From: Wes Smith (wesmith@rogers.com)
Date: Mon Mar 22 2004 - 23:49:03 GMT-3
It should work...
Things to remember .
Don't forget to create a dedicated RSPAN vlan, make sure it's
designated 'remote-span'
This vlan must be trunked between the source and dest switches.
On source switches ... the destination is this rspan vlan.. not a
destination port like normal..
Note .. 3550's use a reflector port to get the data onto this vlan...
. so you'll have a source vlan/port ... a reflector Port... and a
Destination VLAN(not port)
On destination switches .. where your ids or sniffer is ....
It's almost like a normal monitor/span session. Just remember to
include the 'RSPAN" vlan as one of your source vlans.
Something like this should do it .. (these are almost copied verbatim
from the 3550 guide)
Switch 1 .. Source vlan 100,200,300
G0/1 is the trunk between the two switches
VLAN 666 is the dedicated RSPAN vlan
F0/1 is the 'reflector'
Switch 2 .. Source vlan 100,200,300
G0/1 is the trunk between the two switches
VLAN 666 is the dedicated RSPAN vlan
F0/5 is where the ids/sniffer is
In this case ... switch 1 monitors
Switch# configure terminalSwitch(config)# vlan 666Switch(config-vlan)# name
rspan-vlanSwitch(config-vlan)# remote-span
Switch(config-vlan)# end
! add the rspan vlan to the trunk so the other switch can see it...
Switch(config)# int g0/1
Switch(config-if)# switchport trunk allowed vlans 666
! setup to monitors vlans 100,200,300 ... use port f0/1 as the
'reflector'
! and vlan 666 to carry the span data over a trunk to another switch
Switch(config)# no monitor session 1Switch(config)# monitor session 1 source
vlan 100,200,300 rxSwitch(config)# monitor session 1 destination remote vlan
666 reflector-port f0/1
On switch 2.... Almost the same thing except you include the rspan vlan
(666 in this case) in the list of vlans
to monitor, and use a real port as the destination.
Switch# configure terminalSwitch(config)# vlan 666Switch(config-vlan)# name
rspan-vlanSwitch(config-vlan)# remote-span
Switch(config-vlan)# end
! add the rspan vlan to the trunk
Switch(config)# int g0/1
Switch(config-if)# switchport trunk allowed vlans 666
! setup to monitors vlans 100,200,300 ...
! ---> and the rspan vlan 666 from the other switches
Switch(config)# no monitor session 1Switch(config)# monitor session 1 source
vlan 100,200,300,666 rxSwitch(config)# monitor session 1 destination
interface fastEthernet0/5
Ws
Dave.Craddock@avon.com wrote:
Hi All
I'm trying to get rspan to work between to 3550 switches and having
some problems. Has anyone got it to work with only to switches as all the
docs i can find have 3 switches with the master switch only monitoring the
single rspan vlan?
i have 3 vlans on each switch (100,200,300) and i need to be able to see
all traffic on both switches on the monitor port connected to an IDS. the
switches are connected via a port-channel on the Gb interfaces.
thanks for any help
Dave
_______________________________________________________________________
Please help support GroupStudy by purchasing your study materials from: http://shop.groupstudy.com
Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Apr 01 2004 - 08:15:44 GMT-3