Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2566
Views
0
Helpful
0
Replies

3850 - SPAN port

crisponions
Level 1
Level 1

‎12-23-2013 11:22 AM - edited ‎03-07-2019 05:13 PM

I recently swapped out a 3750 stack with a 3850 stack and I am not getting the same results when I am spanning a port.

I am mirroring the switchport connected to the inside of our ASA and sending the traffic to the switchport of my IDS.  I have noticed that the captures do not seem to contain traffic destined TO the internet (transmitted from the source port).  It contains TX traffic that is destined to the inside ASA interface but not traffic that should be flowing through the ASA.

I do see the return web traffic (RX).

My config is the same that I used on the 3750 so I am not sure what is going on.

3850-switch#sh monitor session 1

Session 1

---------

Type                   : Local Session

Source Ports           :

    Both               : Gi1/0/10

Destination Ports      : Gi1/0/11

    Encapsulation      : Native

          Ingress      : Disabled

3850-switch#sh run int g1/0/10

Building configuration...

Current configuration : 63 bytes

!

interface GigabitEthernet1/0/10

switchport mode access

end

3850-switch#sh run | inc monitor

monitor session 1 source interface Gi1/0/10

monitor session 1 destination interface Gi1/0/11

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card