ต้องการทำ SPAN port เพื่อ sniff packet พอไป search เห็นจาก web
How to limit traffic spanned
มีวิธีการ config อยู่หลายวิธีนอกจาก command monitor
Example to monitor HTTP traffic.
c6509(config)# access-list 100 permit tcp any any eq 80
c6509(config)# access-list 101 permit ip any any
c6509(config)# vlan access-map MyCap 10
c6509(config-access-map)# match ip address 101
c6509(config-access-map)# action forward
c6509(config)# vlan access-map MyCap 20
c6509(config-access-map)# match ip address 100
c6509(config-access-map)# action forward capture
c6509(config)# vlan filter MyCap vlan-list 200 , 201
c6509(config)# interface gi3/1
c6509(config-if)# switchport capture
===================
Configuration to capture HTTP traffic on VLAN 20 and send to fa0/24.
c3550(config-access-map)#action forward
c3550(config-access-map)#match ip address SA-TRAFFIC
c3550(config-access-map)#vlan filter RSPAN-VACL vlan-list 100
c3550(config)#interface vlan100
c3550(config-if)#description RSPAN Destination VLAN
c3550(config-if)#no ip address
c3550(config-if)#ip access-list extended SA-TRAFFIC
c3550(config-ext-nacl)#permit tcp any any eq 80
c3550(config)#monitor session 1 source vlan 20 rx
c3550(config)#monitor session 1 destination remote vlan 100 reflector-port fa0/24
c3550(config)#vlan access-map RSPAN-VACL 10
====================
Configuration of Http traffic on VLANs 200 and 201 sent to 3/1.
c6509(config)#ip access-list extended SA-Capture
c6509(config-ext-nacl)# permit tcp any any eq 80
c6509(config-ext-nacl)#exit
c6509(config)#int vlan 200
c6509(config-if)#mls ip ids SA-Capture
c6509(config)#int vlan 201
c6509(config-if)#mls ip ids SA-Capture
c6509(config-if)#int gig3/1
c6509(config-if)#switchport capture
Tuesday, June 5, 2007
[Cisco] ต้องการทำ SPAN port เพื่อ sniff packet
Subscribe to:
Posts (Atom)