I have two cisco 2960 switches. ports fa0/1 and fas0/2 of both are interconnected and ether channel is configured.
I want to mirror the traffic in ports 3 and 5 of Switch1 and port 3 in Switch 2 to the destination port fas0/6 of SW2 as no spare port in Swicth1.
Also port 3 in both switches is trunk port caarying two vlans.
Please advise how to configure.
can a single port be a destination monitor port for two sessions as quoted below.
HSBU 1B1 (config)# monitor session 1 source remote vlan 70
HSBU 1B1 (config)# monitor session 1 destination int Fa0/6
HSBU 1B1 (config)# monitor session 2 source interface fa0/3 both
HSBU 1B1 (config)# monitor session 2 destination int Fa0/6
I think you should configure a RSPAN on Switch 1 and just span session on Switch 2, The RSPAN is used to mirror the monitored traffic into a vlan and then pass it through different switches. Example:
monitor session 1 source interface f0/3,f0/5 both
monitor session 1 destination remote vlan 70
monitor session 1 source interface remote vlan 70
monitor session 1 destination interface fast 0/6
monitor session 2 source interface f0/3 both
monitor session 2 destination interface fast 0/6
Now if you want to filter only 2 vlans, you should use filter command, for example:
monitor session 1 filter vlan 11 , 12
*The fast 0/6 should not include any configuration to just connect and sniffer there.
* If you are going to use RSPAN, remember to allow the remote vlan into the trunks between the switches.
Also verify this link: https://supportforums.cisco.com/document/139236/understanding-spanrspanand-erspan
Hope it is useful
Thanks for your reply.
As mentioned earlier port Fas0/3 and 0/5 are trunk ports and carrying three vlan information, like 70,80,100. Also these VLANs are allowed in other interfaces also.
if we RSPAN example vlan 70 then traffic of other ports which are associated with this VLAN also mirrored, which i dont want.
can you please advise in this case.