?
Solved

question in Port Mirroring

Posted on 2011-03-17
7
Medium Priority
?
543 Views
Last Modified: 2012-05-11
Hi i have two cisco switched 4500 . On switch A i have websense web monitor . On this Switch i have
HOUSWCORE1#sh monitor session 10
Session 10
----------
Type                   : Remote Destination Session
Source RSPAN VLAN : 999
Destination Ports      : Gi1/45


and the web monitoring works fine

On Switch B , i also have a websense. On this switch i see

DALSW0010#sh monitor session 5
Session 5
---------
Type              : Remote Destination Session
Source RSPAN VLAN : 999
Destination Ports : Gi4/1
    Encapsulation : Native
          Ingress : Disabled
         Learning : Disabled

and the web filter doesnt work . How do i enable ingress and learning ?
0
Comment
Question by:c_hockland
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 

Author Comment

by:c_hockland
ID: 35160870
actually the issue is that web filter on Switch B is not monitoring anything.
0
 
LVL 18

Accepted Solution

by:
decoleur earned 1000 total points
ID: 35162312
are you sure that the second switch has the RSPAN VLAN configured on it?

look at http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.1_19_ea1/configuration/guide/swspan.html#wp1200730

The RSPAN VLAN carries SPAN traffic between RSPAN source and destination sessions. It has these special characteristics:

•All traffic in the RSPAN VLAN is always flooded.

•No MAC address learning occurs on the RSPAN VLAN.

•RSPAN VLAN traffic only flows on trunk ports.

•RSPAN VLANs must be configured in VLAN configuration mode by using the remote-span VLAN configuration mode command.

•STP can run on RSPAN VLAN trunks but not on SPAN destination ports.

For VLANs 1 to 1005 that are visible to VLAN Trunking Protocol (VTP), the VLAN ID and its associated RSPAN characteristic are propagated by VTP. If you assign an RSPAN VLAN ID in the extended VLAN range (1006 to 4094), you must manually configure all intermediate switches.

It is normal to have multiple RSPAN VLANs in a network at the same time with each RSPAN VLAN defining a network-wide RSPAN session. That is, multiple RSPAN source sessions anywhere in the network can contribute packets to the RSPAN session. It is also possible to have multiple RSPAN destination sessions throughout the network, monitoring the same RSPAN VLAN and presenting traffic to the user. The RSPAN VLAN ID separates the sessions.

hope this helps,

-t
0
 
LVL 8

Assisted Solution

by:bsohn417
bsohn417 earned 1000 total points
ID: 35167222
is RSPAN VLAN trunked between these 2 SWs,
could you please post sh run | in moni

sh int trunk
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:c_hockland
ID: 35167503
will do.give a few plz
0
 

Author Comment

by:c_hockland
ID: 35168805
DALSW0010#sh run | in moni
monitor session 5 destination interface Gi4/1
monitor session 5 source remote vlan 999
0
 
LVL 18

Expert Comment

by:decoleur
ID: 35169205
do a sho int trunk on both switches and show vlan to confirm that the rspan vlan is on both switches.
0
 
LVL 18

Expert Comment

by:decoleur
ID: 35169234
the port spanning appears to be fine it is just the local implementation of vlans that needs to be looked at.
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question