I have problem with RSPAN monitoring session over multiply switches.
My configuration is like this:
|catalyst1 2960|---|some switch1|---|some switch2|---|catalyst2 2960|
catalysts is under my control, while some switch 1 and 2 under control of other admins. Probably, "some switches" is HP switches.
vlan 100 span this switches and operates correctly.
monitor session 1 source vlan 123
monitor session 1 destination remote vlan 100
monitor session 2 destination interface Fa0/1
monitor session 2 source remote vlan 100
However, traffic from vlan 123 is not reaching remote destination port. What is the problem?
Please let me know that some sw1 and some sw2 already know about vlan 100. How are 4 switches connecting? Trunk? Access?
remote span could be a Cisco proprietary feature.
the remote-span command instructs the switches to disable MAC address learning.
However you need a clean L2 path end to end with vlan 100 defined on all links in the list of permitted vlans and all links have to be trunk ports.
in the CCO configuration examples also the switches in the middle define the vlan as remote-span vlan.
You can configure any VLAN as an RSPAN VLAN as long as these conditions are met:
-The same RSPAN VLAN is used for an RSPAN session in all the switches.
>>>-All participating switches support RSPAN.
So I'm afraid you cannot go through the two HP switches
Hope to help
Yes, you right.
>>All participating switches support RSPAN
This is clearly defined.
So any ideas about how to monitor traffic on vlan 123?
the only possible option is a local span with a sniffer connected to the destination port of the first C2960.
for a short time capture you can think to use a laptop with wireshark (ethereal) installed.
hint: if you have a PC with two NICs you can control it remotely.
Hope to help
Can I allow Vlan123 go through Cat1->someSw1->someSw2->Cat2? I will then do a span-port(Locally) on Cat2. It's not a good idea though. (grin)
Giuseppe has provided a good solution .
>>Can I allow Vlan123 go through Cat1->someSw1->someSw2->Cat2? I will then do a span-port(Locally) on Cat2. It's not a good idea though. (grin)
You can allow vlan 123 through this switches, but SPAN in this case will not collect traffic from Cat1.
And you right, this is not good idea.
>>for a short time capture you can think to use a laptop with wireshark (ethereal) installed.
This is not good idea. Collector is special server, connected to Cat2