From: Scott Morris (swm@emanon.com)
Date: Fri Mar 14 2003 - 14:01:29 GMT-3
Apparantly the 3550 spanning works different than some of the other
switches. In doing some reading, I found out that when you flag a port
as the destination for a span session, it will NOT be
generating/receiving any other traffic. No address learning will occur
either.
http://www.cisco.com/en/US/products/hw/switches/ps646/products_configura
tion_guide_chapter09186a00800c6f4c.html
So, your setup:
(Cat 1)
monitor session 1 source int fa0/1 tx
monitor session 1 source int fa0/2 rx
monitor session 1 source int fa0/3 rx
monitor session 1 destination remote vlan 200 reflector-port fa0/23
**Side note, I noticed below that you noted "interface vlan 200". This
is only necessary for layer 3 participation. Did you create vlan 200 in
the vlan database? Verify also that your trunks are carrying vlan 200!
Otherwise, no wonder you aren't receiving anything!
(Cat 2)
Monitor session 1 source remote vlan 200
Monitor session 1 destination interface fa0/x
Do not put any encapsulation parameters on the destination interface
unless you are running a trunk card on that PC. Otherwise, the default
is to untag all information before spanning it to that port.
Check that VLAN200 is indeed trunking and active on the trunk and both
switches! That may solve your "not getting anything" problem.
Hope that helps,
Scott
-----Original Message-----
From: cebuano [mailto:cebu2ccie@cox.net]
Sent: Friday, March 14, 2003 11:51 AM
To: swm@emanon.com
Subject: RE: Need help on RSPAN configuration
Sott,
Here's a dilemma. If I configure the destination port as the physical
port where my sniffer/PC is connected to, the port goes "down" as soon
as it is configured for SPAN destination. Now I don't see anything at
all in the Sniffer. I MUST be missing something.
So from what you're saying , you cannot do RSPAN over an Ehterchannel
link. Thanks.
Elmer
Cat-1#c
Enter configuration commands, one per line. End with CNTL/Z.
Cat-1(config)#monit sess 1 source int fa0/2 both Cat-1(config)#monit
sess 1 source int fa0/3 rx
Cat-1(config)#monit sess 1 source int fa0/1 rx Cat-1(config)#monit sess
1 dest remote vlan 200 reflector ?
FastEthernet FastEthernet IEEE 802.3
GE-WAN GigabitEthernetWAN IEEE 802.3z
GigabitEthernet GigabitEthernet IEEE 802.3z
Cat-1(config)#monit sess 1 dest remote vlan 200 reflector fa0/23
Cat-1(config)#
00:04:02: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/23, changed state to down Cat-1(config)#^Z
Cat-2(config)#monitor sess 1 source remot vlan 200
Cat-2(config)#monitor sess 1 dest int fa0/14
Cat-2(config)#^Z
Cat-2#
00:06:01: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/14, changed state to down Cat-2#
Cat-2#sh int fa0/14
FastEthernet0/14 is up, line protocol is down (monitoring)
-----Original Message-----
From: Scott Morris [mailto:swm@emanon.com]
Sent: Friday, March 14, 2003 10:50 AM
To: 'cebuano'
Cc: 'Group Study'
Subject: RE: Need help on RSPAN configuration
Yes, it does. I'm sorry I overlooked that in your config.
The "reflector port" needs to be a port not used for anything else live.
It utilizes the ASICs and general logic of the port in order to span
onto the VLAN. This precludes the port from participating in other live
functions.
On the second switch, you configure the source remote vlan 200. And
then put the destination to an actual port.
As for what does the destination port receive, my experience has been
that you still receive your access vlan information as well as the
monitored stuff, which of course makes filtering traffic from your
sniffer very entertaining!
I have not tested this out with the remote vlan, but I would assume that
it works in the same fashion.
Scott
-----Original Message-----
From: cebuano [mailto:cebu2ccie@cox.net]
Sent: Friday, March 14, 2003 10:14 AM
To: swm@emanon.com
Subject: RE: Need help on RSPAN configuration
Hi Scott,
Does this mean that 3550a port 23 which is part of an Etherchannel will
be removed from the channel group until you remove the SPAN session? In
other words, the actual SPAN traffic is carried by the physical port and
not the Etherchannel? ON the second switch, do I configure the source as
port 23 or should it be
"monitor session 1 source interface port-channel 1"?
Also, since the SPAN VLAN I created is VLAN 200, my PC is on a port
configured for VLAN 192 access, does this mean that only VLAN 200 SPAN
traffic will be received by the PC for the duration of the SPAN session?
Thanks for the clarification.
Elmer
-----Original Message-----
From: Scott Morris [mailto:swm@emanon.com]
Sent: Friday, March 14, 2003 8:16 AM
To: 'cebuano'; ccielab@groupstudy.com
Subject: RE: Need help on RSPAN configuration
You are correct in your configuration. Now, you DO need to configure
the other side to receive the rspan. :)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
cebuano
Sent: Thursday, March 13, 2003 11:56 PM
To: ccielab@groupstudy.com
Subject: Need help on RSPAN configuration
Hi all.
I'm not sure I'm following the example on the Configuration Guide for
RSPAN. Here's my setup. 3550a is VTP server, 3550b is client mode. 3550a
ports 23/24 <-- FEC/ISL --> 3550b ports 23/24. 3550a port 1 <-- ISL
Trunk --> R1 port 2 is configured for R2 in VLAN 20. Port 3 is
configured for R5 in VLAN 10. 3550b port 14 has a PC in VLAN 192.
I need to monitor R1,2,5 in 3550a, the destination is PC in 3550b. My
config is as follows (I'm sure this is wrong).
3550a#
int vlan 200 ------ VLAN created for RSPAN purposes only
monitor session 1 source int fa0/1 tx
monitor session 1 source int fa0/2 rx
monitor session 1 source int fa0/3 rx
monitor session 1 destination remote vlan 200 reflector-port fa0/23
Please correct my confusion on this topic.
Thanks.
Elmer
This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:39 GMT-3