Hi Marc,
You are right. I just labed this up and it does not work... Unless someone
has a better idea all I can think of is running 1 destination port for
local span, and 1 destination port for the rspan.
I would like to know if there is a better solution.
leigh
> That won't work. To quote your previous quote:
>
> "an RSPAN source session cannot have a local
> destination port, an RSPAN destination session cannot have a local
> source port"
>
> On Thu, Jun 28, 2012 at 5:10 PM, Leigh Finch <leigh_at_leighfinch.net> wrote:
>
>> Sorry, just woke up.
>>
>> Even better set switch 1 to dump to rspan as well.
>>
>> SW1:
>>
>> monitor session 1 source interface Fa0/19
>> monitor session 1 destination remote vlan 150
>> monitor session 2 source remote vlan 150
>> monitor session 2 dest int fa0/10
>>
>> SW2:
>>
>> monitor session 1 source interface Fa0/19
>> monitor session 1 destination remote vlan 150
>>
>>
>> Should do the trick.
>>
>> leigh
>>
>>
>> On 29/06/12 7:35 AM, Leigh Finch wrote:
>>
>>> Hi Johnny,
>>> From the DOC CD:
>>>
>>> http://www.cisco.com/en/US/**docs/switches/lan/**
>>> catalyst3560/software/release/**12.2_44_se/configuration/**
>>> guide/swspan.html#wp1210541<http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swspan.html#wp1210541>
>>>
>>> " The switch does not support a combination of local SPAN and RSPAN in
>>> a
>>> single session. That is, an RSPAN source session cannot have a local
>>> destination port, an RSPAN destination session cannot have a local
>>> source port, and an RSPAN destination session and an RSPAN source
>>> session that are using the same RSPAN VLAN cannot run on the same
>>> switch.
>>> "
>>>
>>> On destination ports,
>>>
>>> " It can participate in only one SPAN session at a time (a destination
>>> port in one SPAN session cannot be a destination port for a second SPAN
>>> session). "
>>>
>>> I would be looking at running another port up from you switch to your
>>> capture server for the rspan.
>>>
>>> leigh
>>>
>>> On 29/06/12 2:19 AM, Johnny Morris wrote:
>>>
>>>> Hi All,
>>>>
>>>> 1 - Monitoring Server
>>>> 2 - Cisco 3560 switches
>>>> 2 - ASA's in active/standby mode
>>>>
>>>>
>>>> I have one monitoring server configured to capture SPAN traffic
>>>> connected
>>>> to the primary switch fa0/19. The monitoring destination port is
>>>> fa0/10
>>>> on
>>>> the primary switch. The primary switch is etherchannel to the
>>>> secondary
>>>> switch via g0/1-2. There inside interface of the Active ASA is
>>>> connected
>>>> to
>>>> fa0/19 Primary switch and Standby on secondary switch fa0/19.
>>>>
>>>> Currently SPAN is working on the primary device, however in failover
>>>> environment I have noticed that RSPAN is not configure to capture the
>>>> fa0/19 on the secondary switch. When I labbed this up and configured
>>>> an
>>>> RSPAN vlan on both switches and added the RSPAN vlan to the MST
>>>> instance
>>>> I
>>>> then configured the following:
>>>>
>>>> SW1:
>>>>
>>>> Existing SPAN configs:
>>>>
>>>> !
>>>> monitor session 1 source interface Fa0/19
>>>> monitor session 1 destination interface Fa0/10
>>>> !
>>>>
>>>> SW2:
>>>>
>>>> !
>>>>
>>>> monitor session 1 source interface Fa0/19
>>>>
>>>> monitor session 1 destination remote vlan 150
>>>> !
>>>>
>>>> Attempt 1:
>>>>
>>>> Tried to add the following RSPAN source on SW1:
>>>>
>>>> monitor session 1 source remote vlan 150
>>>>
>>>> Received error:
>>>>
>>>> (config)#monitor session 1 source remote vlan 150
>>>> % Cannot add RSPAN VLAN as source for SPAN session 1 as it is not a
>>>> RSPAN
>>>> Destination session
>>>>
>>>> Attempt 2:
>>>>
>>>> tried to add a second monitor session and it also failed:
>>>>
>>>> Great_Bend-SW1(config)#monitor session 2 source remote vlan 150
>>>> Great_Bend-SW1(config)#monitor session 2 dest int fa0/10
>>>> % Interface(s) Fa0/10 already configured as monitor destinations in
>>>> other
>>>> monitor sessions
>>>>
>>>>
>>>>
>>>> Is there a way anyone can think of to monitor a local source interface
>>>> and
>>>> remote vlan using the same destination? Is there an issue as to why it
>>>> cannot be done or is this something Cisco should update/allow in an
>>>> IOS
>>>> code? I don't have an additional NIC on the monitoring server to
>>>> monitor
>>>> otherwise it would work.
>>>>
>>>>
>>>> Much appreciated !
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> ______________________________**______________________________**
>>>> ___________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/**list/CCIELab.html<http://www.groupstudy.com/list/CCIELab.html>
>>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> ______________________________**______________________________**
>>> ___________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/**list/CCIELab.html<http://www.groupstudy.com/list/CCIELab.html>
>>>
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> ______________________________**______________________________**
>> ___________
>> Subscription information may be found at: http://www.groupstudy.com/**
>> list/CCIELab.html <http://www.groupstudy.com/list/CCIELab.html>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Marc Abel
> CCIE #35470
> (Routing and Switching)
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Jun 29 2012 - 09:46:59 ART
This archive was generated by hypermail 2.2.0 : Sun Jul 01 2012 - 10:39:53 ART