On Mon, Feb 09, 2009 at 06:02:30PM -0700, Stephen Fisher wrote:
> On Mon, Feb 09, 2009 at 04:26:57PM -0800, David Kraut wrote:
>
> > Hi, I'm trying to find configuration information or examples of how to
> > configure the NIC of a dedicated computer that will connect to a
> > spanned/mirrored Cisco switch port.? Specifically, does the NIC need
> > an IP address if it's connected to a span port that passes?multiple
> > VLAN traffic?? Essentially, I want to mirror the port that everyone
> > must go through to get to the Internet.? This traffic will be coming
> > from many different subnets.? Any assistance would greatly
> > appreciated!?? ?
>
> The NIC only needs to be in promiscuous mode. No IP address needed.
In addition to that, if you want to be able to see the vlan-tags of
every packet, you need to set up the span port so that it passes the
vlan tag, on a cisco switch you use "encapsulation replicate":
monitor session 1 source interface Gi0/49
monitor session 1 destination interface Gi0/47 encapsulation replicate
Then you need to configure your NIC driver to pass the vlan tags. By
default, most drivers strip the vlan tag. How that's done can be read
on: http://wiki.wireshark.org/CaptureSetup/VLAN
Cheers,
Sake