?
Solved

Port mirroring (monitor) across cisco switches

Posted on 2012-04-12
2
Medium Priority
?
868 Views
Last Modified: 2012-04-12
Hi Team,

I'm trying to monitor a port from a cisco switch, the problem is that my destination port for receiving the packets is in another switch. I have done the following and I can't get it to work. I created a vlan 15 for RSPAN on the server VTP core switch so that its populated to all the client switched (6 switches in total). After doing that I created a session in my source switch (which has the port that I would like to mirror) as follows
monitor session 1 source int fa0/20
monitor session 1 dest remote vlan 15

On my destination switch I did the following:
monitor session 1 source remote vlan 15
monitor session 1 dest int fa0/1

Now if I did this correctly when I sniff the traffic on that port fa0/1 i should see everything that is happing in the source switch on int fa 0/20.

For some reason this is not working, is there anything that I'm missing here?

Thank you
0
Comment
Question by:exTechnology
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 15

Accepted Solution

by:
Nayyar HH (CCIE RS) earned 2000 total points
ID: 37839466
Have you applied the following

vlan 15
remote-span


Also go over the guidlines below (reference Cisco.com)


RSPAN Configuration Guidelines

•All the items in the "SPAN Configuration Guidelines" section apply to RSPAN.

•As RSPAN VLANs have special properties, you should reserve a few VLANs across your network for use as RSPAN VLANs; do not assign access ports to these VLANs.

•You can apply an output ACL to RSPAN traffic to selectively filter or monitor specific packets. Specify these ACLs on the RSPAN VLAN in the RSPAN source switches.

•For RSPAN configuration, you can distribute the source ports and the destination ports across multiple switches in your network.

•RSPAN does not support BPDU packet monitoring or other Layer 2 switch protocols.

•The RSPAN VLAN is configured only on trunk ports and not on access ports. To avoid unwanted traffic in RSPAN VLANs, make sure that the VLAN remote-span feature is supported in all the participating switches.

•Access ports (including voice VLAN ports) on the RSPAN VLAN are put in the inactive state.

•RSPAN VLANs are included as sources for port-based RSPAN sessions when source trunk ports have active RSPAN VLANs. RSPAN VLANs can also be sources in SPAN sessions. However, since the switch does not monitor spanned traffic, it does not support egress spanning of packets on any RSPAN VLAN identified as the destination of an RSPAN source session on the switch.

•You can configure any VLAN as an RSPAN VLAN as long as these conditions are met:

–The same RSPAN VLAN is used for an RSPAN session in all the switches.

–All participating switches support RSPAN.

•We recommend that you configure an RSPAN VLAN before you configure an RSPAN source or a destination session.

•If you enable VTP and VTP pruning, RSPAN traffic is pruned in the trunks to prevent the unwanted flooding of RSPAN traffic across the network for VLAN IDs that are lower than 1005.



Finally, I *think* vtp mode transparent might be needed ?!??
0
 
LVL 2

Author Comment

by:exTechnology
ID: 37839702
I was missing the remote-span command on the vlan.
Thx!
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question