Hi Alexei,
You are correct, it does work :) This makes me question what the point of
source remote vlan is?
leigh
> don't say source remote vlan, just say source vlan
> give it a test
>
> On 29 June 2012 11:12, Leigh Finch <leigh_at_leighfinch.net> wrote:
>
>> Hi Alexei,
>> Unfortunately you can only specify one vlan four a source when you use
>> the
>> remote flag (monitor session source remote vlan 150).
>>
>> I got it working, I'm not sure why it didn't before (I wiped my config).
>>
>> SW1#sh run | i monitor session
>> monitor session 1 destination interface Gi1/0/48
>> monitor session 1 source remote vlan 999
>> monitor session 2 source interface Gi1/0/1
>> monitor session 2 destination remote vlan 999
>> SW1#sh monitor session all
>> Session 1
>> ---------
>> Type : Remote Destination Session
>> Source RSPAN VLAN : 999
>> Destination Ports : Gi1/0/48
>> Encapsulation : Native
>> Ingress : Disabled
>>
>>
>> Session 2
>> ---------
>> Type : Remote Source Session
>> Source Ports :
>> Both : Gi1/0/1
>> Dest RSPAN VLAN : 999
>>
>>
>> SW1#
>> SW2#sh run | i monitor
>> monitor session 1 source interface Gi1/0/1
>> monitor session 1 destination remote vlan 999
>> SW2#sh monitor session all
>> Session 1
>> ---------
>> Type : Remote Source Session
>> Source Ports :
>> Both : Gi1/0/1
>> Dest RSPAN VLAN : 999
>>
>>
>> SW2#
>>
>> leigh
>>
>> > Hi guys,
>> >
>> > I think instead of physical interfaces you may have to source from
>> certain
>> > VLANs
>> >
>> > SW1:
>> > monitor session 1 source vlan 150 , XYZ <- 150 is a traffic from your
>> > seconday ASA via RSPAN, XYZ is VLAN where your primary ASA interface
>> is.
>> >
>> > monitor session 1 dest int fa0/10 <- your monitoring station
>> >
>> >
>> > SW2:
>> > monitor session 1 source vlan XYZ <- VLAN where you secondary ASA
>> > interface
>> > is (here you could use a physical interface as well)
>> >
>> > monitor session 1 destination remote vlan 150 <- goes across to SW1
>> >
>> > Make sure you have VLAN 150
>> > remote-span
>> >
>> > on each switch.
>> >
>> > HTH
>> > A.
>> >
>> > On 29 June 2012 09:46, <leigh_at_leighfinch.net> wrote:
>> >
>> >> Hi Marc,
>> >> You are right. I just labed this up and it does not work... Unless
>> >> someone
>> >> has a better idea all I can think of is running 1 destination port
>> for
>> >> local span, and 1 destination port for the rspan.
>> >>
>> >> I would like to know if there is a better solution.
>> >>
>> >> leigh
>> >>
>> >> > That won't work. To quote your previous quote:
>> >> >
>> >> > "an RSPAN source session cannot have a local
>> >> > destination port, an RSPAN destination session cannot have a local
>> >> > source port"
>> >> >
>> >> > On Thu, Jun 28, 2012 at 5:10 PM, Leigh Finch <leigh_at_leighfinch.net>
>> >> wrote:
>> >> >
>> >> >> Sorry, just woke up.
>> >> >>
>> >> >> Even better set switch 1 to dump to rspan as well.
>> >> >>
>> >> >> SW1:
>> >> >>
>> >> >> monitor session 1 source interface Fa0/19
>> >> >> monitor session 1 destination remote vlan 150
>> >> >> monitor session 2 source remote vlan 150
>> >> >> monitor session 2 dest int fa0/10
>> >> >>
>> >> >> SW2:
>> >> >>
>> >> >> monitor session 1 source interface Fa0/19
>> >> >> monitor session 1 destination remote vlan 150
>> >> >>
>> >> >>
>> >> >> Should do the trick.
>> >> >>
>> >> >> leigh
>> >> >>
>> >> >>
>> >> >> On 29/06/12 7:35 AM, Leigh Finch wrote:
>> >> >>
>> >> >>> Hi Johnny,
>> >> >>> From the DOC CD:
>> >> >>>
>> >> >>> http://www.cisco.com/en/US/**docs/switches/lan/**
>> >> >>> catalyst3560/software/release/**12.2_44_se/configuration/**
>> >> >>> guide/swspan.html#wp1210541<
>> >>
>> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swspan.html#wp1210541
>> >> >
>> >> >>>
>> >> >>> " The switch does not support a combination of local SPAN and
>> RSPAN
>> >> in
>> >> >>> a
>> >> >>> single session. That is, an RSPAN source session cannot have a
>> local
>> >> >>> destination port, an RSPAN destination session cannot have a
>> local
>> >> >>> source port, and an RSPAN destination session and an RSPAN source
>> >> >>> session that are using the same RSPAN VLAN cannot run on the same
>> >> >>> switch.
>> >> >>> "
>> >> >>>
>> >> >>> On destination ports,
>> >> >>>
>> >> >>> " It can participate in only one SPAN session at a time (a
>> >> destination
>> >> >>> port in one SPAN session cannot be a destination port for a
>> second
>> >> SPAN
>> >> >>> session). "
>> >> >>>
>> >> >>> I would be looking at running another port up from you switch to
>> >> your
>> >> >>> capture server for the rspan.
>> >> >>>
>> >> >>> leigh
>> >> >>>
>> >> >>> On 29/06/12 2:19 AM, Johnny Morris wrote:
>> >> >>>
>> >> >>>> Hi All,
>> >> >>>>
>> >> >>>> 1 - Monitoring Server
>> >> >>>> 2 - Cisco 3560 switches
>> >> >>>> 2 - ASA's in active/standby mode
>> >> >>>>
>> >> >>>>
>> >> >>>> I have one monitoring server configured to capture SPAN traffic
>> >> >>>> connected
>> >> >>>> to the primary switch fa0/19. The monitoring destination port is
>> >> >>>> fa0/10
>> >> >>>> on
>> >> >>>> the primary switch. The primary switch is etherchannel to the
>> >> >>>> secondary
>> >> >>>> switch via g0/1-2. There inside interface of the Active ASA is
>> >> >>>> connected
>> >> >>>> to
>> >> >>>> fa0/19 Primary switch and Standby on secondary switch fa0/19.
>> >> >>>>
>> >> >>>> Currently SPAN is working on the primary device, however in
>> >> failover
>> >> >>>> environment I have noticed that RSPAN is not configure to
>> capture
>> >> the
>> >> >>>> fa0/19 on the secondary switch. When I labbed this up and
>> >> configured
>> >> >>>> an
>> >> >>>> RSPAN vlan on both switches and added the RSPAN vlan to the MST
>> >> >>>> instance
>> >> >>>> I
>> >> >>>> then configured the following:
>> >> >>>>
>> >> >>>> SW1:
>> >> >>>>
>> >> >>>> Existing SPAN configs:
>> >> >>>>
>> >> >>>> !
>> >> >>>> monitor session 1 source interface Fa0/19
>> >> >>>> monitor session 1 destination interface Fa0/10
>> >> >>>> !
>> >> >>>>
>> >> >>>> SW2:
>> >> >>>>
>> >> >>>> !
>> >> >>>>
>> >> >>>> monitor session 1 source interface Fa0/19
>> >> >>>>
>> >> >>>> monitor session 1 destination remote vlan 150
>> >> >>>> !
>> >> >>>>
>> >> >>>> Attempt 1:
>> >> >>>>
>> >> >>>> Tried to add the following RSPAN source on SW1:
>> >> >>>>
>> >> >>>> monitor session 1 source remote vlan 150
>> >> >>>>
>> >> >>>> Received error:
>> >> >>>>
>> >> >>>> (config)#monitor session 1 source remote vlan 150
>> >> >>>> % Cannot add RSPAN VLAN as source for SPAN session 1 as it is
>> not a
>> >> >>>> RSPAN
>> >> >>>> Destination session
>> >> >>>>
>> >> >>>> Attempt 2:
>> >> >>>>
>> >> >>>> tried to add a second monitor session and it also failed:
>> >> >>>>
>> >> >>>> Great_Bend-SW1(config)#monitor session 2 source remote vlan 150
>> >> >>>> Great_Bend-SW1(config)#monitor session 2 dest int fa0/10
>> >> >>>> % Interface(s) Fa0/10 already configured as monitor destinations
>> in
>> >> >>>> other
>> >> >>>> monitor sessions
>> >> >>>>
>> >> >>>>
>> >> >>>>
>> >> >>>> Is there a way anyone can think of to monitor a local source
>> >> interface
>> >> >>>> and
>> >> >>>> remote vlan using the same destination? Is there an issue as to
>> why
>> >> it
>> >> >>>> cannot be done or is this something Cisco should update/allow in
>> an
>> >> >>>> IOS
>> >> >>>> code? I don't have an additional NIC on the monitoring server to
>> >> >>>> monitor
>> >> >>>> otherwise it would work.
>> >> >>>>
>> >> >>>>
>> >> >>>> Much appreciated !
>> >> >>>>
>> >> >>>>
>> >> >>>> Blogs and organic groups at http://www.ccie.net
>> >> >>>>
>> >> >>>> ______________________________**______________________________**
>> >> >>>> ___________
>> >> >>>> Subscription information may be found at:
>> >> >>>> http://www.groupstudy.com/**list/CCIELab.html<
>> >> http://www.groupstudy.com/list/CCIELab.html>
>> >> >>>>
>> >> >>>
>> >> >>> Blogs and organic groups at http://www.ccie.net
>> >> >>>
>> >> >>> ______________________________**______________________________**
>> >> >>> ___________
>> >> >>> Subscription information may be found at:
>> >> >>> http://www.groupstudy.com/**list/CCIELab.html<
>> >> http://www.groupstudy.com/list/CCIELab.html>
>> >> >>>
>> >> >>
>> >> >>
>> >> >> Blogs and organic groups at http://www.ccie.net
>> >> >>
>> >> >> ______________________________**______________________________**
>> >> >> ___________
>> >> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/**
>> >> >> list/CCIELab.html <http://www.groupstudy.com/list/CCIELab.html>
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >
>> >> >
>> >> > --
>> >> > Marc Abel
>> >> > CCIE #35470
>> >> > (Routing and Switching)
>> >> >
>> >> >
>> >> > Blogs and organic groups at http://www.ccie.net
>> >> >
>> >> >
>> _______________________________________________________________________
>> >> > Subscription information may be found at:
>> >> > http://www.groupstudy.com/list/CCIELab.html
>> >>
>> >>
>> >> Blogs and organic groups at http://www.ccie.net
>> >>
>> >> _______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Jun 29 2012 - 12:31:41 ART
This archive was generated by hypermail 2.2.0 : Sun Jul 01 2012 - 10:39:53 ART