Use the following in conjuction with any host capable of running tcpdump,
ethereal, etc. (assuming CatOS):
'set span 1,6 1/2 rx inpkts disable learning enable multicast enable create'
Broken down:
'set span <SRC VLAN N..M> <DST Interface> <Direction> <Enable inband
packets to sensor interface disabled> <MAC Address learing enabled>
<Multicast eligible frame destination enabled> <create new SPAN session>'
In the example given all frames received by the supervisor for (native)
VLAN 1 and those tagged for VLAN 6 will be forwarded to the destination
port '1/2'.
AJC
ajc@mytcpip.net
On Apr 10, 2006, at 4:04 AM, Stef wrote:
Thanks to all who answered - basically the suggestions revolved around
the same type of solution I assumed originally to be needed
(span/mirror/monitor ports, one at a time, to a probe machine -
whether done via a script on the switch, itself, or controlled
remotely). The above solution is different (saving tons of work), and
it is in fact something I have tried in the past, but never been able
to get to work properly [the entire traffic]. I am thankful for the
reminder, as I could give it another shot.
I've found tcpdump -e to be useful, too - didn't think of that, good
suggestion. Doing it the other way at the console isn't a lot of
work (*not* one port at a time - one blade at a time via port-ranges
for the SPAN source, then narrowing down the port ranges), it's about
5 minutes or so, max, FYI.
Here's some documentation on SPAN/RSPN for the 4500 series:
http://www.cisco.com/en/US/products/hw/switches/ps663/
products_configuration_guide_chapter09186a0080176332.html
Good luck!
----------------------------------------------------------------------
Roland Dobbins <rdobbins@cisco.com> // 408.527.6376 voice
Everything has been said. But nobody listens.
-- Roger Shattuck
