From: Jared Scrivener (jscrivener@ipexpert.com)
Date: Fri Jan 30 2009 - 13:15:42 ARST
Hey Gaurav,
A) Your description of the "filter vlan" command is correct. It specifies
the VLANs we are interested in on the source port (presuming it is a trunk
and therefore carrying multiple VLANs).
B) The "ingress" comman enables the SPAN destination port to send traffic
back into the network (by contrast to the usual behaviour of making the
destination port unidirectional). This is often used with an IDS that may
wish to send TCP resets back.
"Ingress untagged vlan 120" would effectively send traffic back in untagged
and interpreted as coming from VLAN 120 (basically like an access port).
"Ingress dot1q vlan 120" would assume inbound traffic will come in either
tagged with a Dot1Q header or if untagged will be assigned a Dot1Q header in
VLAN 120 (so it's like an inbound trunk with VLAN 120 as the native VLAN).
Cheers,
Jared Scrivener CCIE3 #16983 (R&S, Security, SP), CISSP
Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: jscrivener@ipexpert.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
GAURAV MADAN
Sent: Friday, 30 January 2009 8:18 AM
To: Cisco certification
Subject: RSPAN query
Hi friends
Question on RSPAN .. cant try it out real soon because i dont have
infrastructure as of now .. but would like to understand meaning of 2
options below :
[A] filter vlan
[B] ingress untagged
What i have understood is :
If on source side ; I say "monitor sess 1 filter vlan 10 , 20" <=== this
means only vlan 10 and vlan 20 traffic is sent to SPAN dest .. Am i correct
in this ?
If on dest side I say
"monitor sess 1 dest f0/0 ingress untagg vlan 120"
monitor sess 1 dest f0/0 ingress dot1q vlan 120
What meaning is it implyng .. I am not ab;e to figure out this from DOCcd .
PLease help in this
Gaurav Madan
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:40 ARST