Can I 'monitor session' trunk ports to a Cisco IDS?

Similar Messages

• OVM 3:Monitor a trunk port/create a dedicated NIC

  Hi,
  I need to monitor a trunk port from within a guest. Does OVM offer the ability to tie a network card directly to a guest? I don't want other guests to have access to the same nic at the same time.

  Understood.
  I have now setup a simple network with bonds/ports only and attached that to the NIC that is connected to the SPAN port on my Cisco switch. This SPAN port mirrors a trunk port and thus carries of course all the VLANs.
  Next, I have setup a guest running ntop and that has a vnic attached to it, that is connected to the new network. Now, when I run tcpdump against that port I am only seeing broadcast and multicast traffic. Is there a way to capture the whole network traffic that is mirrored to the SPAN port?
  I have also taken a look at the network with ports and vans, but that doesn't seem to fit either.

• Can't Monitor Sessions in 3.0.04 while query running?

  SQL Developer is a nice free tool; would like to be able to view sessions while a query is running. I can view when it is not running. How can I do this?
  Thanks,
  Adam

  Hi K and Buntoro,
  My experience with SQL Developer only goes back to 2.1, so this was news to me. Thanks for your comments.
  Here is a short history on this point:
  1.5.x:
  a) No Unshared Connection icon in toolbars.
  b) Use Ctrl+Shift+N to create an unshared connection.
  c) Unshared connections appear in drop-down list. (with <underscore> name decoration)
  d) Selecting an unshared connection from the drop-down for some UI action will then share with that "unshared" connection
  2.1.x & Up:
  a) Unshared Connection icon available in toolbars.
  b) Ctrl+Shift+N still creates an unshared connection.
  c) Unshared connections no longer appear in the drop-down list.
  d) This eliminates any confusion over sharing an "unshared" connection.
  So, it seems the change was intentional. I personally like K's earlier suggestion of creating duplicate connections. In fact, the shared connection icon's "Select Connection" dialog easily lets you create duplicates on-the-fly. I think filing a bug wouldn't be justified. Please let me know if I've missed any key facts here.
  Thanks again,
  Gary

• Can we Monitor third party Windows servers through Cisco Prime

  Hi Team,
  We are  using  Cisco Prime assurance and  are currently monitoring Cisco UCCE Components through it.
  Meanwhile we have   few third party  windows servers , which we would like to monitor it through Cisco Prime , just to maintain a single monitoring tool.
  If yes, please share the steps or link.Also highlight the limitations in that.
  Regards,
  krishna

  Seems Cisco Prime Assurance Manager is now obsolete and end of life already.
  It is replaced by Cisco Prime Infrastructure. CPI supports third party/vendor devices to some minimum extent with limited management details collected via SNMP Templates.
  -Thanks
  Vinod
  **Encourage Contributors. RATE Them.**

• SG-300 CLI How to display trunk ports

  Hello
  I have a very simple question about CLI on SG-300. How to display trunk ports via cli? I have switch with 28 ports and I wanted to see what switchport mode is applied to every port - or simply we can just focus on trunk ports. On Cisco Catalysts there is "show trunk" command in order to get list of ports in Trunk mode. Is there any way to do it on SG-300?
  srv-sw-1#show version
  SW version    1.3.0.62 ( date  02-May-2013 time  14:55:01 )
  Boot version    1.1.0.6 ( date  11-May-2011 time  18:31:00 )
  HW version    V02
  thank you
  michal

  Hi,
  I remember something at least that works port by port:
  >#sh int switchport fa 1
  Port : fa1
  Port Mode: Trunk
  Gvrp Status: disabled
  Ingress Filtering: true
  Acceptable Frame Type: admitAll
  Ingress UnTagged VLAN ( NATIVE ): 1
  Port is member in:
  Vlan               Name               Egress rule Port Membership Type
  1                  1                  Untagged          System
  Displays detailed info about each port, range command will not work, but it's something.
  You can check for vlans and or tags with:
  sh vlan
  sh vlan tag 1.
  NTex

• Trunk port as a destination for SPAN session

  Can we make a trunk port as a destination for SPAN session? If yes, how

  Of course you can. It will be configured the same as an access port:
  monitor session 1 destination int g0/24
  However be aware of the following:
  Destination Port
  Each local SPAN session destination session must have a destination port (also called a monitoring port) that receives a copy of traffic from the source port.
  The destination port has these characteristics:
  •It must reside on the same switch as the source port (for a local SPAN session).
  •It can be any Ethernet physical port.
  •It cannot be a source port or a reflector port.
  •It cannot be an EtherChannel group or a VLAN.
  •It can be a physical port that is assigned to an EtherChannel group, even if the EtherChannel group has been specified as a SPAN source. The port is removed from the group while it is configured as a SPAN destination port.
  •The port does not transmit any traffic except that required for the SPAN session.
  •If ingress traffic forwarding is enabled for a network security device, the destination port forwards traffic at Layer 2.
  •It does not participate in spanning tree while the SPAN session is active.
  •When it is a destination port, it does not participate in any of the Layer 2 protocols (STP, VTP, CDP, DTP, PagP, or LACP).
  •No address learning occurs on the destination port.
  •A destination port receives copies of sent and received traffic for all monitored source ports. If a destination port is oversubscribed, it could become congested. This could affect traffic forwarding on one or more of the source ports.

• How to check trunk port on 3548 xl switch

  Hi all,
  i have 3548 xl switch  i know on other switches i can use command
  sh int trunk  but on this switch it  does not work.
  do anyone knows which command we can use  to check trunk ports other then this
  sh int fa switchport???????????
  thanks
  mahesh

  Hi all,
  i have 3548 xl switch  i know on other switches i can use command
  sh int trunk  but on this switch it  does not work.
  do anyone knows which command we can use  to check trunk ports other then this
  sh int fa switchport???????????
  thanks
  mahesh
  Hi Mahesh,
  What error it shows when you issue show interface trunk on switches ..
  Ganesh.H

• Wrong Port Statistics in Cisco Network Assistant

  Hello,
  I'm having some troubles with CNA (version 6.0). There's a few switches in the network that displays wrong information about sports activities/statistics. I've got some ports administratively down, without activity, however CNA is showing Tx and Rx rates, etc. I've already cleared counters from the application and from CLI too. If I do "show interface Gix/x/x" in the CLI, it returns results that I waited, but not in CNA, where it's showing wrong information. Moreover, some ports which should have activity and statistics, don't displays info. All rates and statistics shows 0 when I'd must see any number except 0.
  I'm talking about a stack with 3 Catalyst 3750-X 48P.
  Cisco IOS Software, C3750E Software (C3750E-UNIVERSALK9-M), Version 15.0(2)SE5, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2013 by Cisco Systems, Inc.
  Compiled Fri 25-Oct-13 12:38 by prod_rel_team
  ROM: Bootstrap program is C3750E boot loader
  BOOTLDR: C3750E Boot Loader (C3750X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)
  Thanks,
  Kind regards,

  In Cisco Network Assistant, under smart ports, if I configure the switch port as Cisco Wireless/Router, it hard  codes the interface as Trunk.In this particular case what is the reason for hard coding it as trunk?
  When you are dealing with autonomous wireless access point, it's very common to have mutiple VLANs configured in the WAP, therefore you need a Trunk switch port.
  You can also configure the trunk port to allow VLANs of your choice.

• 2950C Unable to ping destination port in monitor session

  I have 2 Pix firewalls and a web filtering server running Surfcontrol. In order for Surfcontrol to filter web usage it has to see the traffic being sent to the firewall's. I have created a monitor session and have used the firewall ports as the source with transmit and receive, and the web filter server as the destination. However when I do this I am not able to ping the web filter server. The web filter is unable to function ie block websites based on the rules that we have setup if the destination port is unable to send packets to internal workstations.
  Is there anything I can do to allow the destination port to be able to send packets to internal workstations ??

  Hi Frined,
  When you configure SPAN destination port , that port will just work as a monitoring port and will not work for general network traffic.
  If you do " sh int" you will see line protocol down (monitoring)
  Now if you want that port to monitor as well as take part into normal network also you have to enable ingress traffic on the destination port
  "monitor session session_number destination interface interface-id [ingress vlan vlan id]"
  Check this link for more details
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12119ea1/2950scg/swspan.htm#1218090
  HTH
  Ankur

• Can the last link in a thunderbolt daisy-chain be a non-thunderbolt monitor using miniDisplay port?

  Can the last link in a thunderbolt daisy-chain be a non-thunderbolt monitor, using miniDisplay port?
  For example, Mac mini <--> external SSD <--> apple cinema display 30" (using miniDisplay port adaptor plugged into the SSD's second thunderbolt port)

  TechnoMax wrote:
  for instance STAE122 or STAE 127?
  FWIW, STAE129 is the current version TB adapter
  that is self powered and has TB daisy chain port.
  STAE122 and STAE127 are older versions and
  not the current model, though there may be stock of
  these around.  As to whether this will solve your issue,
  I don't know.
  Can I trick the Mac under Bootcamp as OS to use HDMI for the monitor? Dell officially says that the monitor can only accept 1900x1080 over HDMI, but some have fiddled wth different computers with custom settings that worked with some Monitors but mostly under Linux and to Dell 2711.
  The MacMini HDMI port is hardware limited to 1980x1200.

• Monitor Sessions can't see most sessions?

  Symptom: Session Monitor nearly always displays “No text available” for a session’s current statement.
  Diagnosis:
  1.     I can’t see SQL for most sessions, even if I login as user SYS with the SYSDBA privilege.
  2.     Manual says:
  Monitor Sessions: Displays the status of one or more sessions, using information from the V$RSRC_SESSION_INFO view, which shows how the session has been affected by the Oracle Database Resource Manager.
  3.     When connected as system, I can select from the table Session Monitor uses, both on the server and via SQL Developer:
  SQL> select count(*) from V$RSRC_SESSION_INFO;
  50
  4.     In comparison, TOAD can display SQL for any user if I connect as user system . Run side by side, TOAD displays SQL for sessions that SQL Developer won’t display.

  Might be that TOAD displays the last executed statement rather than sqldev's current executing statement?
  K.

• [svn:fx-trunk] 21141: Bug: 2780176 - Logging and logging out multiple times in LCDS can cause duplicate session detected errors .

  Revision: 21141
  Revision: 21141
  Author:   [email protected]
  Date:     2011-04-26 06:40:39 -0700 (Tue, 26 Apr 2011)
  Log Message:
  Bug: 2780176 - Logging and logging out multiple times in LCDS can cause duplicate session detected errors.
  QA: Yes
  Doc: No
  Checkintests: Pass
  Details: When a logout was followed by an immediate login, sometimes the server would throw duplicate session detected errors. This was because when logout happened, a fire-and-forget disconnect message was sent to the server that established a new session, and if the subsequent login happened before disconnect ACK returned from the server, that would establish another session and hence the error. The fix is to insert a slight delay between disconnect and ResultEvent dispatching. This way, disconnect has a chance to return before a login is performed.
  Modified Paths:
      flex/sdk/trunk/frameworks/projects/rpc/src/mx/messaging/ChannelSet.as

  You've got an  incompatible Logitech driver and java was incompletely uninstalled.
  You may have a problem with the Wacom driver.
  I don't know if fixing those things will help.
  There also a few window server errors, but I don't know if they are causal.
  If you can note the time of the hangs, that might help narrow it down in the logs.

• Can't apply ALC to trunk port

  Hi,
  I'm trying to configure a Cisco Catalyst 6500 switch to not allow traffic from our traffic generators to go over the trunk link to the rest of the network. Currently I have multiple VLANs that correspond to different lab setups, each having traffic generators on them. The trunk port is used to connect VMs to each of the setups (on different VLANs) but I'm seeing that the traffic generators sometimes flood the trunk link and cause management be unusable.
  I want to configure a port-based ACL to block traffic from the traffic generators from going over the trunk port but I don't see the "ip access-group" command available on this interface.
  Here's the config for my trunk interface:
  CATALYST2#show run int gi1/1
  Building configuration...
  Current configuration : 124 bytes
  interface GigabitEthernet1/1
   switchport
   switchport trunk encapsulation dot1q
   switchport mode trunk
   no ip address
  end
  When I go into config mode and try to tie an ACL to the interface, the command isn't available:
  CATALYST2#conf t
  Enter configuration commands, one per line.  End with CNTL/Z.
  CATALYST2(config)#int gi1/1
  CATALYST2(config-if)#ip access-group ?
  % Unrecognized command
  Any idea why? I need a way to block this traffic (either via IP or MAC ACLs). My understanding is that trunk ports are able to have port-based ACLs applied to them that will act on all VLANs but I can't seem to do it.  
  Thanks for your help in advance!

  After some more research, I noticed that to configure a PACL on a trunk port, you must first configure port prefer mode. The command to put a trunk port in port prefer mode is "access-group mode prefer port" on the interface. Unfortunately that command isn't available in my CLI either... Still stuck. 

• Cannot create the RTP Session: Can't open local data port

  Hi,
  I'm trying to connect to two webcams simultaneously in the order:
  MediaLocator inputLocator1 = new MediaLocator("rtp://hostname1:8000/video");
  MediaLocator inputLocator2 = new MediaLocator("rtp://hostname2:8000/video");
  But I get this during the second connection:
  Cannot create the RTP Session: Can't open local data port: 8000
  And I can't see the video from hostname2.
  I did a check via netstat, and it seems that both mycomputer is receiving the video from both hostname1 & hostname2:
  TCP mycomputer:3236 hostname1:8000 ESTABLISHED
  TCP mycomputer:3264 hostname2:8000 ESTABLISHED
  TCP connections to both host were established!! But why can't I see the video of hostname2???? I've thought of 2 possible reasons why I cannot see the video of hostname2:
  1. Is this set of local data port maintained by Java? i.e It's not the same as the TCP port 8000 that I see in mycomputer's netstat. If yes, Java has assigned its local data port 8000 to hostname1, so it fails to reassign that port 8000 to hostname2 while hostname1 is still connected. Any other way to fix this apart from changing the portnumber of hostname2?
  2. It has to do with the custom.jar? I've read in an article somewhere in the forum that the custom.jar has to be customized (using JFMCustomizer) to receive video from two hosts with the same portnumber. Can someone elaborate the necessary boxes to check in the JFMCustomizer?
  Thanks much,
  Rach

  After all this while, I finally figured out the problem. In my code, I use MediaLocator to code the receiver and the transmitter. E.g.:
  MediaLocator inputLocator1 = new MediaLocator("rtp://hostname1:8000/video");
  player1 = Manager.createPlayer(inputLocator1)
  MediaLocator inputLocator2 = new MediaLocator("rtp://hostname2:8000/video");
  player2 = Manager.createPlayer(inputLocator2)
  Manager would complain "Cannot create the RTP Session: Can't open local data port: 8000" because port 8000 is already used up by player1, i.e.:
  mycomputer:8000 maps to hostname1:8000
  mycomputer:8000 cannot re-map to hostname2:8000
  To work around this, I'll need to use SessionAddress. SessionAddress provides the flexibility to do an independent local port mapping, e.g.:
  mycomputer:5000 maps to hostname1:8000
  mycomputer:5002 maps to hostname2:8000
  Rach

• Can I use straight cable to connect trunk ports between 2 switches?

  Hi,
  Am I able to use straight instead of cross cable to connect trunk ports between 2 switches??
  thanks!

  Hi Devang,
  When a 10/100 Fast Ethernet interface is enabled, one end of the link must perform media dependent interface (MDI) crossover (MDIX), so that the transmitter on one end of the data link is connected to the receiver on the other end of the data link (a crossover cable is typically used).
  The Auto-MDIX feature eliminates the need for crossover cabling by performing an internal crossover when a straight cable is detected during the auto-negotiation phase.
  HTH, if yes please rate the post.
  Ankur