For SW1 monitor session 2 destination interface Fa0/15 encapsulation replicate
Do you have the IPS port setup as a promiscuous VLAN Group port. That is how it would need to be to capture the dot1q headers. You will also need an alternate TCP reset interface. The VoD shows this in example except the trunk traffic is local You should probably also increase the system mtu to 1508 to account for the additional VLAN header unless you make VLAN 999 the native vlan on your trunks. I am not 100% sure but I believe the above should work. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: Tuesday, April 27, 2010 5:49 AM To: [email protected] Subject: [OSL | CCIE_Security] RSPAN with trunk Hi all I have two switches connected as following: sw1 f0/15 - connected to G0/0 of Sensor f0/22 - trunk to sw2 monitor session 2 destination interface Fa0/15 encapsulation dot1q monitor session 2 source remote vlan 999 sw2 f1/0/21 - trunk to sw 1 monitor session 1 source interface Fa1/0/21 monitor session 1 destination remote vlan 999 I am trying capture trunk traffic on sw2, send it through RSPAN 999 to sw1 and then to sensor connected to sw1's port f0/22. But it doesn't work. Has anyone tried capturing trunk and sending through RSPAN. With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
