Hi Faisal,
Just to add a little bit on what Gary and Nico have explained well.
On some of Cisco switches (2K, 3K, and the rest in the same family), a SPAN
session does not pick up those L2 frames (BPDUs, EAP/EAPoL, etc) outbound on
the port by default. Although the same SPAN session will pick up all inbound
frames just fine.
Add the "encapsulate replicate" keywords to the end of the "monitor session"
CLI to change this default behavior.
Hope that adds a little bit of information.
Thanks,
Sadiq
On Tue, Nov 30, 2010 at 1:27 PM, Faisal Ilyas <faisal.learning_at_gmail.com>wrote:
> thanks all for you time ...
>
>
>
> On Tue, Nov 30, 2010 at 4:22 PM, garry baker <baker.garry_at_gmail.com>
> wrote:
>
> > "RSPAN VLANs must be configured in VLAN configuration mode by using the *
> > remote-span* VLAN configuration mode command."
> >
> >
> >
>
> http://www.cisco.com/en/US/customer/docs/switches/lan/catalyst3560/software/r
> elease/12.2_55_se/configuration/guide/swspan.html#wp1200730<http://www.cisco.com/en/US/customer/docs/switches/lan/catalyst3560/software/r%0Aelease/12.2_55_se/configuration/guide/swspan.html#wp1200730>
> >
> >
> > "However, when you enter the *encapsulation replicate *keywords when
> > configuring a destination port, these changes occur:
> >
> > Packets are sent on the destination port with the same
> > encapsulation untagged, Inter-Switch Link (ISL), or IEEE 802.1Q that they
> > had on the source port.
> >
> > Packets of all types, including BPDU and Layer 2 protocol packets, are
> > monitored.
> >
> > Therefore, a local SPAN session with encapsulation replicate enabled can
> > have a mixture of untagged, ISL, and IEEE 802.1Q tagged packets appear on
> > the destination port"
> >
> >
> >
>
> http://www.cisco.com/en/US/customer/docs/switches/lan/catalyst3560/software/r
> elease/12.2_55_se/configuration/guide/swspan.html#wp1200730<http://www.cisco.com/en/US/customer/docs/switches/lan/catalyst3560/software/r%0Aelease/12.2_55_se/configuration/guide/swspan.html#wp1200730>
> > --
> > Garry L. Baker
> >
> > "There is no 'patch' for stupidity." - www.sqlsecurity.com
> >
> >
> > On Tue, Nov 30, 2010 at 2:14 AM, Faisal Ilyas
> <faisal.learning_at_gmail.com>wrote:
> >
> >> Salam,
> >>
> >> - In RSPAN do we always have to create a separate VLAN to pass the
> mirror
> >> traffic to the destination port ?
> >> - Does encapsulation replicate has to be put on the destination port ?
> >> will
> >> it only help to forward the traffic like BPDUs, CDP, etc to the
> >> destination
> >> port ?
> >>
> >> --
> >> Regards,
> >> M. Faisal.
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >
>
>
> --
> Regards,
> M. Faisal.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- CCIEx2 (R&S|Sec) #19963 Blogs and organic groups at http://www.ccie.netReceived on Tue Nov 30 2010 - 15:10:20 ART
This archive was generated by hypermail 2.2.0 : Sun Dec 05 2010 - 22:14:56 ART