Hey, you can't expect Cisco to be consistent, can you? :-) It looks like on the 4000 the SPAN command is "monitor session." See here:
ww.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_1_14/config/span.htm Although I understand the gist of your question about port security and hope somebody answers it, I just wanted to mention that you can't recognize that a hub has been inserted. It's just a physical-layer device. It doesn't send frames, just bits. It doesn't have a MAC address. (If it's a managed hub and needs to send management data, then it does have a MAC address, and then you could identify it was there if it happened to send some management data.) Sniffing on switched networks is problematic. I think, strange though it might sound, it's rather common to insert a hub in order to use an analyzer or IDS. It's a shame, though, because you have to set the endpoints to half duplex and risk performance and, worse, auto-negotiation problems. Of course, getting SPAN to work is preferable, but as you noticed, that can be problematic too! Priscilla John Brandis wrote: > > Hi All, > > Have a 4006 in place here using Version 12.1(12c)EW as my core > switch. > Yesterday had fun with Slammer, and last night also. I wanted > to use the > SPAN so I could mirror the data from one port to my snort box > so I could > verify to the sys-admins that it was slammer (they said it > would never > happen here). However, noticed that this command was not > available on this > IOS. I had to revert back to a hub scenario between my switch > and firewall > to see what was going on. > > My question is, how do you people monitor this without using > SPAN, and also, > how do you implement security on a per port basis (such as > denying hubs on > your network) > > PS: Any one ever used a tap here, and if so, how did it fit > into your > switched network. > > Thanks all > > John > > > > ********************************************************************** > > visit http://www.solution6.com > > UK Customers - http://www.solution6.co.uk > > ********************************************************************** > > The Solution 6 Head Office and NSW Branch has moved premises. > Please make sure you have updated your records with our new > details. > > Level 14, 383 Kent Street, Sydney NSW 2000. > > General Phone: 61 2 9278 0666 > > General Fax: 61 2 9278 0555 > > ********************************************************************** > > This email message (and attachments) may contain information > that is confidential to Solution 6. If you are not the intended > recipient you cannot use, distribute or copy the message or > attachments. In such a case, please notify the sender by > return email immediately and erase all copies of the message > and attachments. Opinions, conclusions and other information > in this message and attachments that do not relate to the > official business of Solution 6 are neither given nor endorsed > by it. > > ********************************************************************* > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62922&t=62917 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]