VLANs and Port Monitor on switches

Discussion in 'Cisco' started by JF Mezei, Jan 5, 2009.

  1. JF Mezei

    JF Mezei Guest

    I have an ancient 2924-XL-EN switch

    I have it setup wth 2 VLANS:

    VLAN 10 which has servers and workstations. It includes various
    protocols, from SCS/LAT/DECNET for VMS boxes, as well as IP and
    Appletalk. Basically ports 1 to 19.

    VLAN20 s basically a PPPoE zone between the WAN port of the router and 2
    DSL modems (1 is backup). Basically ports 20 to 24.

    Main workstation is a Mac which also acts as X display for VMS
    applications. For purpose of this discussion, it uses fa0/13 .

    What is the best way to get the Mac to run Wireshark to analyse the
    traffic between the modem and the router in VLAN20 ?

    Making the Mac switchport multi vlan 10,20 prevents the "port monitor"
    command for that port.

    Is there a magic way to allow fa0/13 on VLAN 10 to get all packets
    flowing in VLAN 20 without allowing traffic from VLAN 10 to flow into
    VLAN 20 ?

    (Moving the Mac to VLAN 20 would then cause conections to VLAN 10
    machines to be severed).


    Also, some various questions:

    Is it correct that there can be only one management vlan at a time on a
    switch ?

    The switch is configured to run NTP server. Is correct to assume that it
    can only serve port that are on the management vlan ? I would like the
    modems to be able to NTP sync, and the switch would be simplest.

    (my current router doesn't have ability to have multiple interfaces on
    the WAN port, so it can't server a different IP subnet for the modems at
    the same time as having PPPoE interface).
     
    JF Mezei, Jan 5, 2009
    #1
    1. Advertising

  2. JF Mezei

    Trendkill Guest

    On Jan 5, 4:33 am, JF Mezei <> wrote:
    > I have an ancient 2924-XL-EN switch
    >
    > I have it setup wth 2 VLANS:
    >
    > VLAN 10 which has servers and workstations. It includes various
    > protocols, from SCS/LAT/DECNET for VMS boxes, as well as IP and
    > Appletalk. Basically ports 1 to 19.
    >
    > VLAN20 s basically a PPPoE zone between the WAN port of the router and 2
    > DSL modems (1 is backup). Basically ports 20 to 24.
    >
    > Main workstation is a Mac which also acts as X display for VMS
    > applications. For purpose of this discussion, it uses fa0/13 .
    >
    > What is the best way to get the Mac to run Wireshark to analyse the
    > traffic between the modem and the router in VLAN20 ?
    >
    > Making the Mac switchport multi vlan 10,20  prevents the "port monitor"
    > command for that port.
    >
    > Is there a magic way to allow fa0/13 on VLAN 10 to get all packets
    > flowing in VLAN 20 without allowing traffic from VLAN 10 to flow into
    > VLAN 20 ?
    >
    > (Moving the Mac to VLAN 20 would then cause conections to VLAN 10
    > machines to be severed).
    >
    > Also, some various questions:
    >
    > Is it correct that there can be only one management vlan at a time on a
    > switch ?
    >
    > The switch is configured to run NTP server. Is correct to assume that it
    >  can only serve port that are on the management vlan ? I would like the
    > modems to be able to NTP sync, and the switch would be simplest.
    >
    > (my current router doesn't have ability to have multiple interfaces on
    > the WAN port, so it can't server a different IP subnet for the modems at
    > the same time as having PPPoE interface).


    1. You would have to install wireshark, setup a port span, and span
    the traffic from vlan 20 to the destination port of the mac. This
    would take the mac out of vlan 10, and put it in vlan 20 for the
    purposes of the span. If this disrupts service or applications, use
    another box to do this.
    2. Yes, one mgmt interface for that switch.
    3. You can serve NTP to anywhere, it is routed. It would only
    provide the service on the mgmt vlan interface, but you can point
    other subnets to that IP since it is routed, so long as you have
    routing to/from that mgmt vlan setup properly. For internal servers,
    this is easy, for external (since they most likely are not aware of
    your nat), it may be more difficult.
     
    Trendkill, Jan 5, 2009
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jo Knight

    Routers, L3 Switches and VLANs

    Jo Knight, Jan 18, 2004, in forum: Cisco
    Replies:
    2
    Views:
    488
    Jeroen
    Jan 20, 2004
  2. Replies:
    0
    Views:
    577
  3. punisher
    Replies:
    2
    Views:
    2,090
    Charles Deling
    Nov 17, 2005
  4. The Other Mike

    Confused - VLANs, 3550 and 2950 switches

    The Other Mike, Nov 10, 2006, in forum: Cisco
    Replies:
    5
    Views:
    636
    The Other Mike
    Nov 10, 2006
  5. Replies:
    1
    Views:
    859
    donjohnston
    Dec 30, 2008
Loading...

Share This Page