Re: RSPAN query

From: GAURAV MADAN (gauravmadan1177@gmail.com)
Date: Sun Feb 01 2009 - 02:24:19 ARST

• Next message: Narbik Kocharians: "Re: about OSPF router ID"
• Previous message: NET HE: "RE: RSPAN causing an l2protocol tunnel-like effect"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thnx for explanation Jared.

On Fri, Jan 30, 2009 at 8:45 PM, Jared Scrivener <jscrivener@ipexpert.com>wrote:

> Hey Gaurav,
>
> A) Your description of the "filter vlan" command is correct. It specifies
> the VLANs we are interested in on the source port (presuming it is a trunk
> and therefore carrying multiple VLANs).
>
> B) The "ingress" comman enables the SPAN destination port to send traffic
> back into the network (by contrast to the usual behaviour of making the
> destination port unidirectional). This is often used with an IDS that may
> wish to send TCP resets back.
>
> "Ingress untagged vlan 120" would effectively send traffic back in untagged
> and interpreted as coming from VLAN 120 (basically like an access port).
> "Ingress dot1q vlan 120" would assume inbound traffic will come in either
> tagged with a Dot1Q header or if untagged will be assigned a Dot1Q header
> in
> VLAN 120 (so it's like an inbound trunk with VLAN 120 as the native VLAN).
>
> Cheers,
>
> Jared Scrivener CCIE3 #16983 (R&S, Security, SP), CISSP
> Technical Instructor - IPexpert, Inc.
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> Mailto: jscrivener@ipexpert.com
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> GAURAV MADAN
> Sent: Friday, 30 January 2009 8:18 AM
> To: Cisco certification
> Subject: RSPAN query
>
> Hi friends
>
> Question on RSPAN .. cant try it out real soon because i dont have
> infrastructure as of now .. but would like to understand meaning of 2
> options below :
>
> [A] filter vlan
> [B] ingress untagged
>
> What i have understood is :
>
> If on source side ; I say "monitor sess 1 filter vlan 10 , 20" <=== this
> means only vlan 10 and vlan 20 traffic is sent to SPAN dest .. Am i correct
> in this ?
>
> If on dest side I say
>
> "monitor sess 1 dest f0/0 ingress untagg vlan 120"
>
> monitor sess 1 dest f0/0 ingress dot1q vlan 120
>
> What meaning is it implyng .. I am not ab;e to figure out this from DOCcd .
>
> PLease help in this
>
> Gaurav Madan
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Narbik Kocharians: "Re: about OSPF router ID"
• Previous message: NET HE: "RE: RSPAN causing an l2protocol tunnel-like effect"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:09 ARST