cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
28588
Views
9
Helpful
7
Replies

Port mirroring in cisco 2960 Siwtches.

hemadri37
Beginner
Beginner

Dear Members,

I have two cisco 2960 switches. ports fa0/1 and fas0/2 of both are interconnected and ether channel is configured.

I want to mirror the traffic in ports 3 and 5 of Switch1 and port 3 in Switch 2 to the destination port fas0/6 of SW2 as no spare port in Swicth1.

Also port 3 in both switches is trunk port caarying two vlans.

Please advise how to configure.

Regards

Hemadri

7 Replies 7

Milos Megis
Participant
Participant

Hi,
here you can find manual for SPAN and RSPAN configuration:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_40_se/configuration/guide/scg/swspan.pdf

SPAN is withing one switch
RSPAN is between switches

Hi,

can a single port be a destination monitor port for two sessions as quoted below.

HSBU 1B1 (config)# monitor session 1 source remote vlan 70

HSBU 1B1 (config)# monitor session 1 destination int Fa0/6
HSBU 1B1 (config)# monitor session 2 source interface fa0/3 both
HSBU 1B1 (config)# monitor session 2 destination int Fa0/6

please advise.

Julio E. Moisa
VIP Mentor VIP Mentor
VIP Mentor

Hi

I think you should configure a RSPAN on Switch 1 and just span session on Switch 2, The RSPAN is used to mirror the monitored traffic into a vlan and then pass it through different switches. Example:

SWITCH 1

conf t
Vlan 70
name RSPAN
remote-span

monitor session 1 source interface f0/3,f0/5 both
monitor session 1 destination remote vlan 70

SWITCH 2

conf t
Vlan 70
name RSPAN
remote-span

monitor session 1 source interface remote vlan 70
monitor session 1 destination interface fast 0/6

monitor session 2 source interface f0/3 both
monitor session 2 destination interface fast 0/6

Now if you want to filter only 2 vlans, you should use filter command, for example:

monitor session 1 filter vlan 11 , 12

*The fast 0/6 should not include any configuration to just connect and sniffer there.

* If you are going to use RSPAN, remember to allow the remote vlan into the trunks between the switches.

Also verify this link: https://supportforums.cisco.com/document/139236/understanding-spanrspanand-erspan

Hope it is useful

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Hi,

Thanks for your reply.

As mentioned earlier port Fas0/3 and 0/5 are trunk ports and carrying three vlan information, like 70,80,100. Also these VLANs are allowed in other interfaces also.

if we RSPAN example vlan 70 then traffic of other ports which are associated with this VLAN also mirrored, which i dont want.

can you please advise in this case.

Regards

Hemadri

if you already have configured VLAN 70 for data traffic, then you must use other VLAN for RSPAN.

RSPAN VLAN must be some new unused VLAN, which will only carry SPAN data between switches.

Did you read document below where you have explained SPAN and RSPAN configuration ?

Hi,

Thank you. I read and understood.

Hi,

A single port cannot be destination port for two sessions.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers