From: Andy LaPorte (andy@cloud9.net)
Date: Wed Jul 18 2007 - 00:36:58 ART
I was just going over a lab that asks to monitor a VLAN to an interface.
The goal was to monitor the received traffic.
The setup was 4 switches where 2-3 of the switches had ports assigned to the
VLAN that was to be monitored.
The solution was to setup remote spanning where the source was the
interfaces and the destination was a new VLAN for the purpose of rspan.
I'm a bit confused on when you would set the source as the interfaces verse
when can set the source as the VLAN.
Maybe an example would help with my question:
S1
Interface FA0/1 - VLAN 10
S2
Interface FA0/1 - VLAN 10
S4
(no ports in VLAN 10)
Interface FA0/1 - Monitor Destination
The solution was:
S1
VLAN 666 (this was the VTP server so it went to all switches)
Name IDS
Remote-span
Monitor session 1 source interface FA0/1
Monitor session 1 destination remote vlan 666
S2
Monitor session 1 source interface FA0/1
Monitor session 1 destination remote vlan 666
S4
Monitor session 1 source remote vlan 666
Monitor session 1 destination interface FA0/1
What I'm trying to figure out is what is the difference from the above
solution and this one:
S1
VLAN 666
Name IDS
Remote-span
Monitor session 1 source vlan 10 rx
Monitor session 1 destination remote vlan 666
S2
Monitor session 1 source vlan 10 rx
Monitor session 1 destination remote vlan 666
S4
Monitor session 1 source remote vlan 666
Monitor session 1 destination interface FA0/1
Now I understand when monitoring the Interface it monitors both tx and rx
but the request was only for received traffic. Any help would be great in
understanding this concept as I'm a bit confused even after going over the
doc's a few times.
Andy
This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:41 ART