Thanks for clarifications ! So, to be on a safe side and not take the risk especially on the lab exam the rule of thumb is include VLAN45 into the source list on Cat4 :)
From: Karthik sagar [mailto:[email protected]] Sent: Monday, August 06, 2012 2:56 PM To: Eugene Pefti Cc: Jay McMickle; CCIE Security Maillist Subject: Re: [OSL | CCIE_Security] Volume 1 3.6 Monitoring Traffic with IDS Somehow, it doesn't make sense to me that we need to have vlan 45 in source session just to place the incoming TCP reset packet in vlan 45 - This is taken care by the destination command. Also, here is an example from cisco doc : http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_46_se/configuration/guide/swspan.html#wp1200730 Switch(config)# monitor session 2 source remote vlan 901 Switch(config)# monitor session 2 destination interface gigabitethernet0/2 ingress vlan 6 Switch(config)# end Here the incoming packets on gig0/2 are placed in vlan 6 , and the source session in not configured to monitor vlan 6 !! Here's my understanding - In our previous scenario, the task was to monitor "traffic between vlan 4 and vlan5" : in this case , vlan 45 in source session is Not required on Cat4. rspan450 has full flow information. Although , having v45 there should not do any harm. Now, if the task was to "monitor all vlan 45 traffic", then vlan 45 in source session is also required on Cat4 to monitor traffic between local v45 access-ports.
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
