cisco 2651XM router
IOS: c2600-adventerprisek9-mz.124-15.T9.bin
WIC-1-ADSL card fitted (Dialer0)
I'm using the monitor command on the above router to keep an eye on the
traffic on another server thus:
monitor session 1 source interface Fa1/0 (server connected here)
monitor session 1 destination interface Fa1/1 (PC running wireshark
connected here)
It works well but I'd like to do the same thing where the source is the
Dialer0 port but the config won't allow it - it only seems to permit a
FastEthernet port. Is there a way or another command that will enable me to
monitor all traffic at the (source) adsl port and output it to a
(destination) FastEthernet port?
|
|
0
|
|
|
|
Reply
|
 tg
|
9/26/2009 5:22:02 PM |
|
tg wrote:
> It works well but I'd like to do the same thing where the source is the
> Dialer0 port but the config won't allow it - it only seems to permit a
> FastEthernet port. Is there a way or another command that will enable me
> to monitor all traffic at the (source) adsl port and output it to a
> (destination) FastEthernet port?
Not a direct answer to your question, but have you considered using a
netflow probe on the Dialer of Zeroness?
--
<http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm@ale.cx)
19:43:06 up 28 days, 21:28, 8 users, load average: 0.19, 0.18, 0.17
Qua illic est accuso, illic est a vindicatum
|
|
|
0
|
|
|
|
Reply
|
alexd
|
9/26/2009 6:44:45 PM
|
|
On Sep 26, 7:22=A0pm, "tg" <nos...@nospamevereverever.net> wrote:
> cisco 2651XM router
> IOS: c2600-adventerprisek9-mz.124-15.T9.bin
> WIC-1-ADSL card fitted (Dialer0)
>
> I'm using the monitor command on the above router to keep an eye on the
> traffic on another server thus:
> monitor session 1 source interface Fa1/0 (server connected here)
> monitor session 1 destination interface Fa1/1 (PC running wireshark
> connected here)
>
> It works well but I'd like to do the same thing where the source is the
> Dialer0 port but the config won't allow it - it only seems to permit a
> FastEthernet port. Is there a way or another command that will enable me =
to
> monitor all traffic at the (source) adsl port and output it to a
> (destination) FastEthernet port?
Hey, SPAN on an ISR is limited IIRC. Depending on your config, you
might be able to use RITE: http://www.cisco.com/en/US/docs/ios/12_4t/12_4t1=
1/ht_rawip.html
.. It works like SPAN, but SRC has to be an interface running IP, and
DST as to be an Ethernet. If you need any help setting this up, give
me a shout.
/Ruairi
|
|
|
0
|
|
|
|
Reply
|
Ruairi
|
9/26/2009 7:32:00 PM
|
|
On 26 Sep, 20:32, Ruairi Carroll <ruairi.carr...@gmail.com> wrote:
> On Sep 26, 7:22=A0pm, "tg" <nos...@nospamevereverever.net> wrote:
>
> > cisco 2651XM router
> > IOS: c2600-adventerprisek9-mz.124-15.T9.bin
> > WIC-1-ADSL card fitted (Dialer0)
>
> > I'm using the monitor command on the above router to keep an eye on the
> > traffic on another server thus:
> > monitor session 1 source interface Fa1/0 (server connected here)
> > monitor session 1 destination interface Fa1/1 (PC running wireshark
> > connected here)
>
> > It works well but I'd like to do the same thing where the source is the
> > Dialer0 port but the config won't allow it - it only seems to permit a
> > FastEthernet port. Is there a way or another command that will enable m=
e to
> > monitor all traffic at the (source) adsl port and output it to a
> > (destination) FastEthernet port?
>
> Hey, SPAN on an ISR is limited IIRC. Depending on your config, you
> might be able to use RITE:http://www.cisco.com/en/US/docs/ios/12_4t/12_4t=
11/ht_rawip.html
> . It works like SPAN, but SRC has to be an interface running IP, and
> DST as to be an Ethernet. If you need any help setting this up, give
> me a shout.
Wow - not heard of that. Docs say only on some platforms.
12.4(20)T and later has an additional packet capture facility.
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps9913/da=
tasheet_c78-502727.html
According to www.cisco.com/go/fn
Embedded Packet Capture is on the current router platforms
however not apparently the 2651XM:(
|
|
|
0
|
|
|
|
Reply
|
bod43
|
9/27/2009 12:56:11 AM
|
|
"Ruairi Carroll" <ruairi.carroll@gmail.com> wrote in message
news:95821979-abeb-4ae3-a640-1ca4c3bec2a4@p23g2000vbl.googlegroups.com...
On Sep 26, 7:22 pm, "tg" <nos...@nospamevereverever.net> wrote:
Hey, SPAN on an ISR is limited IIRC. Depending on your config, you
might be able to use RITE:
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_rawip.html
.. It works like SPAN, but SRC has to be an interface running IP, and
DST as to be an Ethernet. If you need any help setting this up, give
me a shout.
-------------------
thanks for your feedback and yes I do need help in troubleshooting this. I
wanted the Dialer0 as source and F0/0 as the destination output and I did
the steps at the above address you gave and but I'm not getting any dialer0
traffic from the destination port Fa0/0.
the commands I did were:
router(config)#ip traffic-export profile my_rite
router(conf-rite)#int dialer0
router(conf-rite)#bidirectional
router(conf-rite)#mac-address 0090.27FC.756F
router(conf-rite)#exit
router(config)#int f0/0
router(config-if)#ip traffic-export apply my_rite
..Oct 1 21:27:44.326: %RITE-5-ACTIVATE: Activated IP traffic export on
interface FastEthernet0/0
the only thing I'm not sure about is the mac address. I used the
mac-address of the NIC in my PC - this is the receiving device. That's
correct isn't it?
here's what the 'show run' gave after putting in the above commands:
<snip>
ip traffic-export profile my_rite
interface Dialer0
bidirectional
mac-address 0090.27fc.756f
<snip>
interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.0
ip traffic-export apply my_rite
duplex auto
speed auto
<snip>
interface Dialer0
ip address negotiated previous
ip access-group 104 out
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname my username
ppp chap password 0 password
thanks for any further advice.
|
|
|
0
|
|
|
|
Reply
|
tg
|
9/27/2009 11:42:47 PM
|
|
"tg" <nospam@nospamevereverever.net> wrote in message
news:4abff928$0$2486$db0fefd9@news.zen.co.uk...
oops and damn.
typical that a few minutes after my above post I realised I had the monitor
and destination ports configured round the wrong way. The command:
show ip traffic-export int f0/0
showed up this error, so I did the config again and now it appears to be
working well and I can see detailed Dialer0 traffic in wireshark on the PC.
thanks very much for your help.
|
|
|
0
|
|
|
|
Reply
|
tg
|
9/28/2009 12:11:30 AM
|
|
|
5 Replies
384 Views
(page loaded in 0.124 seconds)
|
Search |
Post Question |
Groups |
Stream |
About |
Register
24755 articles. 
23 followers. 