Port mirroring on 3550's in stack

Answered Question
Aug 31st, 2006
User Badges:

Hi all,


I have two 3550's connected in a stack using gig ports. I wanna moniter port fa0/1 of switch one and fa0/1 of switch two traffic on port fa0/4 of switch one. I wanna to know if i can configure RSPAN to do that. Please let me know how to do it. Thanks for your help

Correct Answer by leonvd79 about 10 years 11 months ago

Hello,


Yes, what you want is possible with RSPAN.


Create a RSPAN VLAN, let's say VLAN 500 on both switches.


conf t

vlan 500

remote-span

end


Configure the port you want to copy frames from into the RSPAN VLAN.


monitor session 1 source interface FastEthernet0/1

monitor session 1 destination remote vlan 500 reflector-port FastEthernet0/24


Finally configure a session that copies the frames from the RSPAN VLAN into the port with sniffer attached.


monitor session 2 source remote vlan 500

monitor session 2 destination interface FastEthernet0/5


Verify your configuration.


show monitor session all


HTH


--Leon


* Please rate posts.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
leonvd79 Thu, 08/31/2006 - 22:53
User Badges:
  • Silver, 250 points or more

Hello,


Yes, what you want is possible with RSPAN.


Create a RSPAN VLAN, let's say VLAN 500 on both switches.


conf t

vlan 500

remote-span

end


Configure the port you want to copy frames from into the RSPAN VLAN.


monitor session 1 source interface FastEthernet0/1

monitor session 1 destination remote vlan 500 reflector-port FastEthernet0/24


Finally configure a session that copies the frames from the RSPAN VLAN into the port with sniffer attached.


monitor session 2 source remote vlan 500

monitor session 2 destination interface FastEthernet0/5


Verify your configuration.


show monitor session all


HTH


--Leon


* Please rate posts.



vemulabhanu Thu, 08/31/2006 - 23:21
User Badges:

Hi Leon


Thanks for your reply. I have small confusion here. My problem is


Switch 1 and switch 2 (3550's) are connected in a stack using gig ports. Now I want to moniter ports fa0/1 of both the switches on fa0/4 of switch 1. So is it possible to keep fa0/1 of switch 1 in the RSPAN vlan. My IDS is connected to port fa0/4 for switch 1. SO i want to send all the traffic on fa0/1 of both the switches in stack to fa0/4 of switch 1. If so could you please let me know the configuration.


Thanks for your help.


Bhanu

leonvd79 Thu, 08/31/2006 - 23:32
User Badges:
  • Silver, 250 points or more

Hello Bhanu,


The configuration is quite simple.


Switch 1


vlan 500

remote-span

exit

monitor session 1 source interface FastEthernet0/1

monitor session 1 destination remote vlan 500 reflector-port FastEthernet0/24

monitor session 2 source remote vlan 500

monitor session 2 destination interface FastEthernet0/4


Switch 2


vlan 500

remote-span

exit

monitor session 1 source interface FastEthernet0/1

monitor session 1 destination remote vlan 500 reflector-port FastEthernet0/24


Switchport Fa0/1 frames are copied onto VLAN 500 by reflector-port Fa0/24 on both Switch 1 and Switch 2. On Switch 1 the frames are copied from VLAN 500 to Fa0/4 where your IDS resided.


HTH


--Leon


* Please rate posts.

vemulabhanu Fri, 09/01/2006 - 15:03
User Badges:

Hi Leon


I for it done and thanx for your kind help. Keep going on


Bhanu

Actions

This Discussion