Hi Tyson How can a vlan carry dot1q traffic inside?
With regards Kings On Mon, Apr 12, 2010 at 6:30 PM, Tyson Scott <[email protected]> wrote: > As you are capturing them on the vlan and not the interface they will not > have the header. > > > > Now if you were actually capturing on the port then it would include the > header. Which would mean that you would have to use VLAN Groups on the IPS > for the port. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Technical Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Kingsley Charles > *Sent:* Monday, April 12, 2010 8:57 AM > *To:* [email protected] > *Subject:* [OSL | CCIE_Security] RSPAN with trunk and IPS > > > > Hi all > > > > Please share your thoughts: > > > > I have tried pushing various vlans as source into the remote vlan but never > tried a dot1q traffic to remote vlan. Has anyone tried it? > > The above config pushea trunk traffic to remote vlan 999. > > > > With rspan and the following config, vlan 1 and 2 will be pushed into > remote 999 and and on remote switch, vlan 1 and 2 will be tagged as vlan 999 > not 1 and 2 on f1/0/2 > > > > sw1 > > > > monitor session 1 source vlan 1,2 > monitor session 1 destination remote vlan 999 > > > > > > sw 2 > > monitor session 1 source vlan 999 > monitor session 1 destination interface f1/0/2 encapsulation dot1q > > > > > > With following config, will the traffic be sent to the remote vlan as dot1q > tagged traffic or individual vlans are sent? How will it be seen on the > remote switch sw2? > > > > sw 1 > > > > interface f0/1 > > switch mode trunk > > > monitor session 1 source f0/1 > monitor session 1 destination remote vlan 999 > > sw 2 > > monitor session 1 source vlan 999 > monitor session 1 destination interface f1/0/2 encapsulation dot1q > > > > > > > > > > With regards > > Kings >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
