Solved

question in Port Mirroring

Posted on 2011-03-17
7
535 Views
Last Modified: 2012-05-11
Hi i have two cisco switched 4500 . On switch A i have websense web monitor . On this Switch i have
HOUSWCORE1#sh monitor session 10
Session 10
----------
Type                   : Remote Destination Session
Source RSPAN VLAN : 999
Destination Ports      : Gi1/45


and the web monitoring works fine

On Switch B , i also have a websense. On this switch i see

DALSW0010#sh monitor session 5
Session 5
---------
Type              : Remote Destination Session
Source RSPAN VLAN : 999
Destination Ports : Gi4/1
    Encapsulation : Native
          Ingress : Disabled
         Learning : Disabled

and the web filter doesnt work . How do i enable ingress and learning ?
0
Comment
Question by:c_hockland
  • 3
  • 3
7 Comments
 

Author Comment

by:c_hockland
ID: 35160870
actually the issue is that web filter on Switch B is not monitoring anything.
0
 
LVL 18

Accepted Solution

by:
decoleur earned 250 total points
ID: 35162312
are you sure that the second switch has the RSPAN VLAN configured on it?

look at http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.1_19_ea1/configuration/guide/swspan.html#wp1200730

The RSPAN VLAN carries SPAN traffic between RSPAN source and destination sessions. It has these special characteristics:

•All traffic in the RSPAN VLAN is always flooded.

•No MAC address learning occurs on the RSPAN VLAN.

•RSPAN VLAN traffic only flows on trunk ports.

•RSPAN VLANs must be configured in VLAN configuration mode by using the remote-span VLAN configuration mode command.

•STP can run on RSPAN VLAN trunks but not on SPAN destination ports.

For VLANs 1 to 1005 that are visible to VLAN Trunking Protocol (VTP), the VLAN ID and its associated RSPAN characteristic are propagated by VTP. If you assign an RSPAN VLAN ID in the extended VLAN range (1006 to 4094), you must manually configure all intermediate switches.

It is normal to have multiple RSPAN VLANs in a network at the same time with each RSPAN VLAN defining a network-wide RSPAN session. That is, multiple RSPAN source sessions anywhere in the network can contribute packets to the RSPAN session. It is also possible to have multiple RSPAN destination sessions throughout the network, monitoring the same RSPAN VLAN and presenting traffic to the user. The RSPAN VLAN ID separates the sessions.

hope this helps,

-t
0
 
LVL 8

Assisted Solution

by:bsohn417
bsohn417 earned 250 total points
ID: 35167222
is RSPAN VLAN trunked between these 2 SWs,
could you please post sh run | in moni

sh int trunk
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 

Author Comment

by:c_hockland
ID: 35167503
will do.give a few plz
0
 

Author Comment

by:c_hockland
ID: 35168805
DALSW0010#sh run | in moni
monitor session 5 destination interface Gi4/1
monitor session 5 source remote vlan 999
0
 
LVL 18

Expert Comment

by:decoleur
ID: 35169205
do a sho int trunk on both switches and show vlan to confirm that the rspan vlan is on both switches.
0
 
LVL 18

Expert Comment

by:decoleur
ID: 35169234
the port spanning appears to be fine it is just the local implementation of vlans that needs to be looked at.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

4 Experts available now in Live!

Get 1:1 Help Now