How JustAnswer Works:

  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.

Ask Drew Your Own Question

Drew
Drew, Network Specialist
Category: Networking
Satisfied Customers: 137
Experience:  Using 30+ years of experience to help you get it working.
68433724
Type Your Networking Question Here...
Drew is online now
A new question is answered every 9 seconds

I asked questions before about monitoring network traffic

Customer Question

I asked questions before about monitoring network traffic at home. I now have the system laid out like this: cable modem feeds into Linksys#1 wireless router, not going to use wireless on it though. Linksys#1 feeds into cisco catalyst 2960C. Other devices plug into cisco catalyst 2960C including an Asus wireless router. Everything seems to have internet access now. I don't know how to login the cisco to set up the "span session" or whatever it takes to capture network traffic.

I have another pc plugged into the cisco that will monitor traffic. That pc also has wifi built in and is connected wireless so hopefully I can remote into it to check traffic.

Submitted: 1 year ago.
Category: Networking
Expert:  Drew replied 1 year ago.

Hi. My name is ***** ***** I can help you set up a span session on your switch. Once set up, whatever you plug into the span session port should be able to see all of your traffic that passes through your 2960C switch which, from what you describe, should be everything. Internet, wired, and wireless.

The basics are:

This example shows how to set up SPAN session 1 for monitoring source port traffic to a destination port. First, any existing SPAN configuration for session 1 is deleted, and then bidirectional traffic is mirrored from source Gigabit Ethernet port 1 to destination Gigabit Ethernet port 2, retaining the encapsulation method.

Switch(config)# no monitor session 1

Switch(config)# monitor session 1 source interface gigabitethernet1/0/1

Switch(config)# monitor session 1 destination interface gigabitethernet1/0/2 encapsulation replicate

Switch(config)# end

This example shows how to remove port 1 as a SPAN source for SPAN session 1:

Switch(config)# no monitor session 1 source interface gigabitethernet1/0/1

Switch(config)# end

Complete information is found in the Cisco documentation here:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/15-0_2_se/configuration/guide/scg2960/swspan.html

Please note if you are not running version 15 code on your switch, the commands might be a little different. Thus if they don't work, please let me know which version of code you are running and I'll try and dig up the docs for your specific version.

Please let me know if you have questions and how it goes.

Cheers,

Drew

Customer: replied 1 year ago.

Ok, but I don't know how to log in the switch or get to those settings. Since I have 3 switches now, I have no idea what the ip addresses are for the switches. I assume I log in the cisco by typing the ip in the address bar and I can configure it that way?

Expert:  Drew replied 1 year ago.

Well that's a tough one. The switches only have IP addresses if someone created switch interfaces and configured IP addresses. Then you also have to configure the switches for access either via telnet or ssh.

So short of that, you can access your switches via their console port and the blue, Cisco serial cable. If you know how to do that AND know the enable password (if configured), then you should be able to access the CLI.

Customer: replied 1 year ago.
Which port should I plug the PCR in that I want to use for the capturing? I will start there I guess.
Expert:  Drew replied 1 year ago.

Which ever one you configure as the span port. You can use any one you want.

Expert:  Drew replied 1 year ago.

Just checking in to see if you were able to create your span port. Do you have any further questions?

Cheers,

Drew

Customer: replied 1 year ago.

I just got to the point where I could connect to it. I am going to try to get it working this weekend. I defaulted it a couple of times but it will not pass internet through it to my wifi router. I bypass it and get internet but put it back in and no internet. I'm still pretty lost on configuration. I'm a robot programmer by trade for 25+ years so I know the language, just too many options that I don't know what they are. I was going to focus on getting internet through it before I try to get advanced with it.

Expert:  Drew replied 1 year ago.

By "defaulted it" do you mean reset the switch to factory default settings? If that's what you did, when you connect devices to your Catalyst switch, do you get link lights on the switch? The reason I ask is that I think by default, the switch ports are shut down and you have to enable them.

Customer: replied 1 year ago.

yes, factory default. I did see in the configuration where to assign ports to a certain function. I had a router behind it and I could see the devices through the switch but no internet. Hopefully I will get it working this weekend.

Expert:  Drew replied 1 year ago.

OK, thanks. I have to be the last one to reply to a thread or the system keeps telling me I have customers waiting.

Let me know how it goes this weekend and I'll attempt to answer any questions you have.

Customer: replied 1 year ago.

Ok, I know a little more about it now but not much. I slightly know how to navigate in putty. I have a friend that will remote in to set up the span if needed but the problem is that I can't do the basic config to add the switch in line. I have internet now but if I add the switch between modem and router, internet goes away. Of course I rebooted everything but no luck.

Customer: replied 1 year ago.

I will only use 3 ports if I can't figure out how to make it dhcp. One from modem, one to router, one to sniffing pc. I would love to use the other ports for other pcs but a friend said only use the 3 ports.

Expert:  Drew replied 1 year ago.

Have you been able to get into "enabled" mode? That's the privileged mode on the switch. To enter it, simply type "enable" at the command prompt and enter the password ***** required.

Once there, please give me the output of "show run". It will be a bunch of text and will show me your complete switch configuration. I don't use putty but there should be a way to capture the output as a log file. Then you can save it to your PC and attach it to this chat.

I'll look that over and see if I can give you the exact commands you need.

Cheers,

Drew

Customer: replied 1 year ago.

Switch#show run
Building configuration...

Current configuration : 791 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
!
!
no aaa new-model
system mtu routing 1500

Expert:  Drew replied 1 year ago.

There should be a lot more. For example, I should see all of the ports listed and their configurations. That's the part in which I'm most interested. Can you capture it, put it in a notepad file with "word wrap" off (it's in "format"), and then attach it using the paperclip icon just above this chat box?

Customer: replied 1 year ago.

I turned on logging, mapped the file to the desktop, chose all session output, but don't know how to get it to the document. I just copied and pasted from putty.

Expert:  Drew replied 1 year ago.

You should be able to click the paperclip and then choose the file.

But pasting here works too. However there should be more. Did you keep hitting the spacebar when the "more" prompt was at the bottom of the screen? You need to do that to get all of it. Looks like you just got the first screen.

You should just be able to keep hitting spacebar until the regular prompt returns. Then close your session or scroll back up and copy all of that here.

I'm going to be away for the next 12 hours or so (evening here in the Pacific Time Zone). I will look at this tomorrow. Or if you don't want to wait, I can opt out and open this up to other experts.

Customer: replied 1 year ago.

I could get you a file but putty isn't logging or even creating a file. I'm just ready to give up on it anyway.

Customer: replied 1 year ago.

Switch#show run
Building configuration...

Current configuration : 791 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
!
!
no aaa new-model
system mtu routing 1500
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
ip http server
ip http secure-server
ip sla enable reaction-alerts
!
line con 0
line vty 5 15
!
end

Expert:  Drew replied 1 year ago.

See this part:

interface Vlan1
no ip address
shutdown

That is where the problem is I think. Try this:

config t

interface Vlan 1

no shutdown

exit

See if that makes your switch work and let me know how it goes.

Cheers,

Drew

Expert:  Drew replied 1 year ago.

I'm curious if you were able to try my suggestion above and if that got your switch working for Internet access?

Cheers,

Drew