Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1574
Views
5
Helpful
4
Replies

Port mirroring on 3550's in stack

Go to solution
vemulabhanu
Level 1
Level 1

‎08-31-2006 10:14 PM - edited ‎03-03-2019 04:46 AM

Hi all,

I have two 3550's connected in a stack using gig ports. I wanna moniter port fa0/1 of switch one and fa0/1 of switch two traffic on port fa0/4 of switch one. I wanna to know if i can configure RSPAN to do that. Please let me know how to do it. Thanks for your help

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
leonvd79
Level 4
Level 4

‎08-31-2006 10:53 PM

Hello,

Yes, what you want is possible with RSPAN.

Create a RSPAN VLAN, let's say VLAN 500 on both switches.

conf t

vlan 500

remote-span

end

Configure the port you want to copy frames from into the RSPAN VLAN.

monitor session 1 source interface FastEthernet0/1

monitor session 1 destination remote vlan 500 reflector-port FastEthernet0/24

Finally configure a session that copies the frames from the RSPAN VLAN into the port with sniffer attached.

monitor session 2 source remote vlan 500

monitor session 2 destination interface FastEthernet0/5

Verify your configuration.

show monitor session all

HTH

--Leon

* Please rate posts.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
leonvd79
Level 4
Level 4

‎08-31-2006 10:53 PM

Hello,

Yes, what you want is possible with RSPAN.

Create a RSPAN VLAN, let's say VLAN 500 on both switches.

conf t

vlan 500

remote-span

end

Configure the port you want to copy frames from into the RSPAN VLAN.

monitor session 1 source interface FastEthernet0/1

monitor session 1 destination remote vlan 500 reflector-port FastEthernet0/24

Finally configure a session that copies the frames from the RSPAN VLAN into the port with sniffer attached.

monitor session 2 source remote vlan 500

monitor session 2 destination interface FastEthernet0/5

Verify your configuration.

show monitor session all

HTH

--Leon

* Please rate posts.

0 Helpful

Go to solution
vemulabhanu
Level 1
Level 1
In response to leonvd79

‎08-31-2006 11:21 PM

Hi Leon

Thanks for your reply. I have small confusion here. My problem is

Switch 1 and switch 2 (3550's) are connected in a stack using gig ports. Now I want to moniter ports fa0/1 of both the switches on fa0/4 of switch 1. So is it possible to keep fa0/1 of switch 1 in the RSPAN vlan. My IDS is connected to port fa0/4 for switch 1. SO i want to send all the traffic on fa0/1 of both the switches in stack to fa0/4 of switch 1. If so could you please let me know the configuration.

Thanks for your help.

Bhanu

0 Helpful

Go to solution
leonvd79
Level 4
Level 4
In response to vemulabhanu

‎08-31-2006 11:32 PM

Hello Bhanu,

The configuration is quite simple.

Switch 1

vlan 500

remote-span

exit

monitor session 1 source interface FastEthernet0/1

monitor session 1 destination remote vlan 500 reflector-port FastEthernet0/24

monitor session 2 source remote vlan 500

monitor session 2 destination interface FastEthernet0/4

Switch 2

vlan 500

remote-span

exit

monitor session 1 source interface FastEthernet0/1

monitor session 1 destination remote vlan 500 reflector-port FastEthernet0/24

Switchport Fa0/1 frames are copied onto VLAN 500 by reflector-port Fa0/24 on both Switch 1 and Switch 2. On Switch 1 the frames are copied from VLAN 500 to Fa0/4 where your IDS resided.

HTH

--Leon

* Please rate posts.

Go to solution
vemulabhanu
Level 1
Level 1
In response to leonvd79

‎09-01-2006 03:03 PM

Hi Leon

I for it done and thanx for your kind help. Keep going on

Bhanu

0 Helpful
Customers Also Viewed These Support Documents