Re: RSPAN problems

From: Peter (peter@cyscoexpert.com)
Date: Mon Oct 06 2003 - 15:57:19 GMT-3

• Next message: Roger McNeace: "RSPAN problems"
• Previous message: Deepesh Chouhan: "RE: Failed in my first attempt."
• Maybe in reply to: Roger McNeace: "RSPAN problems"
• Next in thread: Hossam: "Re: RSPAN problems"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Is your VLAN 400 configured as remote SPAN vlan? Also, you don't need to put
fa0/16 on second switch into vlan 51. Other than that everything else looks
good.

My working example is this:
SwitchA:
vlan 500
   remote-span
monitor session 1 source interface fa0/1 both
monitor session 1 destination remote vlan 500 reflector-port fa0/20

SwitchB:
monitor session 1 source remote vlan 500
monitor session 1 destination interface fa0/10

This will let you see the traffic on SwitchA fa0/1 while having sniffer
connected to port fa0/10 on SwitchB.

_____________________________
Peter
#7247 (R&S, Security, SP)
CyscoExpert Corp.
4433 W. Touhy Ave. Suite 410
Lincolnwood, IL 60712
Phone (847) 674-3392
Toll Free (866) CyscoXP (297-2697)
Fax (847) 674-2625

----- Original Message -----
From: "Roger McNeace" <rmcneace@terremark.com>
To: <ccielab@groupstudy.com>
Sent: Monday, October 06, 2003 1:40 PM
Subject: RSPAN problems

> I am having alot of trouble getting RSPAN to work. What am i doing wrong?
> Read doc cd several times.
>
> Questions
>
> 1. Does the destination have to be in the same VLAN as the source?
> 2. When would I use the "ingress" keyword?
> 3. Is the following show command output normal?
>
> sh interface fa 0/16
>
> FastEthernet0/16 is up, line protocol is down (monitoring)
>
> 4. Does my config look right?
>
>
>
> FW-------------fa0/15[cat1 ]-------dot1q---------[cat2
> ]fa0/16--------IDS
>
> Config
> -VLAN 400 exists on both switches
> -Trunk link is working traffic is passing to other ports
> -Reflector port has nothing plugged into it and is in default vlan
>
> Cat1
>
> interface FastEthernet0/15
> switchport access vlan 51
> no ip address
>
> interface GigabitEthernet0/1
> switchport trunk encapsulation dot1q
> switchport mode trunk
>
> monitor session 1 source interface Fa0/15 rx
> monitor session 1 destination remote vlan 400 reflector-port Fa0/24
>
>
> Cat2
>
> interface FastEthernet0/16
> switchport access vlan 51
> no ip address
>
> interface GigabitEthernet0/1
> switchport trunk encapsulation dot1q
> switchport mode trunk
>
> monitor session 1 destination interface Fa0/16
> monitor session 1 source remote vlan 400
>
> ***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***

• Next message: Roger McNeace: "RSPAN problems"
• Previous message: Deepesh Chouhan: "RE: Failed in my first attempt."
• Maybe in reply to: Roger McNeace: "RSPAN problems"
• Next in thread: Hossam: "Re: RSPAN problems"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Nov 24 2003 - 07:52:57 GMT-3