I'm not a Cisco guru so all I can tell you is:
- a monitor port is in read only mode (if you send packts to the port they are not forwared)
- you better use two NICs (one for ntop in read-only mode and another for reaching the host where ntop runs and that ntop uses for other things includes DNS)
- you can configure the traffic source as follows: monitor session <1/2> source interface <port> <tx/rx/both>
- you can configure the traffic destination as follows: monitor session <1/2> destination interface <port>
[note that you can also define the encapsuation type on the destination port].
Hpe this helps.
Cheers, Luca
Stanley Hopcroft wrote:
Dear Ladies and Gentlemen,
I am writing with an off topic request about using ntop with Cisco 36xx switches (3650, no VLANs no layer 3).
<off topic>
Would anyone please care to post a Cisco 36xx switch configuration that provides 'session monitoring' of switch ports ie forwarding all traffic to the ntop host, such that the ntop host can still function 'normally' (ie off lan clients can connect to ntop web server etc etc).
The reason for asking is that these 36xx switches appear to function differently to older (much older) Cisco switches in this regard and the docco doesn't appear to deal with all the considerations.
When the switch does forward traffic it _also_ duplicates frames destined for the ntop host (and likewise the responses).
Thank you.
</off topic>
Yours sincerely.
-- Stanley Hopcroft
Network specialist, IT Infrastructure
IP Australia
Ph: (02) 6283 3189 Fax: (02) 6281 1353
PO Box 200 Woden ACT 2606
http://www.ipaustralia.gov.au
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop
-- Luca Deri <[EMAIL PROTECTED]> http://luca.ntop.org/ Hacker: someone who loves to program and enjoys being clever about it - Richard Stallman
_______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
