> >Ok silly question - how are you turning on monitoring the Cisco switch? > Possibly the > >switch itself is blocking comms to the ntop server and it has nothing > to do with ntop? > > > >How are you running ntop? (what switches etc). > > > >thanks > >Evan > > > >--------------------------------------------- > >This message was sent using MWEB Airmail. > >JUST LIKE THAT > > http://airmail.mweb.co.za/ > > > > > >_______________________________________________ > >Ntop mailing list > >[EMAIL PROTECTED] > > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > Hi > > Im running ntop to monitor activity on just one switch, the Cisco > Catalyst 2950. The switch is configured with the following : > monitor session 1 source interface Fa0/48 > monitor session 1 destination interface Fa0/47 > port 48 is the uplink on the switch and 47 is where the ntop server is > connected. > Removing the second line, the destination in the configuration, makes me > able to reach the ntop server. Turning it back on and all communication > is broken again (but ntop keeps receiving data). > > > Regards > Leif K�re Sigmundstad >
Ok then the switch is behaving correctly and so is your server. To make myself more clear let me explain The command on the switch basically does the following: Take all traffic in and out of port 48 and replicate it to port 47 therefore ignore port 47 as it is actually port 48. So according to the switch once you enable this command port 47 disappears (logically in its switching table) and you have two port 48s. On the higher end switches (I can only talk about nortel here mind you) they have support for monitoring plus keeping the machine live at the same time but on all of the lower end switches (cisco, nortel, 3com extreme) this puts too much load on the cpu and memory of the switch. To go around this do the following configure ntop to listen eth1 and plug that into 47 but don't assign an IP addresses to it, assign a normal ip address to eth0 and plug it into port 46 (or whatever). Alternatively put eth1 and eth0 on different IP subnets e.g. eth0 172.16.0.1 eth1 192.168.0.1 and then continue as you have been doing before but connect to the machine after monitoring begins on the OTHER ip subnet. They need to be on different subnets because otherwise Linux will simply send the traffic out of the first IP addresses on the subnet (in this case the monitored port) and therefore you never got an answer. hope this helps Evan --------------------------------------------- This message was sent using MWEB Airmail. JUST LIKE THAT http://airmail.mweb.co.za/ _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
