RE: Trouble configuring RSPAN

From: Tim (ccie2be@nyc.rr.com)
Date: Thu Nov 10 2005 - 10:55:26 GMT-3

• Next message: Dennis J. Hartmann: "RE: VTP Question"
• Previous message: kevin gannon: "Re: Multicast Source Question - ??"
• Maybe in reply to: Mike Flanagan: "Trouble configuring RSPAN"
• Next in thread: Dennis J. Hartmann: "RE: Trouble configuring RSPAN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Dennis,

Actually, that's not correct.

This can be a bit confusing - at least it had me confused at first.

The reflector port is basically an unused port on the switch where you have
source ports.

Here's what happens conceptually.

Traffic from the source ports specified capture the traffic.

This traffic gets placed on the special rspan vlan.

This traffic then goes to the reflector port.

When the captured traffic hits the reflector port, it gets bounced back onto
the trunk that connects to the upstream switch or the switch that has the
probe, IDS, etc, attached.

I would make sure you understand this and practice configuring different
combo's of traffic capturing.

For example,

Assume you have Cat-1 and Cat-2 and they're trunked together.

Configure traffic capture such that traffic from vlan 30 and inbound traffic
on cat-1 fa0/17 and outbound traffic from Cat-2, port fa0/3 is sent to your
IDS sensor connected to Cat-2, port fa0/9.

1. Assume that vlan 30 includes ports on both switches.
2. Repeat except this time, assume that vlan 30 only has ports on
Cat-2.
3. Repeat except this time, assume vlan 30 only has ports on Cat-1.
4. Repeat except this time, assume the IDS has to move to a port on
Cat-1

You get the idea. Span and Rspan aren't that difficult but don't assume if
you get it, there won't be some interesting twists and turns in the
requirements.

So, be prepared and know all the command options and also know the show
commands you need to verify your config.

HTH, Tim

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Dennis J. Hartmann
Sent: Thursday, November 10, 2005 8:16 AM
To: 'Chris Cole'; milo_az@yahoo.com; 'Mike Flanagan'; 'Scott Morris'
Cc: 'Cisco certification'
Subject: RE: Trouble configuring RSPAN

        Am I correct in saying that the reflector-port is the
target/destination interface in which the sniffer/network monitoring device
is attached? I understand that this is occuring over a VLAN and the
destination can be multiple hops away, but it's unclear to me whether the
reflector-port is the final destination or the trunk uplink. I "believe"
it's the "final" destination, but I thought I would ask.

-Dennis Hartmann

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Chris Cole
Sent: Wednesday, November 09, 2005 1:14 PM
To: milo_az@yahoo.com; Mike Flanagan; Scott Morris
Cc: Cisco certification
Subject: RE: Trouble configuring RSPAN

The Catalyst 2970, 3560, and 3750 switches do not require configuration of a
REFLECTOR port when configuring an RSPAN session.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
milo_az@yahoo.com
Sent: Tuesday, November 08, 2005 3:51 PM
To: Mike Flanagan; Scott Morris
Cc: 'Cisco certification'
Subject: Re: Trouble configuring RSPAN

Are you sure that's a 3550. I haven't seen one with a g1/0/10 interface.
Maybe a 3750 that doesn't require a reflector port?

Mike

Mike Flanagan <mikenoc@mindspring.com> wrote:I am running 12.1(19)EA1d maybe
its an IOS thing ?

On Nov 8, 2005, at 10:03 AM, Scott Morris wrote:

> Hmmmm...
> emanon-3550-1(config)#monitor session 1 destination remote vlan 101 ?
> reflector-port Remote SPAN reflector port
>
> What version are you running? I'm running 12.1(20), and that's still
> relatively old.
>
> Scott
>
> _____
>
> From: Mike Flanagan [mailto:mikenoc@mindspring.com]
> Sent: Tuesday, November 08, 2005 10:00 AM
> To: swm@emanon.com
> Cc: 'Cisco certification'
> Subject: Re: Trouble configuring RSPAN
>
>
> I figured the command was needed but I just do not see the option to
> specify the reflector port.
>
> SW1(config)#monitor session 1 destination ?
> interface SPAN destination interface
> remote SPAN destination Remote
>
> SW1(config)#monitor session 1 destination SW1(config)#monitor session
> 1 destination ?
> interface SPAN destination interface
> remote SPAN destination Remote
>
> SW1(config)#monitor session 1 destination SW1(config)#monitor session
> 1 destination remote ?
> vlan Remote SPAN destination RSPAN VLAN
>
> SW1(config)#monitor session 1 destination remote vla
> SW1(config)#monitor session 1 destination remote vlan 101 ?
>
>
> SW1(config)#monitor session 1 destination remote vlan 101
>
>
>
>
>
>
>
>
> On Nov 8, 2005, at 9:49 AM, Scott Morris wrote:
>
>
> How about a few ?'s when setting up the monitor session destination
> command line?
>
> _____
>
> From: Mike Flanagan [mailto:mikenoc@mindspring.com]
> Sent: Tuesday, November 08, 2005 9:40 AM
> To: Scott Morris
> Cc: 'Cisco certification'
> Subject: Re: Trouble configuring RSPAN
>
>
> SW1 is the has the source port that I want SW2 to be able to view
> traffic from. The source port is 1/0/1. I am definitely confused on
> the reflector port. What I want to so is monitor traffic from port
> 1/0/1 to a port on sw2.
> From reading what the reflector port does it "SPAN traffic from the
> sources is copied onto the RSPAN VLAN through a reflector port and
> then forwarded over trunk ports that are carrying the RSPAN VLAN to
> any RSPAN destination sessions monitoring the RSPAN VLAN" So I think I
> need to add the reflector port command using the same interface 1/0/1
> instead of 1/0/10. But the problem is the switch is not allowing me to
> add the reflector port command.
> So I am sure I am missing something just do not know what it is.
>
> Thanks,
>
> Mike F.
>
>
>
> On Nov 8, 2005, at 9:02 AM, Scott Morris wrote:
>
>
> Reflector-port is a parameter specified on the source-side of the
> Remote spanning session. It's not a vlan-oriented command.
>
> HTH,
>
> Scott
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of Mike Flanagan
> Sent: Tuesday, November 08, 2005 8:57 AM
> To: Cisco certification
> Subject: Trouble configuring RSPAN
>
> Looking at the doc cd when configuring RSPAN you are to use the
> reflector-port command. I am not seeing this as an option on my
> switch. Is this needed to make this work? I just added the remote-
> vlan instead since that is the only option I had. I am running
> 12.1(19)EA1d
>
>
> Thanks,
>
> http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225sec/
> 3550scg/swspan.htm
>
>
> SW1#conf t
> Enter configuration commands, one per line. End with CNTL/Z.
> SW1(config)#vlan 101
> SW1(config-vlan)#remo
> SW1(config-vlan)#remote-span
> SW1(config-vlan)#end
> SW1#
>
> SW1(config)#monitor session 1 source interface gigabitEthernet 1/0/1
> both SW1(config)#monitor session 1 destination remote vlan 101 ?
>
>
> SW1(config)#$sion 1 destination remote vlan 101 reflector-port
> gig1/0/10 monitor session 1 destination remote vlan 101 reflector-port
> gig1/0/10 ^
>
> ______________________________________________________________________

> _
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________

> _
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________

> _
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Dennis J. Hartmann: "RE: VTP Question"
• Previous message: kevin gannon: "Re: Multicast Source Question - ??"
• Maybe in reply to: Mike Flanagan: "Trouble configuring RSPAN"
• Next in thread: Dennis J. Hartmann: "RE: Trouble configuring RSPAN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:06 GMT-3