cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3224
Views
0
Helpful
14
Replies

Monitoring Port

mvaldez83
Level 1
Level 1

So here is the deal, I have a server on switch A where port 3 is monitoring traffic for most of the ports on switch A. However I have other users on switch B that needs to have port 3 on switch A monitor as well. Is this possible? I have been reading about rspan but doesnt seem to work.

Switch A:

monitor session 1 source interface fast0/1 - 2

monitor session 1 source interface fast0/4 - 46

monitor session 1 destination interface fast0/3

(this works great for switch A, I need a solution to get switch B to also have some ports sent to port 3 on switch A for monitoring.)

Thanks in advance!

Matt

14 Replies 14

Abzal
Level 7
Level 7

Hi,

Are these switches separate or connected to each other? On switchA on port f0/3 connected something like server?

If they are serapate switches and on port it's a server you can plug second network card on server and set up monitoring on switchB like on switchA.

If those are connected your option is RSPAN.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_13_ea1/configuration/guide/swspan.html

Hope it will help.

Best regards,
Abzal

Yes these switches are connected via a trunk port. f0/3 is connected to a server monitoring the traffic. The software doing the monitoring however can only monitor one port at a time. So I need f0/3 to be the destination port for the ports on switch B. I will check out your link and see what that offers, thanks!

Abzal,

Ok what I am getting from this if I am reading this correclty. So on switch B I create an rpsan vlan (lets call its vlan 10) then all of the ports that need the monitoring should be on that vlan(10). then on the destination port on switch A  also needs to be a member of that rspan vlan(10). so if that is the case on swtich A i need to make the source ports members of vlan 10 which is the rspan vlan correct?

Hi,

No u need put any port which is to be monitored in the rspan vlan,RSPAN vlan will be the destination on the switch where the monitored port is available.The traffic from the source port will go into RSPAN vlan all the way upto the switch where u have connected u r snifffer and on this switch u will have source as the RSPAN vlan and the destination will be the port where the sniffer is connected.

Thanks

Mahmoodmkl,

I'm not sure what you are saying. Are you saying that switch A and B need to be configured for RSPAN? What if I did the following:

Switch A

monitor session 1 source interface fast0/1 - 2

monitor session 1 source interface fast0/4 - 46

monitor session 1 destination interface fast0/3 Put all of the

ports on vlan 10 because I made an rspan vlan 10

On switch B

monitor the ports I need will say 1-10

monitor session 1 source interface fast0/1 - 10

monitor session 1 destination remote vlan 10 (as a prerequisite I would have created vlan 10 as a rspan vlan on switch B.)

Switch A

Monitor session 1 destination remote vlan 10

Would this work?

By the way I am working with cisco catalyst 3560 switches.

Hi,

The below config should work,u need to create the RSPAN vlan on both the switches.

monitor session 1 source interface f0/1-f0/3

monitor session 1 destination remote vlan 10

Then allow VLAN 10 on trunk between switchA and switchB.

On switchA:

monitor session 2 source interface remote vlan 10

monitor session 2 destination interface f0/4

Thanks

Abzal
Level 7
Level 7

Hi,

On switchB you need to create one VLAN for RSPAN. Then allow it on trunk between switchA. This VLAN will transfer all traffic from ports to switchA via trunk. You don't need to assign these ports you intended to monitor on RSPAN VLAN.

monitor session 1 source interface f0/1-f0/3
monitor session 1 destination remote vlan 10

Then allow VLAN 10 on trunk between switchA and switchB.
On switchA:
monitor session 2 source interface remote vlan 10
monitor session 2 destination interface f0/4



Sent from Cisco Technical Support iPhone App

Best regards,
Abzal

Mahmoodmkl and Abzal,

On swtich A the command monitor session 2 source interface remote vlan 10 does not work.

what did work was monitor session 2 source remote vlan 10 will this suffice?

Also why different session numbers? and if the destination port is on switch A seems like the config you guys gave me should be reversed on switch A and B. So you guys obviously know more then I do however I just wanted to make sure I made it clear port 3 on switch A is connected to a server with software monitoring traffic.

Here are the configs i have in place now, Do these seem right to either of you?

Switch A:

Session 2

---------

Type                   : Remote Destination Session

Source RSPAN VLAN      : 10

Destination Ports      : Fa0/3

    Encapsulation      : Native

          Ingress      : Disabled

Switch B:

Session 1

---------

Type                   : Remote Source Session

Source Ports           :

    Both               : Fa0/1-40

Dest RSPAN VLAN        : 10

Ok with those commands in place I am not getting traffic on the port when I look at the incoming outgoing traffic on the server, so its not capturing data.

Yes, it looks right. On switchA as you know you need to create SPAN session one for local ports second to RSPAN session.

Sent from Cisco Technical Support iPhone App

Best regards,
Abzal

Abzal,

Looks like its correct then? I wonder why its not receiving any traffic then on the server for fa0/3? When I had the below command in before these changes i was at least getting results on switch A

Switch A:

monitor session 1 source interface fast0/1 - 2

monitor session 1 source interface fast0/4 - 46

monitor session 1 destination interface fast0/3

Should those be put back in along with the current config I posted earlier?

Abzal
Level 7
Level 7

Ok, first of all you need to create different VLAN for RSPAN. Second do not configure access ports on this VLAN. Allow it on trunk port between switches.
1. On switchA will be two sessions first that you posted before.
2. Second for RSPAN session.

SwitchA:

monitor session 1 source interface fast0/1 - 2monitor session 1 source interface fast0/4 - 46monitor session 1 destination interface fast0/3

monitor session 2 source remote vlan 10
monitor session 2 destination interface fast0/3


Sent from Cisco Technical Support iPhone App

Best regards,
Abzal

Abzal,

Here is what I have going on:

Switch A rspan vlan:

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4

                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8

                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12

                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16

                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20

                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24

                                                Fa0/25, Fa0/26, Fa0/27, Fa0/28

                                                Fa0/29, Fa0/30, Fa0/31, Fa0/32

                                                Fa0/33, Fa0/34, Fa0/35, Fa0/36

                                                Fa0/37, Fa0/38, Fa0/39, Fa0/40

                                                Fa0/41, Fa0/42, Fa0/43, Fa0/44

                                                Fa0/45, Fa0/46, Gi0/1, Gi0/2

                                                Gi0/3, Gi0/4

2    Sightly                          active

3    appstack                         active

4    pbx                              active

10   remote-span                      active

1002 fddi-default                     act/unsup

1003 token-ring-default               act/unsup

1004 fddinet-default                  act/unsup

1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1    enet  100001     1500  -      -      -        -    -        0      0

2    enet  100002     1500  -      -      -        -    -        0      0

3    enet  100003     1500  -      -      -        -    -        0      0

4    enet  100004     1500  -      -      -        -    -        0      0

10   enet  100010     1500  -      -      -        -    -        0      0

1002 fddi  101002     1500  -      -      -        -    -        0      0

1003 tr    101003     1500  -      -      -        -    srb      0      0

1004 fdnet 101004     1500  -      -      -        ieee -        0      0

1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs

------------------------------------------------------------------------------

10

Switch B rspan vlan:

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4

                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8

                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12

                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16

                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20

                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24

                                                Fa0/25, Fa0/26, Fa0/27, Fa0/28

                                                Fa0/29, Fa0/30, Fa0/31, Fa0/32

                                                Fa0/33, Fa0/34, Fa0/35, Fa0/36

                                                Fa0/37, Fa0/38, Fa0/39, Fa0/40

                                                Fa0/41, Fa0/42, Fa0/43, Fa0/44

                                                Fa0/45, Fa0/48, Gi0/1, Gi0/2

                                                Gi0/3, Gi0/4

2    Sightly                          active

3    appstack                         active

4    pbx                              active

10   remote-span                      active

1002 fddi-default                     act/unsup

1003 token-ring-default               act/unsup

1004 fddinet-default                  act/unsup

1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1    enet  100001     1500  -      -      -        -    -        0      0

2    enet  100002     1500  -      -      -        -    -        0      0

3    enet  100003     1500  -      -      -        -    -        0      0

4    enet  100004     1500  -      -      -        -    -        0      0

10   enet  100010     1500  -      -      -        -    -        0      0

1002 fddi  101002     1500  -      -      -        -    -        0      0

1003 tr    101003     1500  -      -      -        -    srb      0      0

1004 fdnet 101004     1500  -      -      -        ieee -        0      0

1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs

------------------------------------------------------------------------------

10

Here is switch A and me adding the session 1 monitor destion command.

Sightly1#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

Sightly1(config)#monitor session 1 source interface fast0/1 - 2

Sightly1(config)#monitor session 1 source interface fast0/4 - 46

Sightly1(config)#monitor session 1 destination interface fast0/3

% Interface(s) Fa0/3 already configured as monitor destinations in other monitor

And just again the current show monitor command configuration that is on the switches

Switch A

Session 1

---------

Type                   : Local Session

Source Ports           :

    Both               : Fa0/1-2,Fa0/4-46

Session 2

---------

Type                   : Remote Destination Session

Source RSPAN VLAN      : 10

Destination Ports      : Fa0/3

    Encapsulation      : Native

          Ingress      : Disabled

Switch B

Session 1

---------

Type                   : Remote Source Session

Source Ports           :

    Both               : Fa0/1-40

Dest RSPAN VLAN        : 10

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco