SPAN problem on CAT55 with RSM

Hi everybody,

We'd like to monitor multiple VLANs traffic from Cat5509 switch to its backplane (RSM).

Is there possible to configure "set SPAN" on this switch for IDS appliance (not IDSM)?

We tested to be found only native VLAN traffic (like as broadcast, HSRP and UDP traffic) from sniffer after executed the following line:

#switch port analyzer

set span 4/1 5/18 both inpkts disable learning enable multicast enable create end


Console> (enable) sh span

Destination : Port 5/18

Admin Source : Port 4/1

Oper Source : Port 4/1

Direction : transmit/receive

Incoming Packets: disabled

Learning : enabled

Multicast : enabled

Appreciate if you have any comments!



Re: SPAN problem on CAT55 with RSM

I am not that familiar with the Cat 5509, but with the Cat 6500 you would want to make the 5/18 port a dot1q trunk port for each of the vlans you want to monitor, and then execute the set span command.

With the Cat 6500 if you don't make the port a trunk port then it still sees the same packets, but all of the packets are sent without dot1q headers so the sensor won't know what vlan they came from. If you make the port a dot1q trunk port and then turn on the span then the same packets are transmitted with dot1q headers to designate the vlan.

Re: SPAN problem on CAT55 with RSM

Thanks for your response and sharing experience. I will have to seek TAC helps. :=)



