03-19-2009 04:07 AM - edited 03-06-2019 04:41 AM
Hello,
I have the following setup and i would like to be sure that the reasoning & configuration is correct:
2 aggregation switches A & B are connected via a trunk and are redundant. we have 1 IDS that is going to be connected only to switch A. we would like to monitor the incoming traffic. Thus I am planning to configure RSPAN as the attached configuration.
correct me if it's wrong.
thank you
Jean
03-19-2009 03:37 PM
One thing you missed is "monitor session 3 destination remote vlan 300 reflector-port Fa x/y" where Fa x/y is any unused port.
I did not use your way to configure RSPAN. Therefore, I can not comment.
I did use the following config to do RSPAN and I know it works. vlan 900 is rspan vlan.
switch-1
monitor session 1 source vlan 20 rx
monitor session 1 destination remote vlan 900 reflector-port Fa0/3
switch-2 (IDS connected to Fa0/1)
monitor session 1 source vlan 10 , 900 rx
monitor session 1 destination interface Fa0/1
03-21-2009 02:04 AM
Hi,
i didn't understand where to put this command and for what ?
can you please elaborate?
thank you.
Jean
03-21-2009 06:33 AM
Hello Jean,
for sure you don't need to put in the remote span vlan the destination port.
And you don't need to configure a second session with destination rspan on switchA.
This is not requested and not done usually.
Depending on the switch platform and model remote span may require to use a physical port as a "mirror" this port is not usable and takes part in the remote span solution.
This is the meaning of reflector port
I try to guess you have C3750 switches.
Have a look at the config guide
I don't see the need for the reflection port but this can be also IOS dependent.
Hope to help
Giuseppe
03-21-2009 11:04 AM
Hi Jean,
Giuseppe has pointed to the reason. Thanks Giuseppe.
I configured RSPAN on 3550. It looks like differenct from 3750. So you don't need "reflector-port".
03-21-2009 11:15 AM
thanks Guys !!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: