModuleC2-Port19 switchport switchport trunk encapsulation dot1q switchport mode trunk channel-group 4 mode active ! interface GigabitEthernet3/47 description m1000e-ModuleB2-Port19 switchport switchport trunk encapsulation dot1q switchport mode trunk channel-group 5 mode active ! interface GigabitEthernet3/48 description m1000e-ModuleA2-Port19 switchport switchport trunk encapsulation dot1q switchport mode trunk channel-group 6 mode active ! interface GigabitEthernet4/1 description m1000e-ModuleA1-Port20 switchport switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode active ! interface GigabitEthernet4/2 description m1000e-ModuleB1-Port20 switchport switchport trunk encapsulation dot1q switchport mode trunk channel-group 2 mode active ! interface GigabitEthernet4/3 description m1000e-ModuleC1-Port20 switchport switchport trunk encapsulation dot1q switchport mode trunk channel-group 3 mode active ! interface GigabitEthernet4/46 description m1000e-ModuleC2-Port20 switchport switchport trunk encapsulation dot1q switchport mode trunk channel-group 4 mode active ! interface GigabitEthernet4/47 description m1000e-ModuleB2-Port20 switchport switchport trunk encapsulation dot1q switchport mode trunk channel-group 5 mode active ! interface GigabitEthernet4/48 description m1000e-ModuleA2-Port20 switchport switchport trunk encapsulation dot1q switchport mode trunk channel-group 6 mode active ! interface Vlan100 description Primary VLAN ip address 192.168.100.4 255.255.255.0
------------------------------------------------------------------------------- Dell m6220-a1 interface vlan 100 1 ip address 192.168.100.41 255.255.255.0 ! interface Gi1/0/1 switchport mode general switchport general acceptable-frame-type tagged-only switchport general allowed vlan add 100 tagged exit ! interface Gi1/0/2 switchport mode general switchport general acceptable-frame-type tagged-only switchport general allowed vlan add 100 tagged exit ! interface Gi1/0/3 switchport mode general switchport general acceptable-frame-type tagged-only switchport general allowed vlan add 100 tagged exit ! interface Gi1/0/4 switchport mode general switchport general acceptable-frame-type tagged-only switchport general allowed vlan add 100 tagged exit ! interface Gi1/0/5 switchport mode general switchport general acceptable-frame-type tagged-only switchport general allowed vlan add 100 tagged exit ! interface Gi1/0/6 switchport mode general switchport general acceptable-frame-type tagged-only switchport general allowed vlan add 100 tagged exit ! interface Gi1/0/7 switchport mode general switchport general acceptable-frame-type tagged-only switchport general allowed vlan add 100 tagged exit ! interface Gi1/0/8 switchport mode general switchport general acceptable-frame-type tagged-only switchport general allowed vlan add 100 tagged exit ! interface Gi1/0/9 switchport mode general switchport general acceptable-frame-type tagged-only switchport general allowed vlan add 100 tagged exit ! interface Gi1/0/10 switchport mode general switchport general acceptable-frame-type tagged-only switchport general allowed vlan add 100 tagged exit ! interface Gi1/0/11 switchport mode general switchport general acceptable-frame-type tagged-only switchport general allowed vlan add 100 tagged exit ! interface Gi1/0/12 switchport mode general switchport general acceptable-frame-type tagged-only switchport general allowed vlan add 100 tagged exit ! interface Gi1/0/13 switchport mode general switchport general acceptable-frame-type tagged-only switchport general allowed vlan add 100 tagged exit ! interface Gi1/0/14 switchport mode general switchport general acceptable-frame-type tagged-only switchport general allowed vlan add 100 tagged exit ! interface Gi1/0/15 switchport mode general switchport general acceptable-frame-type tagged-only switchport general allowed vlan add 100 tagged exit ! interface Gi1/0/16 switchport mode general switchport general acceptable-frame-type tagged-only switchport general allowed vlan add 100 tagged exit ! interface Gi1/0/17 channel-group 1 mode active switchport mode general switchport general acceptable-frame-type tagged-only exit ! interface Gi1/0/18 channel-group 1 mode active switchport mode general switchport general acceptable-frame-type tagged-only exit ! interface Gi1/0/19 channel-group 1 mode active switchport mode general switchport general acceptable-frame-type tagged-only exit ! interface Gi1/0/20 channel-group 1 mode active switchport mode general switchport general acceptable-frame-type tagged-only exit ! interface port-channel 1 description "Cisco 6506 Po1" switchport mode general switchport general acceptable-frame-type tagged-only switchport general allowed vlan add 100 tagged
The remaining Dell m6220's are the same with the port-channel changed.

PC8132F to Cisco Catalyst 3600

Nice day

I hope someone can help me here, I'll have questions, get a channel on port with 802. 1 q, working between a stack of 2 devices of the switches 8132F and a single Cisco Catalyst 3600, this switch series switch cannot be removed due to regulations graduates by a Government Department that works to and I need to put an effective link between the switch and our new 8132F switches (this was easy until the network was fully Cisco) but for the life of me I can't not operate. When I connect the ports (well I connect only 1 because I'm testing only at this stage, in the end, it will be two)

Here's the configs for two switches

Cisco:

Interface Port-Channel 4

Description box EtherChannel to Dell Core

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-4

switchport mode trunk

broadcast storm control 60.00

interface GigabitEthernet1/3

Description box to Dell Core EtherChannel * PORT 01 *.

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-4

switchport mode trunk

broadcast storm control 60.00

spanning tree portfast trunk

spanning tree guard root

channel-group mode 4 on

!

interface GigabitEthernet1/4

Description box to Dell Core EtherChannel * 02 PORT *.

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-4

switchport mode trunk

broadcast storm control 60.00

spanning tree portfast trunk

spanning tree guard root

channel-group mode 4 on

!

Dell:

interface port-channel 24
Description "2 Port EtherChannel link Cisco 3600"
switchport mode trunk
switchport trunk allowed vlan 1-4
dvlan-tunnel mode
port-channel min-links 1
output
!
interface Te1/0/24
Description "2 Port EtherChannel link Cisco 3600"
active in mode channel-group 24
Storm-control broadcasts 60
switchport mode trunk
switchport trunk allowed vlan 1-4
dvlan-tunnel mode
output
!
interface Te2/0/24
Description "2 Port EtherChannel link Cisco 3600"
active in mode channel-group 24
Storm-control broadcasts 60
switchport mode trunk
switchport trunk allowed vlan 1-4
dvlan-tunnel mode
output

Any help would be appreciated more

Concerning

Justin

jpsimmonds, I sent an email and look forward to your response.

How can I configure Spanning Tree

Hello

I have several core Dell passes using PowerConnect 6224 s most - these ink in my Cisco provider kit. We run several VLAN and have redundant links between stacked switches.

I have read up on top of the tree covering weight and have the following tasks:

1 map of the network - including the ID of the root bridge, root ports, roads blocked, age max and time of helo

Once I made my analysis information, I don't know how to better optimize the covering tree config, so far I have:

1. make sure RSTP is enabled on all switches
2. make sure that all edge ports have spanning port configured fast shaft
3. not declare spanning port fast shaft on the links between switches
4 force speed and duplex settings on all ports to link between the switches (I guess that's because the auto negotiate takes more time?)

I'm not sure is:
1 can I use BPDU guard and if so, where?
2 can I use root guard and if so, where?

I read the informative article by Todd: http://en.community.dell.com/support-forums/network-switches/f/866/t/19465205.aspx

But, I don't know where\whether I should to configure the options of guard - am happy to provide additional information as needed.

Thank you

Spanning Tree BPDU Guard is used to disable the port where a new device tries to enter the already

existing STP topology. Thus the devices, which were originally not part of STP, are not allowed to

influence the STP topology. If the Enable value, when a BPDU is received on a port of the tip, this port is disabled. Once the port has been disabled it requires manual intervention to be reactivated.

Spanning Tree Root Guard is used to prevent change of the root of a Spanning Tree instance

in an unexpected way. The priority of an ID of adjustable bridge to zero but another bridge with a low mac ID

address could also set its priority to zero and take root.

Both are defined globally on the switch. If you have any possibility of other network devices being plugged into the switch without your knowledge. It may be a good idea to these permits after that STP is configured on the network. That way if someone randomly connected network with STP on this device, it will not throw your network for a loop.

Here are some good white pages on the tree covering weight

www.Dell.com/.../app_note_13.pdf

www.Dell.com/.../app_note_1.pdf

www.Dell.com/.../pwcnt_MSTP_interoperability.pdf

Thank you

Cannot connect the switch Cisco Cisco SG300 - 28 p spend and traffic through VLANS

Try to connect the Cisco SG300 - 28 p switch to another switch and proceed 2 VLANS between them. Not doing any circuit. If I connect a computer to the port on the SG300 - 28 p I can access the VLAN 2 and take a DHCP address. However, when I connect to another switch on the port and connect it to a port on another switch secondary I am unable to access VLAN 2 and pull an IP address. I checked that the works of secondary switch (WS-C3560G-48PS-S) connected to the other 3500 s, but not this latest SG300 - 28 p. Here's the configuration for both, I'm leaving areas that shouldn't matter and add if necessary. Try to connect the SG300 - 28 p Port 26-WS-C3560 Port 1 port. Once again, if I connect a computer to port 26 on the SG300 - 28 p I access the VLAN 2 as expected, but not when I connect to channel 2 on the secondary switch.

Cisco SG300 - 28 p

!
interface vlan 1
Internet name
!
interface vlan 2
LAN name
IP 172.20.5.11 255.255.0.0
no ip address dhcp (this is the VLAN I'm moving)
!
interface vlan 3
private name
!
interface vlan 4
name of Nortel
!
interface vlan 101
name Video_Project
!
interface gigabitethernet26
Description VLAN2-ACCESS-CISCO3500
switchport mode access
switchport access vlan 2 (this goes to port 1 on the other Cisco 3500 switch to provide access 2 VLAN)

Cisco 3500

!
interface Vlan1
NATCO Internet description
no ip address
no ip route cache
no ip mroute-cache
!
interface Vlan2
NATCO LAN description
IP 172.20.5.13 255.255.0.0
no ip route cache
no ip mroute-cache (this is the VLAN I'm moving)

!
interface Vlan3
Description LHPrivate
no ip address
no ip route cache
no ip mroute-cache
!
interface GigabitEthernet0/1
switchport access vlan 2 (this is the port that I connect to the SG300 - 28 p)

!
interface GigabitEthernet0/2
switchport access vlan 2 (this is the port I hang my computer to and trying to access VLAN 2 other switch)

Hello

Yes, STP is the problem here. As you can see on your release of the Cisco 3500 switch, port Gi0/1 is BKN (The FEW is a shortened form of "Broken").

This is caused by an incompatibility of versions PLEASE used between the two switches. Small businesses (including series SG300) switches are use legacy STP or Rapid STP (your case), but uses templates to business (such as catalyst 3500) PVST + (each VLAN spanning tree version of STP).

Two versions between group of switches are compatible only under certain conditions. Important condition is that the two switchports needs to use a VLAN 1, vlan access/native and not any other number VLAN.

It is to make your communication work, you must:
- disable the STP at least 3500 Cisco switch:
  - on overall global (Switch (config) # no vlan spanning tree 2)
  - or by the base interface (switch(config-if) # no vlan spanning tree 2)
- change the configuration of your connection between two switches by following the path:
  - change the switchport trunk (trunk switchport mode) mode
  - do 1 VLAN as native vlan (vlan switchport trunk native 1)
  - Towing VLAN 2 as vlan tagged on that Stump (switchport trunk allow vlan add 2)

SPAN and TCP RST

I know that a Cisco IDS allows to inject a TCP RST in a SPAN port in order to kill a connection.

My question is: this technique works only when you switch ports SPANing, or will it also work when SPANing VLAN? I was told that is not possible. Suppose a 6000 series switch.

Regards, Jeff

Some switches allow you to send TCP reset via the Span port and some do not. TCP resets through the port Span are therefore very switch to load, and you can read your documentation of switches. (Not all Cisco switches has exactly the same).

IF the switch allows TCP resets the Span port then the resets should work for port and Vlan Span sessions with a few warnings that you can read below.

IF the switch does not TCP resets the Span port, then TCP resets do not work whatever the Span session type you have.

In a Session of Span Port, the port being calibrated must be in the same vlan that is configured for the destination span for TCP port resets to recover the vlan good work.

If you try to Port Span ports of different VLAN, then the sensor will alarm OK, but the TCP reset works only on attacks that are visible on the same vlan assigned to the destination span port.

VLAN spans have the same limitations. If you cover a single virtual LAN vlan is attributed to the destination span port, then the TCP resets will get to the vlan right and should work.

If extend you from several VLANs and then the TCP resets will only work on the same vlan assigned to the destination span port.

Configure to integrate Cisco ASA and JOINT

Hello

We have Cisco ASA and JOINT, need assistance on the integration of the same thing; Please email me so that I'll share the details of the architecture.

Thank you best regards &,.

REDA

Hi reda,.

If I correctly your diagram, you do not want to send any traffic from the external switch to the JOINT with a SPAN port and all traffic from your DMZ interfaces with another.

Is this correct?

If so, can you tell me why you want to inspect the traffic before it goes through the firewall? As I said in my original answer, we generally advise putting IP addresses after the firewall.

Not to mention that in your case, I guess that some traffic will be inspected twice so you will need to assign a different virtual sensors to each JOINT internal interfaces to ensure that the same instance does not see the traffic of several times.

Kind regards

Nicolas

Cisco 892FSP - SPAN Ports behavior

Similar Questions

Maybe you are looking for