cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
drjarmon
New Contributor III

Session Traffic Mirror Settings

Jump to solution

Trying to add an IPS and some monitor session options don't seem to be available.  Problem is outbound traffic is vlan tagged and received traffic is untagged.  The IPS is able to maintain session info.

Variations of the monitor session command include the following:

monitor session <number> destination interface <interface> no-isolate

monitor session <number> destination interface <interface> no-tag

monitor session <number> destination interface <interface> no-isolate no-tag

monitor session <number> destination interface <interface> no-tag no-isolate

monitor session <number> source interface <interface>

monitor session <number> source interface <interface> both

monitor session <number> source interface <interface> rx

monitor session <number> source interface <interface> tx

Current settings:

interface gigabit-switchport 0/16

  description IPS-capture

  no shutdown

  switchport mode trunk

!

interface gigabit-switchport 0/17

  no shutdown

  switchport mode trunk

monitor session 1 destination interface gigabit-switchport 0/16

monitor session 1 source interface gigabit-switchport 0/17 both

Thanks for any insight.

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
drjarmon
New Contributor III

Re: Session Traffic Mirror Settings

Jump to solution

IPS vendor made changes to firmware to ignore VLAN tags.  Problem solved.

View solution in original post

0 Kudos
4 Replies
cj_
Valued Contributor
Valued Contributor

Re: Session Traffic Mirror Settings

Jump to solution

Hi drjarmon:

So is your IPS unable to parse the Layer 2 (802.1Q) tag info?  In your example configuration, I believe the mirror will include the whole trunk, tagged and untagged VLANs.  Could you provide a diagram of your network?  It would be helpful to see your physical and Layer 2 setup.

CJ

drjarmon
New Contributor III

Re: Session Traffic Mirror Settings

Jump to solution

Hopefully, this diagram will help.  The IPS vendor has suggested bringing in a Cisco switch.

Span Port.jpg

Anonymous
Not applicable

Re: Session Traffic Mirror Settings

Jump to solution

- Are you still in need of assistance regarding this issue?

Thanks,

Noor

drjarmon
New Contributor III

Re: Session Traffic Mirror Settings

Jump to solution

IPS vendor made changes to firmware to ignore VLAN tags.  Problem solved.

View solution in original post

0 Kudos