A9K SPAN

Unanswered Question
Jun 12th, 2012
User Badges:

monitor.jpg              

Two DNS Server connected to two ASR9K,g0/0/0/1 and g0/0/0/2,

Q: I want to monitor DNS Server traffic in and out. and Port spanning  four ethernet port of two DNS Server to one destination port.

      Can I use a switch connected two ASR9K. and I monitor asr9k,g0/0/0/1 and g0/0/0/2 to destination g0/0/0/3.100 at each Asr9k.

      now the monitor traffic carry through the switch to the sniffer? or can you give me your advise,thx.


here is the config


asr9k_R1:

monitor-session DNS

destination interface g0/0/0/3.100


interface g0/0/0/1 l2transport

monitor-session DNS


interface g0/0/0/2 l2transport

monitor-session DNS


interface g0/0/0/3.100 l2transport

encapsulation dot1q 100

rewrite ingress tag pop 1


asr9k_R2:

monitor-session DNS

destination interface g0/0/0/3.100


interface g0/0/0/1 l2transport

monitor-session DNS


interface g0/0/0/2 l2transport

monitor-session DNS


interface g0/0/0/3.100 l2transport

encapsulation dot1q 100

rewrite ingress tag pop 1


switch:

int f0/24

des connected to sniffer_server

sw mo acc sw acc vlan 100


int f0/1

des connected to asr9k_r1

sw mode trunk

sw trun en dot1q


int f0/2

des connected to asr9k_r2

sw mode trunk

sw trunk en dot1q

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Chenjiannan Tue, 06/12/2012 - 08:02
User Badges:

another question:Does the switch need to config the port span ?

Alexei Kiritchenko Mon, 06/18/2012 - 00:11
User Badges:
  • Cisco Employee,

Hello Jiannan,

Yes, you can have a switch for R-SPAN and you configuration with a vlan tag rewrite is correct.


I don’t think we need a span session on that switch. ASR9k mirror all traffic pushing vlan tag 100 and sending it out of g0/0/0/3.100.

The switch would flood it back to the 2nd ASR9k (the traffic would be dropped there assuming g0/0/0/3.100 is not participating in any L2VPN) and flood it to the sniffer popping VLAN tag 100.


Regards,

/A

Actions

This Discussion