don't say source remote vlan, just say source vlan
give it a test
On 29 June 2012 11:12, Leigh Finch <leigh_at_leighfinch.net> wrote:
> Hi Alexei,
> Unfortunately you can only specify one vlan four a source when you use the
> remote flag (monitor session source remote vlan 150).
>
> I got it working, I'm not sure why it didn't before (I wiped my config).
>
> SW1#sh run | i monitor session
> monitor session 1 destination interface Gi1/0/48
> monitor session 1 source remote vlan 999
> monitor session 2 source interface Gi1/0/1
> monitor session 2 destination remote vlan 999
> SW1#sh monitor session all
> Session 1
> ---------
> Type : Remote Destination Session
> Source RSPAN VLAN : 999
> Destination Ports : Gi1/0/48
> Encapsulation : Native
> Ingress : Disabled
>
>
> Session 2
> ---------
> Type : Remote Source Session
> Source Ports :
> Both : Gi1/0/1
> Dest RSPAN VLAN : 999
>
>
> SW1#
> SW2#sh run | i monitor
> monitor session 1 source interface Gi1/0/1
> monitor session 1 destination remote vlan 999
> SW2#sh monitor session all
> Session 1
> ---------
> Type : Remote Source Session
> Source Ports :
> Both : Gi1/0/1
> Dest RSPAN VLAN : 999
>
>
> SW2#
>
> leigh
>
> > Hi guys,
> >
> > I think instead of physical interfaces you may have to source from
> certain
> > VLANs
> >
> > SW1:
> > monitor session 1 source vlan 150 , XYZ <- 150 is a traffic from your
> > seconday ASA via RSPAN, XYZ is VLAN where your primary ASA interface is.
> >
> > monitor session 1 dest int fa0/10 <- your monitoring station
> >
> >
> > SW2:
> > monitor session 1 source vlan XYZ <- VLAN where you secondary ASA
> > interface
> > is (here you could use a physical interface as well)
> >
> > monitor session 1 destination remote vlan 150 <- goes across to SW1
> >
> > Make sure you have VLAN 150
> > remote-span
> >
> > on each switch.
> >
> > HTH
> > A.
> >
> > On 29 June 2012 09:46, <leigh_at_leighfinch.net> wrote:
> >
> >> Hi Marc,
> >> You are right. I just labed this up and it does not work... Unless
> >> someone
> >> has a better idea all I can think of is running 1 destination port for
> >> local span, and 1 destination port for the rspan.
> >>
> >> I would like to know if there is a better solution.
> >>
> >> leigh
> >>
> >> > That won't work. To quote your previous quote:
> >> >
> >> > "an RSPAN source session cannot have a local
> >> > destination port, an RSPAN destination session cannot have a local
> >> > source port"
> >> >
> >> > On Thu, Jun 28, 2012 at 5:10 PM, Leigh Finch <leigh_at_leighfinch.net>
> >> wrote:
> >> >
> >> >> Sorry, just woke up.
> >> >>
> >> >> Even better set switch 1 to dump to rspan as well.
> >> >>
> >> >> SW1:
> >> >>
> >> >> monitor session 1 source interface Fa0/19
> >> >> monitor session 1 destination remote vlan 150
> >> >> monitor session 2 source remote vlan 150
> >> >> monitor session 2 dest int fa0/10
> >> >>
> >> >> SW2:
> >> >>
> >> >> monitor session 1 source interface Fa0/19
> >> >> monitor session 1 destination remote vlan 150
> >> >>
> >> >>
> >> >> Should do the trick.
> >> >>
> >> >> leigh
> >> >>
> >> >>
> >> >> On 29/06/12 7:35 AM, Leigh Finch wrote:
> >> >>
> >> >>> Hi Johnny,
> >> >>> From the DOC CD:
> >> >>>
> >> >>> http://www.cisco.com/en/US/**docs/switches/lan/**
> >> >>> catalyst3560/software/release/**12.2_44_se/configuration/**
> >> >>> guide/swspan.html#wp1210541<
> >>
> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swspan.html#wp1210541
> >> >
> >> >>>
> >> >>> " The switch does not support a combination of local SPAN and RSPAN
> >> in
> >> >>> a
> >> >>> single session. That is, an RSPAN source session cannot have a local
> >> >>> destination port, an RSPAN destination session cannot have a local
> >> >>> source port, and an RSPAN destination session and an RSPAN source
> >> >>> session that are using the same RSPAN VLAN cannot run on the same
> >> >>> switch.
> >> >>> "
> >> >>>
> >> >>> On destination ports,
> >> >>>
> >> >>> " It can participate in only one SPAN session at a time (a
> >> destination
> >> >>> port in one SPAN session cannot be a destination port for a second
> >> SPAN
> >> >>> session). "
> >> >>>
> >> >>> I would be looking at running another port up from you switch to
> >> your
> >> >>> capture server for the rspan.
> >> >>>
> >> >>> leigh
> >> >>>
> >> >>> On 29/06/12 2:19 AM, Johnny Morris wrote:
> >> >>>
> >> >>>> Hi All,
> >> >>>>
> >> >>>> 1 - Monitoring Server
> >> >>>> 2 - Cisco 3560 switches
> >> >>>> 2 - ASA's in active/standby mode
> >> >>>>
> >> >>>>
> >> >>>> I have one monitoring server configured to capture SPAN traffic
> >> >>>> connected
> >> >>>> to the primary switch fa0/19. The monitoring destination port is
> >> >>>> fa0/10
> >> >>>> on
> >> >>>> the primary switch. The primary switch is etherchannel to the
> >> >>>> secondary
> >> >>>> switch via g0/1-2. There inside interface of the Active ASA is
> >> >>>> connected
> >> >>>> to
> >> >>>> fa0/19 Primary switch and Standby on secondary switch fa0/19.
> >> >>>>
> >> >>>> Currently SPAN is working on the primary device, however in
> >> failover
> >> >>>> environment I have noticed that RSPAN is not configure to capture
> >> the
> >> >>>> fa0/19 on the secondary switch. When I labbed this up and
> >> configured
> >> >>>> an
> >> >>>> RSPAN vlan on both switches and added the RSPAN vlan to the MST
> >> >>>> instance
> >> >>>> I
> >> >>>> then configured the following:
> >> >>>>
> >> >>>> SW1:
> >> >>>>
> >> >>>> Existing SPAN configs:
> >> >>>>
> >> >>>> !
> >> >>>> monitor session 1 source interface Fa0/19
> >> >>>> monitor session 1 destination interface Fa0/10
> >> >>>> !
> >> >>>>
> >> >>>> SW2:
> >> >>>>
> >> >>>> !
> >> >>>>
> >> >>>> monitor session 1 source interface Fa0/19
> >> >>>>
> >> >>>> monitor session 1 destination remote vlan 150
> >> >>>> !
> >> >>>>
> >> >>>> Attempt 1:
> >> >>>>
> >> >>>> Tried to add the following RSPAN source on SW1:
> >> >>>>
> >> >>>> monitor session 1 source remote vlan 150
> >> >>>>
> >> >>>> Received error:
> >> >>>>
> >> >>>> (config)#monitor session 1 source remote vlan 150
> >> >>>> % Cannot add RSPAN VLAN as source for SPAN session 1 as it is not a
> >> >>>> RSPAN
> >> >>>> Destination session
> >> >>>>
> >> >>>> Attempt 2:
> >> >>>>
> >> >>>> tried to add a second monitor session and it also failed:
> >> >>>>
> >> >>>> Great_Bend-SW1(config)#monitor session 2 source remote vlan 150
> >> >>>> Great_Bend-SW1(config)#monitor session 2 dest int fa0/10
> >> >>>> % Interface(s) Fa0/10 already configured as monitor destinations in
> >> >>>> other
> >> >>>> monitor sessions
> >> >>>>
> >> >>>>
> >> >>>>
> >> >>>> Is there a way anyone can think of to monitor a local source
> >> interface
> >> >>>> and
> >> >>>> remote vlan using the same destination? Is there an issue as to why
> >> it
> >> >>>> cannot be done or is this something Cisco should update/allow in an
> >> >>>> IOS
> >> >>>> code? I don't have an additional NIC on the monitoring server to
> >> >>>> monitor
> >> >>>> otherwise it would work.
> >> >>>>
> >> >>>>
> >> >>>> Much appreciated !
> >> >>>>
> >> >>>>
> >> >>>> Blogs and organic groups at http://www.ccie.net
> >> >>>>
> >> >>>> ______________________________**______________________________**
> >> >>>> ___________
> >> >>>> Subscription information may be found at:
> >> >>>> http://www.groupstudy.com/**list/CCIELab.html<
> >> http://www.groupstudy.com/list/CCIELab.html>
> >> >>>>
> >> >>>
> >> >>> Blogs and organic groups at http://www.ccie.net
> >> >>>
> >> >>> ______________________________**______________________________**
> >> >>> ___________
> >> >>> Subscription information may be found at:
> >> >>> http://www.groupstudy.com/**list/CCIELab.html<
> >> http://www.groupstudy.com/list/CCIELab.html>
> >> >>>
> >> >>
> >> >>
> >> >> Blogs and organic groups at http://www.ccie.net
> >> >>
> >> >> ______________________________**______________________________**
> >> >> ___________
> >> >> Subscription information may be found at:
> >> http://www.groupstudy.com/**
> >> >> list/CCIELab.html <http://www.groupstudy.com/list/CCIELab.html>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >
> >> >
> >> > --
> >> > Marc Abel
> >> > CCIE #35470
> >> > (Routing and Switching)
> >> >
> >> >
> >> > Blogs and organic groups at http://www.ccie.net
> >> >
> >> >
> _______________________________________________________________________
> >> > Subscription information may be found at:
> >> > http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Jun 29 2012 - 12:22:40 ART
This archive was generated by hypermail 2.2.0 : Sun Jul 01 2012 - 10:39:53 ART