Solved

question in Port Mirroring

Posted on 2011-03-17
7
540 Views
Last Modified: 2012-05-11
Hi i have two cisco switched 4500 . On switch A i have websense web monitor . On this Switch i have
HOUSWCORE1#sh monitor session 10
Session 10
----------
Type                   : Remote Destination Session
Source RSPAN VLAN : 999
Destination Ports      : Gi1/45


and the web monitoring works fine

On Switch B , i also have a websense. On this switch i see

DALSW0010#sh monitor session 5
Session 5
---------
Type              : Remote Destination Session
Source RSPAN VLAN : 999
Destination Ports : Gi4/1
    Encapsulation : Native
          Ingress : Disabled
         Learning : Disabled

and the web filter doesnt work . How do i enable ingress and learning ?
0
Comment
Question by:c_hockland
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 

Author Comment

by:c_hockland
ID: 35160870
actually the issue is that web filter on Switch B is not monitoring anything.
0
 
LVL 18

Accepted Solution

by:
decoleur earned 250 total points
ID: 35162312
are you sure that the second switch has the RSPAN VLAN configured on it?

look at http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.1_19_ea1/configuration/guide/swspan.html#wp1200730

The RSPAN VLAN carries SPAN traffic between RSPAN source and destination sessions. It has these special characteristics:

•All traffic in the RSPAN VLAN is always flooded.

•No MAC address learning occurs on the RSPAN VLAN.

•RSPAN VLAN traffic only flows on trunk ports.

•RSPAN VLANs must be configured in VLAN configuration mode by using the remote-span VLAN configuration mode command.

•STP can run on RSPAN VLAN trunks but not on SPAN destination ports.

For VLANs 1 to 1005 that are visible to VLAN Trunking Protocol (VTP), the VLAN ID and its associated RSPAN characteristic are propagated by VTP. If you assign an RSPAN VLAN ID in the extended VLAN range (1006 to 4094), you must manually configure all intermediate switches.

It is normal to have multiple RSPAN VLANs in a network at the same time with each RSPAN VLAN defining a network-wide RSPAN session. That is, multiple RSPAN source sessions anywhere in the network can contribute packets to the RSPAN session. It is also possible to have multiple RSPAN destination sessions throughout the network, monitoring the same RSPAN VLAN and presenting traffic to the user. The RSPAN VLAN ID separates the sessions.

hope this helps,

-t
0
 
LVL 8

Assisted Solution

by:bsohn417
bsohn417 earned 250 total points
ID: 35167222
is RSPAN VLAN trunked between these 2 SWs,
could you please post sh run | in moni

sh int trunk
0
How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

 

Author Comment

by:c_hockland
ID: 35167503
will do.give a few plz
0
 

Author Comment

by:c_hockland
ID: 35168805
DALSW0010#sh run | in moni
monitor session 5 destination interface Gi4/1
monitor session 5 source remote vlan 999
0
 
LVL 18

Expert Comment

by:decoleur
ID: 35169205
do a sho int trunk on both switches and show vlan to confirm that the rspan vlan is on both switches.
0
 
LVL 18

Expert Comment

by:decoleur
ID: 35169234
the port spanning appears to be fine it is just the local implementation of vlans that needs to be looked at.
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Linksys e2500 wireless router - should I upgrade 6 63
Hit router interface limit 7 68
Cisco ASA 5512-X Active/Standby HA 4 34
Install module in switch 4507 2 35
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question