Thanks. I was looking at Cisco's documentation and it seems tha ERSPAN is what we must use given two different switches connected by a port-channel but only one vlan on both and servers connected to both switches - so, having source on one switchand destination on the other Sw makes sence.

Please advise,

Thanks,

masood

hi,

can you please comment on my last query?

Thanks,

Masood

so, se 1 source port could be any port?

and the se1 dewstination has to have same port number i.e. Fa0/15 in this example?

Please advise

Masood

The source can be any port you want to monitor, it can also be a VLAN (that will monitor all ports in that vlan).

The destination should be another port in another VLAN.

Read the following:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swspan.html

Thanks. This is what i have done and I really apapreciate if you can take a look and tell me if I am alight. i will be testing this on a pair of 6500 in two hours:

On Switch 1 i.e. server switch:

Sw1# vlan 66

sw1#remote-span

sw1#exit

We have the po9 as trunk already so we use it to send vlan traffic over to the other switch.

But we need to add switchport trunk native vlan 6 on the PO1 at both ends.

Tunck cnfigurations:

po9 Interface:

switchport trunk native vlan 6 (my vlan on both switch that needs to be monitrored as source of traffic)

switchport trunk encapsulation dot1q

switchport mode trunk

Sw1 is the source for RSPAN

sw1(conf t)# monitor session 1 source interface vlan 6 both

Reflector-port on server switch:

sw1(conf t)#monitor session 1 destination remote vlan 66 reflector-port gi3/3

On Switch 2:

SW2(config)# monitor session 1 source remote vlan 66

sw2(config)#monitor session 1 destination interface gi 3/1

Please advise.

Thanks,

masood

OR, the modified configuration. I have vlan 6 as my data vlan on both switches, so vlan6 on switch 1 and on switch2.

I have created vlan 66 on both switches as span vlan.

My confusion is at defining my source, should I use vlan 6?

so here what I have:

To be created on both Switches - remote VLAN:

Switch(config)# vlan 66

Switch(config-vlan)# remote span

Switch(config-vlan)# end

Source:

Switch1(config)# no monitor session 1

Switch1(config)# monitor session 1 source (vlan 6 or an Interface)

Switch1(config)# monitor session 1 destination remote vlan 66

Switch1(config)# end

destination:

Switch(config)# monitor session 1 source remote vlan 66

Switch(config)# monitor session 1 destination interface gigabitethernet0/1 (any sniffing portS)

Switch(config)# end

your thoughts please/

Thanks,

Masood

sorry, my question was on th ereflector-port that is missing in this Cisco document but i ahve included in teh configuration below:

To be created on both Switches - remote VLAN:

Switch(config)# vlan 66

Switch(config-vlan)# remote span

Switch(config-vlan)# end

Source:

Switch1(config)# no monitor session 1

Switch1(config)# monitor session 1 source (vlan 6 or an Interface)

Switch1(config)# monitor session 1 destination remote vlan 66 reflector-port gi3/1

Switch1(config)# end

destination:

Switch(config)# monitor session 1 source remote vlan 66

Switch(config)# monitor session 1 destination interface gigabitethernet0/1 (any sniffing portS)

Switch(config)# end

do I need to use that? why do we need the reflector-port?

Thanks,

Masood

hi,

per Cisco, we don't need reflector-port on 6500 switch platform with IOS 12.x as shown below:

The only other Cisco IOS platform that supports RSPAN is the native IOS Catalyst 6000/6500 running IOS 12.2SX. On this switch, you do not need to configure a reflector port because the switch handles the process of mirroring traffic from source ports to the RSPAN VLAN internally. Unlike SPAN, where the source and destination ports exist on the same switch, the source and destination ports for an RSPAN session reside on different switches. This requires a separate RSPAN source session to be configured, as well as a separate RSPAN destination session to be configured. The following shows the syntax used to configure an RSPAN source session:

now, given the statemnet above, how will the configuration change?

Thanks,

Masood