montoring/mirroring

Visibility: Open to anyone

    i set up a monitoring session between a 3550 and a 2960 to capture dot1d activity using wireshark... the interface of the pc is connected to g0/1 of the 2960 and set as the destination for monitoring from the g0/21 port on the 2960...the 3550 and 2960 are connected through fiber between g0/21 (2960) and g0/11 (3550)

     

     

    sw2960#sh run int g0/21

    Building configuration...

     

    Current configuration : 60 bytes

    !

    interface GigabitEthernet0/21

    switchport mode trunk

    end

     

     

    sw3550#sh run int g0/11

    Building configuration...

     

    Current configuration : 98 bytes

    !

    interface GigabitEthernet0/11

    switchport trunk encapsulation dot1q

    switchport mode trunk

    end

     

    nothing special there on the trunk... monitoring is set up on the 2960 as such:

     

    sw2960#sh run

    begin monitor

    monitor session 1 source interface Gi0/21

    monitor session 1 destination interface Gi0/1 encapsulation replicate

    end

     

    sw2960(config)#monitor session 1 source int g0/21 both

     

    notice i used the "both" command in the argument for int g0/21... both is the default...

     

    do sh int g0/1 to ensure that it monitors:

     

    sw2960#sh int g0/1

    GigabitEthernet0/1 is up, line protocol is down (monitoring)

    Hardware is Gigabit Ethernet, address is 001e.79cd.9281 (bia 001e.79cd.9281)

     

    then i changed the root to be vlan 1 on the 2960... let's prove it through wireshark...

     

    in flags a topology change is noted...

    the root identifier is now that of the 2960...

    the extension id is 1 indicating vlan 1

    the port identifier is is 0x8015 15hex = 21 decimal or port 21

     

    sw2960#sh spann

     

     

    VLAN0001

    Spanning tree enabled protocol ieee

    Root ID Priority 20481

    Address 001e.79cd.9280

    This bridge is the root

    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

     

    Bridge ID Priority 20481 (priority 20480 sys-id-ext 1)

    Address 001e.79cd.9280

    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

    Aging Time 15

     

    Interface Role Sts Cost Prio.Nbr Type

    ---------------- ---- --- --------- -------- --------------------------------

    Gi0/21 Desg FWD 4 128.21 P2p

     

    if you need a hex refresher go here:

    http://insearchofthecert.blogspot.com/search/label/hexadecimal