https://community.cisco.com/t5/network-security/rspan-sessions-and-ids/m-p/471151#M95017 <P>Are RSPAN "Sessions" Inclusive or exclusive of each other?</P><P></P><P>Can you send traffic from 1 session to another?</P><P> </P><P>In other words, if I want to monitor 3 vlans with active hosts that reside across several switches including the one with the destination port (IDS) will this work?</P><P></P><P>monitor session 1 source vlan 10 - 12 rx</P><P>monitor session 1 destination remote vlan 555 reflector-port Fa0/10</P><P>monitor session 2 source remote vlan 555 </P><P>monitor session 2 destination interface Fa0/24</P><P></P><P>Does Session 1 "move" the traffic to be inspected by session 2 (where the IDS is located per f0/24)?</P><P> </P><P>Or does session 1 just send the traffic back over the Trunk (RSPAN Vlan) link?</P><P></P> Sun, 10 Mar 2019 09:46:18 GMT d-garnett 2019-03-10T09:46:18Z https://community.cisco.com/t5/network-security/rspan-sessions-and-ids/m-p/471151#M95017 <P>Are RSPAN "Sessions" Inclusive or exclusive of each other?</P><P></P><P>Can you send traffic from 1 session to another?</P><P> </P><P>In other words, if I want to monitor 3 vlans with active hosts that reside across several switches including the one with the destination port (IDS) will this work?</P><P></P><P>monitor session 1 source vlan 10 - 12 rx</P><P>monitor session 1 destination remote vlan 555 reflector-port Fa0/10</P><P>monitor session 2 source remote vlan 555 </P><P>monitor session 2 destination interface Fa0/24</P><P></P><P>Does Session 1 "move" the traffic to be inspected by session 2 (where the IDS is located per f0/24)?</P><P> </P><P>Or does session 1 just send the traffic back over the Trunk (RSPAN Vlan) link?</P><P></P> Sun, 10 Mar 2019 09:46:18 GMT https://community.cisco.com/t5/network-security/rspan-sessions-and-ids/m-p/471151#M95017 d-garnett 2019-03-10T09:46:18Z https://community.cisco.com/t5/network-security/rspan-sessions-and-ids/m-p/471152#M95018 <HTML><HEAD></HEAD><BODY><P>This is the line that confuses me:</P><P>monitor session 1 destination remote vlan 555 reflector-port Fa0/10</P><P></P><P>I don't know what the "reflector-port Fa0/10" will do. Is this a Cat 6K? I have not seen that option in the Cat 6K documentation. </P><P></P><P>My experience has all been on the cat 6K.</P><P>On the Cat 6K with Native IOS if you execute the following commands:</P><P>monitor session 1 source vlan 10 - 12 rx </P><P>monitor session 1 destination remote vlan 555 </P><P>monitor session 2 source remote vlan 555 </P><P>monitor session 2 destination interface Fa0/24</P><P></P><P>Then the session 1 traffic from vlans 10-12 WILL be spanned to port Fa0/24 (along with the traffic from remote spans from other connected switches).</P><P>The sesssion 1 source traffic WILL becomes session 2 source traffic in the above configuration on a Cat 6K.</P><P></P><P>What I can't guarantee you is if the same will hold true on the span command on other Cisco switches.</P><P></P><P></P></BODY></HTML> Mon, 28 Nov 2005 19:04:26 GMT https://community.cisco.com/t5/network-security/rspan-sessions-and-ids/m-p/471152#M95018 marcabal 2005-11-28T19:04:26Z