Port mirroring in cisco 2960 Siwtches.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-13-2017 03:18 AM - edited 03-08-2019 09:42 AM
Dear Members,
I have two cisco 2960 switches. ports fa0/1 and fas0/2 of both are interconnected and ether channel is configured.
I want to mirror the traffic in ports 3 and 5 of Switch1 and port 3 in Switch 2 to the destination port fas0/6 of SW2 as no spare port in Swicth1.
Also port 3 in both switches is trunk port caarying two vlans.
Please advise how to configure.
Regards
Hemadri
- Labels:
-
Other Switching
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-13-2017 05:58 AM
Hi,
here you can find manual for SPAN and RSPAN configuration:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_40_se/configuration/guide/scg/swspan.pdf
SPAN is withing one switch
RSPAN is between switches
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-20-2017 05:22 AM
Hi,
can a single port be a destination monitor port for two sessions as quoted below.
HSBU 1B1 (config)# monitor session 1 source remote vlan 70
HSBU 1B1 (config)# monitor session 1 destination int Fa0/6
HSBU 1B1 (config)# monitor session 2 source interface fa0/3 both
HSBU 1B1 (config)# monitor session 2 destination int Fa0/6
please advise.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-13-2017 06:29 AM
Hi
I think you should configure a RSPAN on Switch 1 and just span session on Switch 2, The RSPAN is used to mirror the monitored traffic into a vlan and then pass it through different switches. Example:
SWITCH 1
conf t
Vlan 70
name RSPAN
remote-span
monitor session 1 source interface f0/3,f0/5 both
monitor session 1 destination remote vlan 70
SWITCH 2
conf t
Vlan 70
name RSPAN
remote-span
monitor session 1 source interface remote vlan 70
monitor session 1 destination interface fast 0/6
monitor session 2 source interface f0/3 both
monitor session 2 destination interface fast 0/6
Now if you want to filter only 2 vlans, you should use filter command, for example:
monitor session 1 filter vlan 11 , 12
*The fast 0/6 should not include any configuration to just connect and sniffer there.
* If you are going to use RSPAN, remember to allow the remote vlan into the trunks between the switches.
Also verify this link: https://supportforums.cisco.com/document/139236/understanding-spanrspanand-erspan
Hope it is useful
:-)
>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-13-2017 11:10 PM
Hi,
Thanks for your reply.
As mentioned earlier port Fas0/3 and 0/5 are trunk ports and carrying three vlan information, like 70,80,100. Also these VLANs are allowed in other interfaces also.
if we RSPAN example vlan 70 then traffic of other ports which are associated with this VLAN also mirrored, which i dont want.
can you please advise in this case.
Regards
Hemadri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2017 12:39 AM
if you already have configured VLAN 70 for data traffic, then you must use other VLAN for RSPAN.
RSPAN VLAN must be some new unused VLAN, which will only carry SPAN data between switches.
Did you read document below where you have explained SPAN and RSPAN configuration ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2017 02:43 AM
Hi,
Thank you. I read and understood.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-20-2017 06:03 AM
Hi,
A single port cannot be destination port for two sessions.
