SPAN session question on two 6509s

Unanswered Question
Mar 13th, 2009
User Badges:

I have two 6509 switch connected via a fiber trunk on the SUP blade.


All vlans are trunked on this trunk.


Both switches have monitor sessions set up on them and I am getting an error trying to create an additional one.


I am thinking I can remove one of them cecause it looks redundant to me:


Switch 1

monitor session 1 source vlan 1 , 5 , 10 - 249

monitor session 1 destination remote vlan 998


monitor session 3 source vlan 250

monitor session 3 destination remote vlan 251


Switch 2

monitor session 1 source vlan 1 , 10 - 249 rx

monitor session 1 destination interface Gi8/40


monitor session 2 source interface Gi8/19

monitor session 2 destination interface Fa4/40


monitor session 6 destination interface Gi8/21

monitor session 6 source remote vlan 251




If switch 2 is monitoring all vlans and is detined for port g8/40, this should collect all information on both switches if all vlans are trunked, correct?


This means I could remove monitor session 1 on switch one (detined for vlan 998) because this would be collected on the other monitor session, correct?


Also, I do not see any ports in vlan 998, how would I collect anything from that monitor session?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
wilson_1234_2 Fri, 03/13/2009 - 06:57
User Badges:

Correct,


But is my thinking correct also in that since I am spanning the vlans on switch 2 and all vlans are trunked, the remote span on switch 1 to vlan 998 is redundant?


Is that correct?


Also, on my destination port, does this have to be in any particulr vlan?


For example if it is a workstation that will be collecting, the destination port needs to be in the workstation vlan?

Giuseppe Larosa Fri, 03/13/2009 - 10:29
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Richard,

the destination port doesn't need to be in the remote span vlan.

the remote span vlan is a logical pipe to carry captured traffic using the remote span vlan vlan-id on trunk ports from source switch to destination switch.


on destination switch the remote span vlan is declared the source of the monitor session and so it can be associated to a port that doesn't need to be in the rspan vlan.


Hope to help

Giuseppe


Actions

This Discussion