Introduction

If you’ve ever needed to perform packet analysis for troubleshooting then you have options. If you have an IP base IOS image or above then it is likely you can do a packet capture directly on the switch however if you are running a LAN Base image then Cisco limit your options. In my case I had a LAN Base image on a Cisco 3850 so my only option is a span port. This however works well with the excellent packet analysis software Wireshark.

Solution

With Wireshark installed on a laptop with a SPAN port configured on the switch, it gives you access to all the packets which are traversing the link you are monitoring. Quite simply a SPAN port mirrors the source port traffic to the destination port. Ensure the destination interface is not shut and do your packet capture.

monitor session 1 source interface Gi1/0/30
monitor session 1 destination interface Gi2/0/47

interface GigabitEthernet2/0/47
switchport mode access
switchport nonegotiate

For more reading up on the theory, try the following links:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/swspan.html

http://www.ciscozine.com/how-to-analyze-traffic-with-span-feature/

 

 

Cisco Span Port Configuration
Tagged on:             

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.