sunhux
asked on
Adding additional SPAN port on Cisco switch 2950 not supported : to trunk/cascade with a C2960 without downtime
Currently on one of our Prod Cisco 2950, I have a SPAN port configured
& an IPS device is connected to this SPAN port . I'm not sure if this SPAN
port is sniffing all traffic that pass thru this switch (ie its backplane?) or
only "monitor source" of a specific port only.
Q1:
What's the command to find out if this SPAN port is mirroring one port
only (ie sniffing traffic for 1 port only) or sniffing all traffic that passes
thru the entire switch?
Q2:
I need to add another promiscuous (ie Layer 2) device urgently to
a SPAN port on this switch which collects some other data but
this pair of "trunked-together" Cisco 2950 could only support 1
SPAN port. I have a spare Cisco 2960, so how can I cascade or
trunk this spare 2960 (which supports more than 1 SPAN port -
we've tested that) without causing any downtime to the devices
on this pair of 2950 switches (IPS can be taken out for 30 minutes
to the newly trunked/cascaded 2960)
Kindly give as detailed commands, steps & instructions
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Wonderful.
So Otto_N, with RSPAN (remote span), I don't have to move the IPS device
(or any servers/equipment) which is (are) currently connected to the pair
of 2950s?
ASKER
Btw Otto, Soulja mentioned that "port fast turned off on that uplink port"
so what's the syntax that we need to add for the uplink interface?
I suppose we don't need to do this on the downlink interface?
ASKER
After configuring RSPAN, connecting a laptop running WireShark to
the SPAN port on the new 2960 showed hardly any traffic. What
could be the reason?
ASKER
The Wireshark only displayed multicast & broadcast traffic, so
we're quite curious if there's anything wrong with the way we
trunk the 2960 to the 2950?
ASKER
When I googled for "RSPAN forward multicast traffic", there's some
mention about RSPAN with 2950, so what should I do. My current
production (which I can't bring down) is a pair of 2950 & I have a pair
of 2960s only (& no other spare switches)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks v much
ASKER
Would u be able to provide sample configs for the uplink & downlink ports?
Downlink port on the 2950 & uplink port on 2960?
Or it's just a matter of using cross cables to link the 2960 to the
pair of 2950s & no configuration needed?
Pardon me, as I'm quite a newbie : how do I enable spanning
tree & on which switches do I issue this command (pls provide)
to enable spanning tree?