just have to make sure the system mtu is large enough to account for it but it works. dot1q tunnels work in this manner and this is the way a VLAN Hop attack is carried out. Obviously there are valid reasons for doing it as well.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: Kingsley Charles [mailto:[email protected]] Sent: Monday, April 12, 2010 9:06 AM To: Tyson Scott Cc: [email protected] Subject: Re: [OSL | CCIE_Security] RSPAN with trunk and IPS Hi Tyson How can a vlan carry dot1q traffic inside? With regards Kings On Mon, Apr 12, 2010 at 6:30 PM, Tyson Scott <[email protected]> wrote: As you are capturing them on the vlan and not the interface they will not have the header. Now if you were actually capturing on the port then it would include the header. Which would mean that you would have to use VLAN Groups on the IPS for the port. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: Monday, April 12, 2010 8:57 AM To: [email protected] Subject: [OSL | CCIE_Security] RSPAN with trunk and IPS Hi all Please share your thoughts: I have tried pushing various vlans as source into the remote vlan but never tried a dot1q traffic to remote vlan. Has anyone tried it? The above config pushea trunk traffic to remote vlan 999. With rspan and the following config, vlan 1 and 2 will be pushed into remote 999 and and on remote switch, vlan 1 and 2 will be tagged as vlan 999 not 1 and 2 on f1/0/2 sw1 monitor session 1 source vlan 1,2 monitor session 1 destination remote vlan 999 sw 2 monitor session 1 source vlan 999 monitor session 1 destination interface f1/0/2 encapsulation dot1q With following config, will the traffic be sent to the remote vlan as dot1q tagged traffic or individual vlans are sent? How will it be seen on the remote switch sw2? sw 1 interface f0/1 switch mode trunk monitor session 1 source f0/1 monitor session 1 destination remote vlan 999 sw 2 monitor session 1 source vlan 999 monitor session 1 destination interface f1/0/2 encapsulation dot1q With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
