I have two 3550 switches in a lab setup and have the following situation snippet:
I have Vlan 33 that has ports allocated to it on both switches, this is the vlan I wish to monitor for IDS.
I have the monitoring port attached on Switch #1, and have created a remote-span vlan 901.
The problem that arises when configuring RSPAN is getting Switch #1 to not only monitor the Remote VLAN for Source, but also get it to monitor the local ports that are designated to Vlan 33.
Basicaly here's the configuration:
Switch #1 (VTP Server):
Vlan 33: Fastethernet 0/5, 0/15
(Port 0/15 is where the Monitoring interface is hooked up).
Switch #2 (VTP Client):
Vlan 33: Fastethernet 0/6, 0/7, 0/8
COMMANDS USED:
=============
Switch #1:
vlan 901
remote-span
monitor session 1 source remote vlan 901
monitor session 1 destination interface fastethernet 0/15
Switch #2:
monitor session 1 source interface Fa0/6, Fa0/7, Fa0/8 rx
monitor session 1 destination remote vlan 901 reflector-port Fa0/4
============
When I tried adding on Switch #1 this command:
monitor session 1 source interface fastethernet 0/5
it came back telling me it couldn't add it cause it was part of a vlan that was involved with RSPAN??
I even tried:
monitor session 1 source vlan 33
but with the same results.
Any help would be appreciated.
Thanks,
RCB
I have Vlan 33 that has ports allocated to it on both switches, this is the vlan I wish to monitor for IDS.
I have the monitoring port attached on Switch #1, and have created a remote-span vlan 901.
The problem that arises when configuring RSPAN is getting Switch #1 to not only monitor the Remote VLAN for Source, but also get it to monitor the local ports that are designated to Vlan 33.
Basicaly here's the configuration:
Switch #1 (VTP Server):
Vlan 33: Fastethernet 0/5, 0/15
(Port 0/15 is where the Monitoring interface is hooked up).
Switch #2 (VTP Client):
Vlan 33: Fastethernet 0/6, 0/7, 0/8
COMMANDS USED:
=============
Switch #1:
vlan 901
remote-span
monitor session 1 source remote vlan 901
monitor session 1 destination interface fastethernet 0/15
Switch #2:
monitor session 1 source interface Fa0/6, Fa0/7, Fa0/8 rx
monitor session 1 destination remote vlan 901 reflector-port Fa0/4
============
When I tried adding on Switch #1 this command:
monitor session 1 source interface fastethernet 0/5
it came back telling me it couldn't add it cause it was part of a vlan that was involved with RSPAN??
I even tried:
monitor session 1 source vlan 33
but with the same results.
Any help would be appreciated.
Thanks,
RCB