ПРОЕКТЫ 


  АРХИВ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  СТАТЬИ 


  ПЕРСОНАЛЬНОЕ 


  ПРОГРАММЫ 



ПИШИТЕ
ПИСЬМА












     АРХИВ :: Inet-Admins
Inet-Admins mailing list archive (inet-admins@info.east.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[inet-admins] Strange SPAN behaviour of Cat2924M-XL



Добрый день.

Имеется  каталист  2924M-XL. В порт 0/17 воткнута тачка с линуксом RedHat 6.2 (назовем ее host1). На
ней запущен tcpdump.
На свитче попытался включить SPAN следующим образом:
interface FastEthernet0/17
 port monitor FastEthernet0/9

Ожидал,  что  tcpdump  увидит  не только кадры, предназначенные для host1, но и кадры бегающие через
порт 0/9. Не видит!

Ладно, отключаем мониторинг и начинаем смотреть сначала:
sw#debug port monitor
Port monitoring debugging is on
sw#term mon
sw#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
sw(config)#int fa0/17
sw(config-if)#port monitor

Mar 14 11:39:29: Port 18 is monitoring port 27
Mar 14 11:39:29: Port 18 is monitoring port 0
[...]
Mar 14 11:39:32: Port 18 is monitoring port 25
sw(config-if)#^Z
sw#
sw#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
sw(config)#int fa0/17
sw(config-if)#no port mon

Mar 14 11:41:09: Port 18 no longer monitors port 27
Mar 14 11:41:09: Port 18 no longer monitors port 0
[...]
Mar 14 11:41:11: Port 18 no longer monitors port 25

Oops..  Почему  'port  18'?
Ладно,  находим,  что единственный порт, номер которого в конфиге совпадает с номером в дебаге - это
порт 16. OK. Втыкаем host1 в порт 16 и настраиваем SPAN:
sw(config-if)#int fa0/16
sw(config-if)#port monitor

Mar 14 11:43:26: Port 16 is monitoring port 27
Mar 14 11:43:26: Port 16 is monitoring port 0
[...]
Mar 14 11:43:29: Port 16 is monitoring port 25
sw(config-if)#^Z

Проверяем на всякий случай:

sw#sh port mon
Monitor Port           Port Being Monitored
---------------------  ---------------------
FastEthernet0/16       VLAN1
FastEthernet0/16       FastEthernet0/1
[...]
FastEthernet0/16       FastEthernet0/24

tcpdump по-прежнему молчит.

Соответственно вопрос: что я делаю не так?

Да, на сайте циски видел среди прочих такую фразу:
Switch Port Analyzer (SPAN) can operate only if the monitor port or the port being monitored is not a protected port

Но она вроде ко мне не относится..

PS
sw#sh ver
Cisco Internetwork Operating System Software
IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5.2)XU, MAINTENANCE INTERIM SOFTWARE
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Mon 17-Jul-00 17:35 by ayounes
Image text-base: 0x00003000, data-base: 0x00301F3C

ROM: Bootstrap program is C2900XL boot loader

sw uptime is 4 weeks, 5 days, 40 minutes
System returned to ROM by power-on
System restarted at 10:27:24 MSK Fri Feb 9 2001
System image file is "flash:c2900XL-c3h2s-mz-120.5.2-XU.bin"


cisco WS-C2924M-XL (PowerPC403GA) processor (revision 0x11) with 8192K/1024K bytes of memory.
Processor board ID FAB0439N09N, with hardware revision 0x03
Last reset from power-on

Processor is running Enterprise Edition Software
Cluster command switch capable
Cluster member switch capable
24 FastEthernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:03:E3:34:F8:80
Motherboard assembly number: 73-3425-10
Power supply part number: 34-0920-01
Motherboard serial number: FAB0438446R
Power supply serial number: PHI040202SZ
Model revision number: A0
Motherboard revision number: E0
Model number: WS-C2924M-XL-EN
System serial number: FAB0439N09N
Configuration register is 0xF

sw#sh run
Current configuration:
version 12.0
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname sw
!
enable secret 5 <secret>
enable password 7 <secret>
!
username root password 7 <secret>
!
clock timezone MSK 3
clock summer-time MSD recurring last Sun Mar 3:00 last Sun Oct 3:00
!
no spanning-tree vlan 1
ip subnet-zero
ip domain-name local.dom.ru
ip name-server 172.25.1.2
cluster enable SPB 0
cluster member 2 mac-address 0002.4b64.d241
cluster member 3 mac-address 0002.4b64.8dc2
cluster member 4 mac-address 0004.4de6.c283
cluster member 5 mac-address 0004.9a16.d904
!
!
!
interface FastEthernet0/1
 port group 1
 switchport mode trunk
!
interface FastEthernet0/2
 port group 1
 switchport mode trunk
!
interface FastEthernet0/3
 port group 2
 switchport mode trunk
!
interface FastEthernet0/4
 port group 2
 switchport mode trunk
!
interface FastEthernet0/5
 port group 3
 switchport mode trunk
!
interface FastEthernet0/6
 port group 3
 switchport mode trunk
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface VLAN1
 ip address 172.25.1.105 255.255.0.0
 no ip redirects
 no ip directed-broadcast
!
ip default-gateway 172.25.1.1
logging 172.25.1.2
!
line con 0
 exec-timeout 0 0
 password 7 <secret>
 login
 transport input none
 stopbits 1
line vty 0 4
 exec-timeout 0 0
 password 7 <secret>
 login local
line vty 5 15
 exec-timeout 0 0
 password 7 <secret>
 login local
!
ntp clock-period 22518081
ntp server 172.25.1.2
end


-- 
С уважением,
Александр Колесник.



=============================================================================
"inet-admins" Internet access mailing list. Maintained by East Connection ISP.
Mail "unsubscribe inet-admins" to Majordomo@info.east.ru if you want to quit.
Archive is accessible on http://info.east.ru/rus/inetadm.html




 




Copyright © Lexa Software, 1996-2009.