Re: RSPAN

From: Joe Smith (j333smith@hotmail.com)
Date: Fri Feb 18 2005 - 01:27:24 GMT-3

• Next message: Hyunseog Ryu: "Re: serial number"
• Previous message: Ed Lui: "Re: TestKing CCIE Labs"
• Maybe in reply to: ccie2be: "RSPAN"
• Next in thread: PhiL: "Re: RSPAN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Tim,

I'm not sure this will work, but at this time I have no equipment to test.
Create a remote vlan on the switch the sniffer is on, source the vlan needed
and send the destination to the remote vlan. Then create another session
and source the remote vlan and use the destination of the sniffer port.

In essence treat the switch with the sniffer just like another remote
switch, except create another session to capture the remote vlan traffic
from itself and all the other remote switches.

Joe

>From: "ccie2be" <ccie2be@nyc.rr.com>
>To: "Joe Smith" <j333smith@hotmail.com>, <ccielab@groupstudy.com>
>Subject: Re: RSPAN
>Date: Thu, 17 Feb 2005 16:21:39 -0500
>
>Hey Joe,
>
>I just tried your suggestion but the switch wouldn't let me do that.
>
>monitor session 1 destination interface Fa0/23
>monitor session 1 source remote vlan 10
>!
>end
>
>sw2#term le 24
>sw2#c
>Enter configuration commands, one per line. End with CNTL/Z.
>sw2(config)#moni ses 1 sour ?
> interface SPAN source interface
> remote SPAN source Remote
> vlan SPAN source VLAN
>
>sw2(config)#moni ses 1 sour int fa0/18 ?
> , Specify another range of interfaces
> - Specify a range of interfaces
> both Monitor received and transmitted traffic
> rx Monitor received traffic only
> tx Monitor transmitted traffic only
> <cr>
>
>sw2(config)#moni ses 1 sour int fa0/18 - 19
>% Cannot add ports as source for session 1 - a RSPAN Destination session
>
>It looks likes there's not a way to do this although that makes no sense at
>all. Maybe it's not possible to mix multiple types of sources like vlan's
>and interfaces. I don't know.
>
>Thanks, Tim
>
>----- Original Message -----
>From: "Joe Smith" <j333smith@hotmail.com>
>To: <ccie2be@nyc.rr.com>; <ccielab@groupstudy.com>
>Sent: Thursday, February 17, 2005 10:29 AM
>Subject: Re: RSPAN
>
>
> > Have you tried monitoring the vlan where the sniffer is located by
> > monitoring the local interfaces assigned to that vlan, instead of
>specifying
> > the vlan outright?
> >
> > >From: "ccie2be" <ccie2be@nyc.rr.com>
> > >To: "Joe Smith" <j333smith@hotmail.com>, <Radu.Pavaloiu@connex.ro>,
> > ><ccielab@groupstudy.com>
> > >Subject: Re: RSPAN
> > >Date: Thu, 17 Feb 2005 09:31:22 -0500
> > >
> > >Thanks Joe,
> > >
> > >That's what I thought.
> > >
> > >So, how do I config rspan so that all incoming traffic from a given
>vlan
>X
> > >goes to my sniffer which is connected to one particalur port when this
>vlan
> > >has ports spread out over multiple switches including the switch where
>the
> > >sniffer is connected?
> > >
> > >Thanks, Tim
> > >
> > >----- Original Message -----
> > >From: "Joe Smith" <j333smith@hotmail.com>
> > >To: <ccie2be@nyc.rr.com>; <Radu.Pavaloiu@connex.ro>;
> > ><ccielab@groupstudy.com>
> > >Sent: Thursday, February 17, 2005 9:20 AM
> > >Subject: Re: RSPAN
> > >
> > >
> > > > From the DOC CD:
> > > >
> > > > You can have only one destination port per SPAN session. You cannot
>have
> > >two
> > > > SPAN sessions using the same destination port.
> > > >
> > > >
> >
> >http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12120ea2/3550scg/
>swspan.htm
> > > >
> > > >
> > > >
> > > > >From: "ccie2be" <ccie2be@nyc.rr.com>
> > > > >Reply-To: "ccie2be" <ccie2be@nyc.rr.com>
> > > > >To: "Radu Pavaloiu" <Radu.Pavaloiu@connex.ro>, "Group Study"
> > > > ><ccielab@groupstudy.com>
> > > > >Subject: Re: RSPAN
> > > > >Date: Wed, 16 Feb 2005 15:26:14 -0500
> > > > >
> > > > >IOW, I have to configure two sessions: a) the rspan session for
>both
> > > > >switches and b) a span session.
> > > > >
> > > > >OK, but can both sessions have the same destination port?
> > > > >
> > > > >Remember there's only sniffer.
> > > > >
> > > > >Thank, Tim
> > > > >----- Original Message -----
> > > > >From: "Radu Pavaloiu" <Radu.Pavaloiu@connex.ro>
> > > > >To: "ccie2be" <ccie2be@nyc.rr.com>; "Group Study"
> > ><ccielab@groupstudy.com>
> > > > >Sent: Wednesday, February 16, 2005 2:30 PM
> > > > >Subject: RE: RSPAN
> > > > >
> > > > >
> > > > >I think you need to use "monitor ses 2 soour vlan 2 rx" on sw2,
> > >because
> > > > >ses 1 was fully configured with source remote vlan 10.
> > > > >
> > > > >Regards,
> > > > >
> > > > >I die. I fracture into thousands of fragments of flushed
>embarrassment.
> > > > >My body parts fly, connectionless, over a badly constructed
>spanning
> > > > >tree that isn't quite loop free.
> > > > >I fall screaming into 127.0.0.1.
> > > > >
> > > > >
> > > > >Radu
> > > > >#2658
> > > > >
> > > > >-----Original Message-----
> > > > >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
>Behalf
>Of
> > > > >ccie2be
> > > > >Sent: Wednesday, February 16, 2005 8:19 PM
> > > > >To: Group Study
> > > > >Subject: RSPAN
> > > > >
> > > > >
> > > > >Hi guys,
> > > > >
> > > > >
> > > > > This is interesting.
> > > > >
> > > > > sw1 and sw2 are configured for rspan. On sw1, all incoming
>traffic
> > > > >from vlan 2 is being sent to a sniffer on sw2's fa0/23.
> > > > >
> > > > > sw2 doesn't have any ports assigned to vlan 2.
> > > > >
> > > > > Here's the config:
> > > > >
> > > > > SW1#f monit
> > > > > monitor session 1 source vlan 2 rx
> > > > > monitor session 1 destination remote vlan 10 reflector-port Fa0/7
>!
> > > > >sw2#f monit monitor session 1 destination interface Fa0/23
>monitor
> > > > >session 1 source remote vlan 10 ! end
> > > > >
> > > > > sw2#c
> > > > > Enter configuration commands, one per line. End with CNTL/Z.
> > > > >sw2(config)#mon ses 1 sour vlan 2 rx % Cannot add VLANs as source
>for
> > > > >session 1 - a RSPAN Destination session sw2(config)#
> > > > >
> > > > >Notice that the switch doesn't allow me to vlan 2 as another
>source.
> > > > >
> > > > >
> > > > > Suppose sw2 had ports assigned to vlan 2. How would I configure
>rspan
> > > > >to monitor all traffic received from vlan 2?
> > > > >
> > > > > If sw2 had ports assigned to vlan 2, wold rspan automatically
>include
> > > > >the traffic from those sw2 ports in vlan 2 because of the config
>on
> > > > >sw1?
> > > > >
> > > > > TIA, Tim
> > > > >
> > > >
> >_______________________________________________________________________
> > > > >Subscription information may be found at:
> > > > >http://www.groupstudy.com/list/CCIELab.html
> > > > >
> > > >
> >_______________________________________________________________________
> > > > >Subscription information may be found at:
> > > > >http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > > _________________________________________________________________
> > > > Is your PC infected? Get a FREE online computer virus scan from
>McAfee.
> > > > Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
> > > >
> > >
> >
> > _________________________________________________________________
> > FREE pop-up blocking with the new MSN Toolbar - get it now!
> > http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
> >
>

• Next message: Hyunseog Ryu: "Re: serial number"
• Previous message: Ed Lui: "Re: TestKing CCIE Labs"
• Maybe in reply to: ccie2be: "RSPAN"
• Next in thread: PhiL: "Re: RSPAN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 03 2005 - 08:51:22 GMT-3