cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1542
Views
5
Helpful
4
Replies

Port mirroring on 3550's in stack

vemulabhanu
Level 1
Level 1

Hi all,

I have two 3550's connected in a stack using gig ports. I wanna moniter port fa0/1 of switch one and fa0/1 of switch two traffic on port fa0/4 of switch one. I wanna to know if i can configure RSPAN to do that. Please let me know how to do it. Thanks for your help

1 Accepted Solution

Accepted Solutions

leonvd79
Level 4
Level 4

Hello,

Yes, what you want is possible with RSPAN.

Create a RSPAN VLAN, let's say VLAN 500 on both switches.

conf t

vlan 500

remote-span

end

Configure the port you want to copy frames from into the RSPAN VLAN.

monitor session 1 source interface FastEthernet0/1

monitor session 1 destination remote vlan 500 reflector-port FastEthernet0/24

Finally configure a session that copies the frames from the RSPAN VLAN into the port with sniffer attached.

monitor session 2 source remote vlan 500

monitor session 2 destination interface FastEthernet0/5

Verify your configuration.

show monitor session all

HTH

--Leon

* Please rate posts.

View solution in original post

4 Replies 4

leonvd79
Level 4
Level 4

Hello,

Yes, what you want is possible with RSPAN.

Create a RSPAN VLAN, let's say VLAN 500 on both switches.

conf t

vlan 500

remote-span

end

Configure the port you want to copy frames from into the RSPAN VLAN.

monitor session 1 source interface FastEthernet0/1

monitor session 1 destination remote vlan 500 reflector-port FastEthernet0/24

Finally configure a session that copies the frames from the RSPAN VLAN into the port with sniffer attached.

monitor session 2 source remote vlan 500

monitor session 2 destination interface FastEthernet0/5

Verify your configuration.

show monitor session all

HTH

--Leon

* Please rate posts.

Hi Leon

Thanks for your reply. I have small confusion here. My problem is

Switch 1 and switch 2 (3550's) are connected in a stack using gig ports. Now I want to moniter ports fa0/1 of both the switches on fa0/4 of switch 1. So is it possible to keep fa0/1 of switch 1 in the RSPAN vlan. My IDS is connected to port fa0/4 for switch 1. SO i want to send all the traffic on fa0/1 of both the switches in stack to fa0/4 of switch 1. If so could you please let me know the configuration.

Thanks for your help.

Bhanu

Hello Bhanu,

The configuration is quite simple.

Switch 1

vlan 500

remote-span

exit

monitor session 1 source interface FastEthernet0/1

monitor session 1 destination remote vlan 500 reflector-port FastEthernet0/24

monitor session 2 source remote vlan 500

monitor session 2 destination interface FastEthernet0/4

Switch 2

vlan 500

remote-span

exit

monitor session 1 source interface FastEthernet0/1

monitor session 1 destination remote vlan 500 reflector-port FastEthernet0/24

Switchport Fa0/1 frames are copied onto VLAN 500 by reflector-port Fa0/24 on both Switch 1 and Switch 2. On Switch 1 the frames are copied from VLAN 500 to Fa0/4 where your IDS resided.

HTH

--Leon

* Please rate posts.

Hi Leon

I for it done and thanx for your kind help. Keep going on

Bhanu

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco