VLAN Subinterface

Unanswered Question
Jan 2nd, 2008

I have setup a voice recorder to record the Cisco IP phone calls on my network. We have 6 buildings interconnected by fiber, and all the voice traffic is on VLAN5. So on my remote switches (all 3560s) I have

mon sess 1 source vlan 5

In the switch were the recorder is I created a new Vlan, Vlan 20. So also on the remote switches I added

mon sess 1 dest remote vlan 20

All good so far. But now I am stumped. I need to 'route' Vlan 20 to a 'subinterface' on the main 3560. How do I do that?? Plus I would like to capture the IP phone traffic on this switch to...I tried

mon sess 1 source vlan 20

mon sess 1 dest remote vlan 5

but it didn't like that.

All my devices (including phones) are in the 192.168.x.y range (phones are in the 5, switches in 7, PCs in 10, etc.)

Let me know if this is enough info.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
Richard Burts Wed, 01/02/2008 - 10:57

Doug

I am not sure about your statement about needing subinterfaces on the VLAN of your switch. It seems to me that to route between vlans what you need is interface vlan 5 with its IP address and then interface vlan 20 with its interface, and verify that ip routing is enabled on the switch. That should allow you to route between the VLANs.

Having said that I wonder if you really need "routing" between the subnets. If you are trying to set up a monitor session with the source in vlan 5 and the destination in vlan 20 it does not require routing between the vlans for this to work. You just need to be sure that trunking is enabled between the switches and that the trunk is carrying both vlan 5 and vlan 20.

If there is something that I have not correctly understood then perhaps you can clarify for me.

HTH

Rick

townofnewmarket Wed, 01/02/2008 - 11:09

Well I agree with most of what you are saying. but on the switch with the voice recorder I have

mon sess 1 source vlan 20

mon sess 1 dest int fa0/14

(note on other REMOTE switches I have)

mon sess 1 source vlan 5

mon sess 1 dest remote vlan 20

So how does port 14 know he is the owner of VLan 20? I have this on fa0/14

switchport access vlan 20

Is that enough? How do I know if the the trunk is carrying both vlan 5 and 20? If I do

show vlan id 20

I get this: (abridged)

active ports fa0/14, fa0/24, gi0/2

remote span vlan is disabled

Richard Burts Wed, 01/02/2008 - 11:42

Doug

I am not sure that port 14 knows that he is associated with vlan 20 (or that it needs to know). My understanding of the monitor/span function is that when you assign a port as the monitor destination it no longer functions as an access port and does not have the normal vlan association. The switch sends the monitor output to the port.

In the output that you posted I notice that remote span vlan is disabled. I suspect that you will need it enabled for your monitor to work.

HTH

Rick

Richard Burts Wed, 01/02/2008 - 13:32

Doug

It gets a little confusing because on some of the bigger Catalyst switches there was a SPAN and RSPAN command where the same functions on your switch use the monitor command.

But yes what you need is span and rspan which are configured using the monitor command on your switch. The link that John posted is pretty good and should help you understand what you need to configure to get this going.

HTH

Rick

Actions

This Discussion