Q. About Configuring RSPAN

[RCBlender]

I have two 3550 switches in a lab setup and have the following situation snippet:

I have Vlan 33 that has ports allocated to it on both switches, this is the vlan I wish to monitor for IDS.
I have the monitoring port attached on Switch #1, and have created a remote-span vlan 901.

The problem that arises when configuring RSPAN is getting Switch #1 to not only monitor the Remote VLAN for Source, but also get it to monitor the local ports that are designated to Vlan 33.

Basicaly here's the configuration:

Switch #1 (VTP Server):
Vlan 33: Fastethernet 0/5, 0/15
(Port 0/15 is where the Monitoring interface is hooked up).

Switch #2 (VTP Client):
Vlan 33: Fastethernet 0/6, 0/7, 0/8


COMMANDS USED:
=============
Switch #1:

vlan 901
remote-span

monitor session 1 source remote vlan 901
monitor session 1 destination interface fastethernet 0/15


Switch #2:

monitor session 1 source interface Fa0/6, Fa0/7, Fa0/8 rx
monitor session 1 destination remote vlan 901 reflector-port Fa0/4

============

When I tried adding on Switch #1 this command:
monitor session 1 source interface fastethernet 0/5

it came back telling me it couldn't add it cause it was part of a vlan that was involved with RSPAN??

I even tried:
monitor session 1 source vlan 33
but with the same results.


Any help would be appreciated.

Thanks,
RCB

 

[ccmuser]

Are these your goals for a production network or just lab scenerio? You should really use VACL's to accomplish monitoring more than one vlan in a RSPAN search more rspan traffic analyis or something along those lines..
doc should come right up.
If not post back..I have it at work somewhere..

 

[RCBlender]

This is for Lab only.

Aren't VACL's done with 6500 series switches, not 3550?

I'm working with two 3550's. I know it'd be easier if I were working with 6500's, but I'm mimicing the CCIE lab setup.

-RCB-