A9K SPAN

Unanswered Question
Jun 12th, 2012

monitor.jpg              

Two DNS Server connected to two ASR9K,g0/0/0/1 and g0/0/0/2,

Q: I want to monitor DNS Server traffic in and out. and Port spanning  four ethernet port of two DNS Server to one destination port.

      Can I use a switch connected two ASR9K. and I monitor asr9k,g0/0/0/1 and g0/0/0/2 to destination g0/0/0/3.100 at each Asr9k.

      now the monitor traffic carry through the switch to the sniffer? or can you give me your advise,thx.

here is the config

asr9k_R1:

monitor-session DNS

destination interface g0/0/0/3.100

interface g0/0/0/1 l2transport

monitor-session DNS

interface g0/0/0/2 l2transport

monitor-session DNS

interface g0/0/0/3.100 l2transport

encapsulation dot1q 100

rewrite ingress tag pop 1

asr9k_R2:

monitor-session DNS

destination interface g0/0/0/3.100

interface g0/0/0/1 l2transport

monitor-session DNS

interface g0/0/0/2 l2transport

monitor-session DNS

interface g0/0/0/3.100 l2transport

encapsulation dot1q 100

rewrite ingress tag pop 1

switch:

int f0/24

des connected to sniffer_server

sw mo acc sw acc vlan 100

int f0/1

des connected to asr9k_r1

sw mode trunk

sw trun en dot1q

int f0/2

des connected to asr9k_r2

sw mode trunk

sw trunk en dot1q

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (2 ratings)
akiritch Mon, 06/18/2012 - 00:11

Hello Jiannan,

Yes, you can have a switch for R-SPAN and you configuration with a vlan tag rewrite is correct.

I don’t think we need a span session on that switch. ASR9k mirror all traffic pushing vlan tag 100 and sending it out of g0/0/0/3.100.

The switch would flood it back to the 2nd ASR9k (the traffic would be dropped there assuming g0/0/0/3.100 is not participating in any L2VPN) and flood it to the sniffer popping VLAN tag 100.

Regards,

/A

Actions

Login or Register to take actions

This Discussion

Posted June 12, 2012 at 7:57 AM
Stats:
Replies:2 Avg. Rating:5
Views:514 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard