Hi guys,
I think instead of physical interfaces you may have to source from certain
VLANs
SW1:
monitor session 1 source vlan 150 , XYZ <- 150 is a traffic from your
seconday ASA via RSPAN, XYZ is VLAN where your primary ASA interface is.
monitor session 1 dest int fa0/10 <- your monitoring station
SW2:
monitor session 1 source vlan XYZ <- VLAN where you secondary ASA interface
is (here you could use a physical interface as well)
monitor session 1 destination remote vlan 150 <- goes across to SW1
Make sure you have VLAN 150
remote-span
on each switch.
HTH
A.
On 29 June 2012 09:46, <leigh_at_leighfinch.net> wrote:
> Hi Marc,
> You are right. I just labed this up and it does not work... Unless someone
> has a better idea all I can think of is running 1 destination port for
> local span, and 1 destination port for the rspan.
>
> I would like to know if there is a better solution.
>
> leigh
>
> > That won't work. To quote your previous quote:
> >
> > "an RSPAN source session cannot have a local
> > destination port, an RSPAN destination session cannot have a local
> > source port"
> >
> > On Thu, Jun 28, 2012 at 5:10 PM, Leigh Finch <leigh_at_leighfinch.net>
> wrote:
> >
> >> Sorry, just woke up.
> >>
> >> Even better set switch 1 to dump to rspan as well.
> >>
> >> SW1:
> >>
> >> monitor session 1 source interface Fa0/19
> >> monitor session 1 destination remote vlan 150
> >> monitor session 2 source remote vlan 150
> >> monitor session 2 dest int fa0/10
> >>
> >> SW2:
> >>
> >> monitor session 1 source interface Fa0/19
> >> monitor session 1 destination remote vlan 150
> >>
> >>
> >> Should do the trick.
> >>
> >> leigh
> >>
> >>
> >> On 29/06/12 7:35 AM, Leigh Finch wrote:
> >>
> >>> Hi Johnny,
> >>> From the DOC CD:
> >>>
> >>> http://www.cisco.com/en/US/**docs/switches/lan/**
> >>> catalyst3560/software/release/**12.2_44_se/configuration/**
> >>> guide/swspan.html#wp1210541<
> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swspan.html#wp1210541
> >
> >>>
> >>> " The switch does not support a combination of local SPAN and RSPAN in
> >>> a
> >>> single session. That is, an RSPAN source session cannot have a local
> >>> destination port, an RSPAN destination session cannot have a local
> >>> source port, and an RSPAN destination session and an RSPAN source
> >>> session that are using the same RSPAN VLAN cannot run on the same
> >>> switch.
> >>> "
> >>>
> >>> On destination ports,
> >>>
> >>> " It can participate in only one SPAN session at a time (a destination
> >>> port in one SPAN session cannot be a destination port for a second SPAN
> >>> session). "
> >>>
> >>> I would be looking at running another port up from you switch to your
> >>> capture server for the rspan.
> >>>
> >>> leigh
> >>>
> >>> On 29/06/12 2:19 AM, Johnny Morris wrote:
> >>>
> >>>> Hi All,
> >>>>
> >>>> 1 - Monitoring Server
> >>>> 2 - Cisco 3560 switches
> >>>> 2 - ASA's in active/standby mode
> >>>>
> >>>>
> >>>> I have one monitoring server configured to capture SPAN traffic
> >>>> connected
> >>>> to the primary switch fa0/19. The monitoring destination port is
> >>>> fa0/10
> >>>> on
> >>>> the primary switch. The primary switch is etherchannel to the
> >>>> secondary
> >>>> switch via g0/1-2. There inside interface of the Active ASA is
> >>>> connected
> >>>> to
> >>>> fa0/19 Primary switch and Standby on secondary switch fa0/19.
> >>>>
> >>>> Currently SPAN is working on the primary device, however in failover
> >>>> environment I have noticed that RSPAN is not configure to capture the
> >>>> fa0/19 on the secondary switch. When I labbed this up and configured
> >>>> an
> >>>> RSPAN vlan on both switches and added the RSPAN vlan to the MST
> >>>> instance
> >>>> I
> >>>> then configured the following:
> >>>>
> >>>> SW1:
> >>>>
> >>>> Existing SPAN configs:
> >>>>
> >>>> !
> >>>> monitor session 1 source interface Fa0/19
> >>>> monitor session 1 destination interface Fa0/10
> >>>> !
> >>>>
> >>>> SW2:
> >>>>
> >>>> !
> >>>>
> >>>> monitor session 1 source interface Fa0/19
> >>>>
> >>>> monitor session 1 destination remote vlan 150
> >>>> !
> >>>>
> >>>> Attempt 1:
> >>>>
> >>>> Tried to add the following RSPAN source on SW1:
> >>>>
> >>>> monitor session 1 source remote vlan 150
> >>>>
> >>>> Received error:
> >>>>
> >>>> (config)#monitor session 1 source remote vlan 150
> >>>> % Cannot add RSPAN VLAN as source for SPAN session 1 as it is not a
> >>>> RSPAN
> >>>> Destination session
> >>>>
> >>>> Attempt 2:
> >>>>
> >>>> tried to add a second monitor session and it also failed:
> >>>>
> >>>> Great_Bend-SW1(config)#monitor session 2 source remote vlan 150
> >>>> Great_Bend-SW1(config)#monitor session 2 dest int fa0/10
> >>>> % Interface(s) Fa0/10 already configured as monitor destinations in
> >>>> other
> >>>> monitor sessions
> >>>>
> >>>>
> >>>>
> >>>> Is there a way anyone can think of to monitor a local source interface
> >>>> and
> >>>> remote vlan using the same destination? Is there an issue as to why it
> >>>> cannot be done or is this something Cisco should update/allow in an
> >>>> IOS
> >>>> code? I don't have an additional NIC on the monitoring server to
> >>>> monitor
> >>>> otherwise it would work.
> >>>>
> >>>>
> >>>> Much appreciated !
> >>>>
> >>>>
> >>>> Blogs and organic groups at http://www.ccie.net
> >>>>
> >>>> ______________________________**______________________________**
> >>>> ___________
> >>>> Subscription information may be found at:
> >>>> http://www.groupstudy.com/**list/CCIELab.html<
> http://www.groupstudy.com/list/CCIELab.html>
> >>>>
> >>>
> >>> Blogs and organic groups at http://www.ccie.net
> >>>
> >>> ______________________________**______________________________**
> >>> ___________
> >>> Subscription information may be found at:
> >>> http://www.groupstudy.com/**list/CCIELab.html<
> http://www.groupstudy.com/list/CCIELab.html>
> >>>
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> ______________________________**______________________________**
> >> ___________
> >> Subscription information may be found at: http://www.groupstudy.com/**
> >> list/CCIELab.html <http://www.groupstudy.com/list/CCIELab.html>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >
> >
> > --
> > Marc Abel
> > CCIE #35470
> > (Routing and Switching)
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Jun 29 2012 - 10:55:29 ART
This archive was generated by hypermail 2.2.0 : Sun Jul 01 2012 - 10:39:53 ART