Thank Jay & Marc,
I got it.
and when i tried to configure RSPAN & SPAN as source in same monitor
session, i get below error. is that mean we cannot configure SPAN & RSPAN
as source in same monitor session
"% Cannot add RSPAN VLAN as source for SPAN session 1 as it is not a RSPAN
Destination session "
my intention is to replicate all the vlan 61 & 73 receiving packet in both
switches to snifer connected to DAS-SW4 fa 0/12
configuration as below
DAS-switch1
-----
vlan 101
remote-span
monitor sess 1 source vlan 61 73 rx
monitor sess 1 destination remote vlan 101
DAS-SW4
---------
vlan 101
remote-span
DAS-SW4#monitor session 1 source vlan 61 ,73 rx
DAS-SW4(config)#monitor session 1 source vlan 61 ,73 rx
DAS-SW4(config)#monitor session 1 source remote vlan 101
% Cannot add RSPAN VLAN as source for SPAN session 1 as it is not a RSPAN
Destination session
DAS-SW4(config)#monitor session 1 destination interface Fa0/12
On Fri, Jan 13, 2012 at 1:18 AM, Jay McMickle <jay.mcmickle_at_yahoo.com>wrote:
> Yes, that's what I meant. You can't make a PO a destination, only
> source. Also, it looks like you were correct in the encapsulate replicate
> is to obtain the tagged packets as well. Default is only untagged packets.
>
> *
> Characteristics of Source Ports
> *
> A source port, also called a monitored port, is a switched interface that
> you monitor for network traffic
> analysis. The switch supports any number of ingress source ports (up to
> the maximum number of
> available ports on the switch) and any number of source VLANs or VSANs.
> A source port has these characteristics:
> *
> �
> *Can be of any port type: Ethernet, Fibre Channel, virtual Fibre Channel,
port
> channel, SAN port
> channel, VLAN, and VSAN.
>
> *
> Characteristics of Destination Ports
> *
> Each local SPAN session must have a destination port (also called a
> monitoring port) that receives a copy
> of traffic from the source ports, VLANs, or VSANs. A destination port has
> these characteristics:
> *
> �
> *Can be any physical port, Ethernet, Ethernet (FCoE), or Fibre Channel,
> and virtual Fibre Channel
> ports cannot be destination ports.
> *
> �
> *Cannot be a source port.*
> �
> *Cannot be a port channel or SAN port channel group.
>
>
>
http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/configuratio
n/guide/cli/Span.pdf
>
>
> Regards,
> Jay McMickle- CCNP, CCSP, CCDP, MCSE
> http://mycciepursuit.wordpress.com/
>
> Support me in the MS150 Challenge!
>
>
http://main.nationalmssociety.org/site/TR/Bike/TXHBikeEvents?px=5886043&pg=pe
rsonal&fr_id=17896
>
>
> *From:* marc abel <marcabel_at_gmail.com>
> *To:* Jay McMickle <jay.mcmickle_at_yahoo.com>
> *Cc:* ccie pal <ccie.pal_at_gmail.com>; Chris Moore (CCIE Vegas) <
> chris.moore44_at_gmail.com>; Steve Dibias (Gmail) <sdibias_at_gmail.com>
> *Sent:* Thursday, January 12, 2012 7:58 AM
> *Subject:* Re: SPAN in port channel
>
> I believe the command has to do with whether to preserve the vlan tags on
> the trunk. Most traffic analyzers are going to want all the traffic
> untagged,
>
> I am a little confused by what you mean Jay. A port-channel link can be a
> span source, but not a span destination port. Is this what you mean?
>
> -Marc
>
> On Thu, Jan 12, 2012 at 6:40 AM, Jay McMickle
<jay.mcmickle_at_yahoo.com>wrote:
>
> No, I'm not sure about ye effects of ye replicate command.
>
> I just wanted to make sure you knew port-channel could only receive spam
> and not send.
>
> Marc/Steve/Chris- are you guys familiar with the span encapsulate effects?
>
>
> Regards,
> Jay McMickle- CCNP,CCSP,CCDP
> Sent from my iPhone
> http://mycciepursuit.wordpress.com
>
>
> On Jan 11, 2012, at 10:42 PM, ccie pal <ccie.pal_at_gmail.com> wrote:
>
> thanks, is that means if i used encapsulate replicate, i ll get only rx
> traffic not tx traffic.
> But the cisco doc said
>
> Specify if you want to get tagged traffic. Otherwise it will be forwarded
> to the destination port in the state of untagged packets by default.
>
>
> On Thu, Jan 12, 2012 at 4:32 AM, Jay McMickle
<jay.mcmickle_at_yahoo.com>wrote:
>
> Without. Also, you also have it correct in that you can only receive span
> sessions on port-channels (not send).
>
> Use your second option you sent.
>
> Regards,
> Jay McMickle- CCNP,CCSP,CCDP
> Sent from my iPhone
> http://mycciepursuit.wordpress.com
>
>
> On Jan 11, 2012, at 11:05 AM, ccie pal <ccie.pal_at_gmail.com> wrote:
>
> > Hi Guys,
> >
> > i need to monitor any traffic flowing thru the trunks between two
> switches
> > ( port- channel configured) . Do i want to use "encapsulation replicate"
> > with monitor destination
> >
> > monitor sess 1 source po 1 both
> > monitor sess 1 destination int fa 0/1 encapsulation replicate
> >
> > or with out
> >
> > monitor sess 1 source po 1 both
> > monitor sess 1 destination int fa 0/1
> >
> > Please advice.
> >
> > Thanks
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Jan 13 2012 - 11:08:28 ART