King: So, why is this not in the DSG? Yogesh: You cant specify more than one source per session, but you can have multiple sessions with a common destination (i believe)...
/Jimmy 2010/9/10 Yogesh Gawankar <[email protected]> > Don't we mean > > moni session 1 source remote vlan 224 , vlan 24 > moni session 1 dest int fa0/15 > > or am I missing something? > > > Thanks and regards > > Yogesh Gawankar > > > --- On *Fri, 9/10/10, Kingsley Charles <[email protected]>*wrote: > > > From: Kingsley Charles <[email protected]> > Subject: Re: [OSL | CCIE_Security] rspan? > To: "Jimmy Larsson" <[email protected]> > Cc: "OSL Security" <[email protected]> > Date: Friday, September 10, 2010, 8:56 PM > > > You need to add it also on cat 4. > > > monitor session 1 source vlan 24 > monitor session 1 dest remote vlan 224 > > With regards > Kings > > > On Fri, Sep 10, 2010 at 1:23 PM, Jimmy Larsson > <[email protected]<http://us.mc581.mail.yahoo.com/mc/[email protected]> > > wrote: > > Hello > > In wb2 lav 11 task 3.1 we are told to monitor vlan 24 in the IPS. This vlan > exists active in at least Ca3 and Cat4, and the ips interface is connected > to Cat4. The solution from DSG is this: > > cat3: > vlan 224 > remote-span > ! > monitor sess 1 sour vlan 24 both > monitor sess 1 dest remote vlan 224 > > cat4: > vlan 224 > remote-span > ! > moni session 1 source remote vlan 224 > moni session 1 dest int fa0/15 > > But this will only bring traffic from vlan24 in cat3 to the ips, right? > What happens with traffic in cat4 vlan24 (like asa2 e0/0 which is in vlan24 > on cat4 fa0/10), this traffic will never be seen on ips. Do we still comply > with requirements to monitor Vlan24? > > Or would the solution be to also add this to cat4: > > moni session 1 source vlan 24 > moni session 1 dest remote vlan 224 > > Please enlighten me. :-) > > /Jimmy > > -- > ------- > Jimmy Larsson > Ryavagen 173 > s-26030 Vallakra > Sweden > http://blogg.kvistofta.nu > ------- > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > > -----Inline Attachment Follows----- > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > -- ------- Jimmy Larsson Ryavagen 173 s-26030 Vallakra Sweden http://blogg.kvistofta.nu -------
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
