Yes these switches are connected via a trunk port. f0/3 is connected to a server monitoring the traffic. The software doing the monitoring however can only monitor one port at a time. So I need f0/3 to be the destination port for the ports on switch B. I will check out your link and see what that offers, thanks!

Abzal,

Ok what I am getting from this if I am reading this correclty. So on switch B I create an rpsan vlan (lets call its vlan 10) then all of the ports that need the monitoring should be on that vlan(10). then on the destination port on switch A  also needs to be a member of that rspan vlan(10). so if that is the case on swtich A i need to make the source ports members of vlan 10 which is the rspan vlan correct?

Hi,

No u need put any port which is to be monitored in the rspan vlan,RSPAN vlan will be the destination on the switch where the monitored port is available.The traffic from the source port will go into RSPAN vlan all the way upto the switch where u have connected u r snifffer and on this switch u will have source as the RSPAN vlan and the destination will be the port where the sniffer is connected.

Thanks

Mahmoodmkl,

I'm not sure what you are saying. Are you saying that switch A and B need to be configured for RSPAN? What if I did the following:

Switch A

monitor session 1 source interface fast0/1 - 2

monitor session 1 source interface fast0/4 - 46

monitor session 1 destination interface fast0/3 Put all of the

ports on vlan 10 because I made an rspan vlan 10

On switch B

monitor the ports I need will say 1-10

monitor session 1 source interface fast0/1 - 10

monitor session 1 destination remote vlan 10 (as a prerequisite I would have created vlan 10 as a rspan vlan on switch B.)

Switch A

Monitor session 1 destination remote vlan 10

Would this work?

By the way I am working with cisco catalyst 3560 switches.

Hi,

The below config should work,u need to create the RSPAN vlan on both the switches.

monitor session 1 source interface f0/1-f0/3

monitor session 1 destination remote vlan 10

Then allow VLAN 10 on trunk between switchA and switchB.

On switchA:

monitor session 2 source interface remote vlan 10

monitor session 2 destination interface f0/4

Thanks

Mahmoodmkl and Abzal,

On swtich A the command monitor session 2 source interface remote vlan 10 does not work.

what did work was monitor session 2 source remote vlan 10 will this suffice?

Also why different session numbers? and if the destination port is on switch A seems like the config you guys gave me should be reversed on switch A and B. So you guys obviously know more then I do however I just wanted to make sure I made it clear port 3 on switch A is connected to a server with software monitoring traffic.

Here are the configs i have in place now, Do these seem right to either of you?

Switch A:

Session 2

---------

Type                   : Remote Destination Session

Source RSPAN VLAN      : 10

Destination Ports      : Fa0/3

    Encapsulation      : Native

          Ingress      : Disabled

Switch B:

Session 1

---------

Type                   : Remote Source Session

Source Ports           :

    Both               : Fa0/1-40

Dest RSPAN VLAN        : 10

Ok with those commands in place I am not getting traffic on the port when I look at the incoming outgoing traffic on the server, so its not capturing data.

Yes, it looks right. On switchA as you know you need to create SPAN session one for local ports second to RSPAN session.

Sent from Cisco Technical Support iPhone App

Abzal,

Looks like its correct then? I wonder why its not receiving any traffic then on the server for fa0/3? When I had the below command in before these changes i was at least getting results on switch A

Switch A:

monitor session 1 source interface fast0/1 - 2

monitor session 1 source interface fast0/4 - 46

monitor session 1 destination interface fast0/3

Should those be put back in along with the current config I posted earlier?

Abzal,

Here is what I have going on:

Switch A rspan vlan:

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4

                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8

                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12

                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16

                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20

                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24

                                                Fa0/25, Fa0/26, Fa0/27, Fa0/28

                                                Fa0/29, Fa0/30, Fa0/31, Fa0/32

                                                Fa0/33, Fa0/34, Fa0/35, Fa0/36

                                                Fa0/37, Fa0/38, Fa0/39, Fa0/40

                                                Fa0/41, Fa0/42, Fa0/43, Fa0/44

                                                Fa0/45, Fa0/46, Gi0/1, Gi0/2

                                                Gi0/3, Gi0/4

2    Sightly                          active

3    appstack                         active

4    pbx                              active

10   remote-span                      active

1002 fddi-default                     act/unsup

1003 token-ring-default               act/unsup

1004 fddinet-default                  act/unsup

1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1    enet  100001     1500  -      -      -        -    -        0      0

2    enet  100002     1500  -      -      -        -    -        0      0

3    enet  100003     1500  -      -      -        -    -        0      0

4    enet  100004     1500  -      -      -        -    -        0      0

10   enet  100010     1500  -      -      -        -    -        0      0

1002 fddi  101002     1500  -      -      -        -    -        0      0

1003 tr    101003     1500  -      -      -        -    srb      0      0

1004 fdnet 101004     1500  -      -      -        ieee -        0      0

1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs

------------------------------------------------------------------------------

10

Switch B rspan vlan:

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4

                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8

                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12

                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16

                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20

                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24

                                                Fa0/25, Fa0/26, Fa0/27, Fa0/28

                                                Fa0/29, Fa0/30, Fa0/31, Fa0/32

                                                Fa0/33, Fa0/34, Fa0/35, Fa0/36

                                                Fa0/37, Fa0/38, Fa0/39, Fa0/40

                                                Fa0/41, Fa0/42, Fa0/43, Fa0/44

                                                Fa0/45, Fa0/48, Gi0/1, Gi0/2

                                                Gi0/3, Gi0/4

2    Sightly                          active

3    appstack                         active

4    pbx                              active

10   remote-span                      active

1002 fddi-default                     act/unsup

1003 token-ring-default               act/unsup

1004 fddinet-default                  act/unsup

1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1    enet  100001     1500  -      -      -        -    -        0      0

2    enet  100002     1500  -      -      -        -    -        0      0

3    enet  100003     1500  -      -      -        -    -        0      0

4    enet  100004     1500  -      -      -        -    -        0      0

10   enet  100010     1500  -      -      -        -    -        0      0

1002 fddi  101002     1500  -      -      -        -    -        0      0

1003 tr    101003     1500  -      -      -        -    srb      0      0

1004 fdnet 101004     1500  -      -      -        ieee -        0      0

1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs

------------------------------------------------------------------------------

10

Here is switch A and me adding the session 1 monitor destion command.

Sightly1#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

Sightly1(config)#monitor session 1 source interface fast0/1 - 2

Sightly1(config)#monitor session 1 source interface fast0/4 - 46

Sightly1(config)#monitor session 1 destination interface fast0/3

% Interface(s) Fa0/3 already configured as monitor destinations in other monitor

And just again the current show monitor command configuration that is on the switches

Switch A

Session 1

---------

Type                   : Local Session

Source Ports           :

    Both               : Fa0/1-2,Fa0/4-46

Session 2

---------

Type                   : Remote Destination Session

Source RSPAN VLAN      : 10

Destination Ports      : Fa0/3

    Encapsulation      : Native

          Ingress      : Disabled

Switch B

Session 1

---------

Type                   : Remote Source Session

Source Ports           :

    Both               : Fa0/1-40

Dest RSPAN VLAN        : 10