Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

RSPAN need to configure on 6500, 4500

I have a seniro to configure RSPAN to monitor traffic for Web Sence

source is connected to 6509 and destination is connected to 4507R

6500 is configured as backbone with VSS configuration

and 4500 is used as a server farm both are connected each other via trunk link.

19 REPLIES
New Member

Re: RSPAN need to configure on 6500, 4500

Good, if you need monitoring traffic in the different switches you must use RSPAN

configuration you need it is below :

,,,,,,,,,,,,,

Example :

Destination is connected to 6509 in port f0/2  ( VTP Server mode )

Web server is connected to 4507R via port F0/1 ( VTP Clint modr)

first you must configure Remote Vlan to handled the traffic between two switches

6509 :

#vlan 2

(vlan)# remote span

exit

,,,,,

4507 :

#monitor session 1 source interface f0/1 (you can choose receive, send, both)

#monitor session 1 destination remote vlan 2

,,,,,,,,,,,,,,

6509:

#monitor session 1 source remote vlan 2

#monitor session 1 destination interface f0/2

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

show command :

show monitor session 1

Remember the port was destination (f0/2) can’t send any packet only received port

Hope this help

New Member

Re: RSPAN need to configure on 6500, 4500

Thanks for reply.

i would like to inform you that we are not using VTP Server, Client mode.

we are using normal vlans

As Source is connected to 6509 from there we need to send a copy of all triffic to WebSence i e connected to 4507R.

i think we need to configure same vlan on both switch.

example.

config 6509 # Vlan 150

config 4507 # Vlan 150

do we need to enable remote span on both switch ?

Please reply.....

New Member

Re: RSPAN need to configure on 6500, 4500

If you don’t use VTP,  you must create the same vlan in both switches and configure it as remote span
if you don’t tagged this vlan as remote span vlan the RSPAN will not work probably
As you say
config 6509 # Vlan 150
config 6509 (Vlan)#remote span

config 4507 # Vlan 150
config 4507 (Vlan)#remote span

And other configuration is the same before
That’s it

for more info , see picture attach

New Member

Re: RSPAN need to configure on 6500, 4500

Dear Khalid,

Currect me if i am wrong

in my senerio which will be the source?

6500 connected to firewall to reach internet

4500 connected to web sence server

if it is still right please let me know. thanks again for your reply....

4507 :

#monitor session 1 source  interface f0/1 (you can choose receive, send, both)

#monitor  session 1 destination remote vlan 2

,,,,,,,,,,,,,,

6509:

#monitor  session 1 source remote vlan 2

#monitor session 1  destination interface f0/2

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

New Member

Re: RSPAN need to configure on 6500, 4500

In your case , answer my question
Q1/ did you need copy of traffic that 6500 send it to firewall then send the copy to web senc server?

New Member

Re: RSPAN need to configure on 6500, 4500

Yes

As per their request they need a copy of all traffic to web sence server that

is forwording to firewall

New Member

Re: RSPAN need to configure on 6500, 4500

ok

6500 :


#monitor  session 1 source interface (port No. connect to firewall)

#monitor session 1  destination remote vlan (vlan ID)

4500 :

#monitor session 1 source  Remote vlan  (vlan ID)

#monitor  session 1 destination interface (web sence server)

,,,,,,,,,,,,,,,,,,,,,

Know web sence can’t send any traffic only received

if you try to ping after configuration the ping message (request time out) because web server port is destination port for RSPAN

But it will receive copy from all traffic

New Member

Re: RSPAN need to configure on 6500, 4500

Thanks for reply.

one last question is it going to be an enteruption

if we are going to implement in production hours ? i e working hours

New Member

Re: RSPAN need to configure on 6500, 4500

No problem you can do it in work hours

But if you need my recommendation , create vlan , and do it after work hours it will take 2 min
to be in safe side

New Member

Re: RSPAN need to configure on 6500, 4500

Thanks for reply...

we have small change in our configuration before firewall is connected to 6500. know this will be connected to WS-C3560-48PS-S switch.

i would like to know this switch is compatible with RSPAN Configuration?

New Member

Re: RSPAN need to configure on 6500, 4500

yes , 3560 compatible with RSPAN Configuration

New Member

Re: RSPAN need to configure on 6500, 4500

After applying below configuration i found i was unable to reach Web Sence server

ISS SAS

3560  :

config 3560 # Vlan 150

config 3560 #(Vlan)#remote span

config 3560 #monitor  session 1 source interface fa 0/41

config 3560 #monitor session 1  destination remote vlan 150

4500 :

config 4507 # Vlan 150

config 4507 #(Vlan)#remote span

config 4507 #monitor session 1 source  Remote vlan  150

config 4507 #monitor  session 1 destination interface gig 1/18

6500 :

config 6507 # Vlan 150

config 5607 #(Vlan)#remote span

Cisco Employee

Re: RSPAN need to configure on 6500, 4500

Hello,

On 4507 please try configuring ingress forwarding feature with the SPAN

configuration.

monitor session 1 destination interface gi 1/18 ingress

You might need to add the MAC address of the Web Sense server manually to

the MAC address table and the ARP table.

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/52sg/configur

ation/guide/span.html#wp1036989

Hope this helps.

Regards,

NT

New Member

Re: RSPAN need to configure on 6500, 4500

I was told you before the destination port will be received port only , so you cant ping , ... etc
The port will Only received copy of traffic.
,,,,
you can use two network adapter in Web Sence server ,,
One for received traffic (Destination in RSPAN)
Second port for management.

New Member

Re: RSPAN need to configure on 6500, 4500

i have done that also configuring

i dought it might be a bug in IOS on 4500

Our problem is once we implement configuration on 4507 where server is connected, we found that our connectivity is lost.

New Member

Re: RSPAN need to configure on 6500, 4500

Did you mean after configure RSPAN you can’t ping or access the server only? Or all your network have problem?

,,,,,,,,,,

New Member

Re: RSPAN need to configure on 6500, 4500

No, only  i can't able to reach web scene server once I implement RSPAN configuration

Cisco Employee

Re: RSPAN need to configure on 6500, 4500

Hello,

Is the ingress VLAN you are specifying in the monitor session configuration is same as the VLAN where the WebSense device should be? Also, have you configured static MAC address table entry for the WebSense server?

Mac address-table static

Hope this helps.

Regards,

NT

New Member

Re: RSPAN need to configure on 6500, 4500

In RSPAN the final destination port will be received port only , that mean you can’t access server.

So the final solution connect another  port and assign new IP for second port
That mean ,, you can take copy of traffic from port 1 (destination in RSPAN)
And you can access server from second port

2670
Views
3
Helpful
19
Replies