Cisco Cisco Catalyst 6500 Series Firewall Services Module Guía Para Resolver Problemas
FWSM Traffic Capture Product Tech Note
Document ID: 116059
Contributed by Scott Nishimura, Cisco TAC Engineer.
Apr 02, 2013
Apr 02, 2013
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
SPAN Reflector
FWSM Traffic Capture on the Switch Backplane
Step 1: Determine Port Channel Used by FWSM
Step 2: Define Source and Destination Interfaces
Step 3: Verify Monitor Session
Related Information
Prerequisites
Requirements
Components Used
Conventions
SPAN Reflector
FWSM Traffic Capture on the Switch Backplane
Step 1: Determine Port Channel Used by FWSM
Step 2: Define Source and Destination Interfaces
Step 3: Verify Monitor Session
Related Information
Introduction
This document describes how to monitor traffic sent to and received from a Firewall Services Module
(FWSM). On the Cisco Catalyst 6500/Cisco 7600 Series Routers platform, there are two switched port
analyzer (SPAN) sessions that can be used to redirect traffic to a destination port for activities such as
captures or transmissions to other physical security devices (such as an Intrusion Detection System). SPAN
sessions are also known as monitor sessions.
(FWSM). On the Cisco Catalyst 6500/Cisco 7600 Series Routers platform, there are two switched port
analyzer (SPAN) sessions that can be used to redirect traffic to a destination port for activities such as
captures or transmissions to other physical security devices (such as an Intrusion Detection System). SPAN
sessions are also known as monitor sessions.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
Network security
•
Familiarity with data captures (sniffers)
•
Components Used
The information in this document is based on these software and hardware versions:
Cisco Catalyst 6500/7600 Series Switches
•
Cisco Catalyst 6500/Cisco 7600 Series Supervisor Engine 720
•
Cisco FWSM
•
The information in this document was created from the devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.