What are your switches, Ben. As far as I remember if it 3550 you have to use a reflector port when you define the SPAN session.
From: [email protected] [mailto:[email protected]] On Behalf Of Ben Shaw Sent: Wednesday, July 25, 2012 3:20 AM To: [email protected] Subject: [OSL | CCIE_Security] RSPAN with SPAN Hi All I am doing question 4.6 in INE WB1 on IPS and have found and issue with tagging of traffic on the destination SPAN port. Here is my configuration: SW1#sh run | i monit monitor session 12 source vlan 12 monitor session 12 destination remote vlan 400 SW1#sh monitor session 2 No SPAN configuration is present in the system for session [2]. SW1#sh monitor session 12 Session 12 ---------- Type : Remote Source Session Source VLANs : Both : 12 Dest RSPAN VLAN : 400 SW2#sh run | i monit monitor session 34 source vlan 34 , 400 monitor session 34 destination interface Gi1/0/10 encapsulation replicate SW2#sho mon ses 34 Session 34 ---------- Type : Local Session Source VLANs : Both : 34,400 Destination Ports : Gi1/0/10 Encapsulation : Replicate Ingress : Disabled The issue I am having is that SW2 is not tagging one of the source SPAN VLANs correctly. What I am finding is that traffic from SW1 which is being sent to SW2 as an RSPAN session on VLAN 400 is being tagged correctly and is therefor being picked up correctly on the IPS VLAN Group interface which is listening for VLAN 400 off interface Gig1/0/10. The traffic from source VLAN 34 on SW2 is being sent untagged out the SPAN port and being seen on the IPS as VLAN 0 so it not being picked up by the second VLAN Group interface which is listening on VLAN 34. I can tell this as after I create a third VLAN Group interface on the IPS for unassigned traffic, the SPAN traffic from VLAN 34 is collected by this third VLAN Group interface and I can see in the logs it has an VLAN of 0. The issue to me seems to be the switch not tagging VLAN 34 correctly before sending it out interface Gig1/0/10. I have tried the following version of the "monitor session 34" command on SW2 but with the same result. SW2(config)#monitor session 34 destination interface gig1/0/10 encapsulation dot1q % Warning: One or more specified dest port does not support requested encapsulation. Interesting I get the error above when I apply this command but the command still seems to stay in the configuration. I am trying to do this on 3750 switches which I know are not used on the lab but I wanted to see if maybe I am just missing something. Thanks Ben
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
