?
Solved

question in Port Mirroring

Posted on 2011-03-17
7
Medium Priority
?
555 Views
Last Modified: 2012-05-11
Hi i have two cisco switched 4500 . On switch A i have websense web monitor . On this Switch i have
HOUSWCORE1#sh monitor session 10
Session 10
----------
Type                   : Remote Destination Session
Source RSPAN VLAN : 999
Destination Ports      : Gi1/45


and the web monitoring works fine

On Switch B , i also have a websense. On this switch i see

DALSW0010#sh monitor session 5
Session 5
---------
Type              : Remote Destination Session
Source RSPAN VLAN : 999
Destination Ports : Gi4/1
    Encapsulation : Native
          Ingress : Disabled
         Learning : Disabled

and the web filter doesnt work . How do i enable ingress and learning ?
0
Comment
Question by:c_hockland
  • 3
  • 3
7 Comments
 

Author Comment

by:c_hockland
ID: 35160870
actually the issue is that web filter on Switch B is not monitoring anything.
0
 
LVL 18

Accepted Solution

by:
decoleur earned 1000 total points
ID: 35162312
are you sure that the second switch has the RSPAN VLAN configured on it?

look at http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.1_19_ea1/configuration/guide/swspan.html#wp1200730

The RSPAN VLAN carries SPAN traffic between RSPAN source and destination sessions. It has these special characteristics:

•All traffic in the RSPAN VLAN is always flooded.

•No MAC address learning occurs on the RSPAN VLAN.

•RSPAN VLAN traffic only flows on trunk ports.

•RSPAN VLANs must be configured in VLAN configuration mode by using the remote-span VLAN configuration mode command.

•STP can run on RSPAN VLAN trunks but not on SPAN destination ports.

For VLANs 1 to 1005 that are visible to VLAN Trunking Protocol (VTP), the VLAN ID and its associated RSPAN characteristic are propagated by VTP. If you assign an RSPAN VLAN ID in the extended VLAN range (1006 to 4094), you must manually configure all intermediate switches.

It is normal to have multiple RSPAN VLANs in a network at the same time with each RSPAN VLAN defining a network-wide RSPAN session. That is, multiple RSPAN source sessions anywhere in the network can contribute packets to the RSPAN session. It is also possible to have multiple RSPAN destination sessions throughout the network, monitoring the same RSPAN VLAN and presenting traffic to the user. The RSPAN VLAN ID separates the sessions.

hope this helps,

-t
0
 
LVL 8

Assisted Solution

by:bsohn417
bsohn417 earned 1000 total points
ID: 35167222
is RSPAN VLAN trunked between these 2 SWs,
could you please post sh run | in moni

sh int trunk
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:c_hockland
ID: 35167503
will do.give a few plz
0
 

Author Comment

by:c_hockland
ID: 35168805
DALSW0010#sh run | in moni
monitor session 5 destination interface Gi4/1
monitor session 5 source remote vlan 999
0
 
LVL 18

Expert Comment

by:decoleur
ID: 35169205
do a sho int trunk on both switches and show vlan to confirm that the rspan vlan is on both switches.
0
 
LVL 18

Expert Comment

by:decoleur
ID: 35169234
the port spanning appears to be fine it is just the local implementation of vlans that needs to be looked at.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question