10-12-2017 01:03 AM - edited 03-08-2019 12:20 PM
Hi, folks!
I am trying to make following setup:
- There is a WAN router , connected to C2960S switch port gig 1/0/23, This port is in trunk mode, but WAN connection is in Vlan 1
- There is a ESXI host behind port 1/0/13 on same switch. There are some VMs in different vlans, and ESXI management vlan is 911. This port is also in trunk mode.
I want to mirror traffic from port gig 1/0/23 (only vlan 1 related traffic) to VM behind gig 1/0/13 port. And i want to keep this port 1/0/13 in forwarding state, because i need access to my VMs.
Here is my config:
monitor session 1 source interface Gi1/0/23 both
monitor session 1 filter vlan 1
monitor session 1 destination interface gigabitEthernet 1/0/13 encapsulation replicate ingress vlan 1
From my point of view, this configuration should:
1) mirror only vlan1 traffic to the port 1/0/13
2) allow ingress traffic on port 1/0/13, and save 802.1 tag in packets. Also, if ingress traffic is untagged, it will forward it into vlan 1.
After aplying this configuration, port gig 1/0/13 is in up/down ((monitoring) state.
Also, i can't reach my VMs behind this port.
Any ideas?
10-12-2017 01:33 AM
10-12-2017 04:44 PM
10-12-2017 10:39 PM
Hi, all!
Thanks for your replies, i will check it and inform you about results.
You wrote
Once you configure the above commands, the port can be used as a normal access port (while it still works as destination port).
But even with this command, port will be in up/down state, correct?
10-13-2017 03:27 AM
See the last line here on span dest ports , port will alwayts be up/down in monitoring mode once its set as a destination port
Each local SPAN session or RSPAN destination session must have a destination port (also called a monitoring port) that receives a copy of traffic from the source ports and VLANs.
A destination port has these characteristics:
A destination port must reside on the same switch as the source port (for a local SPAN session).
A destination port can be any Ethernet physical port.
A destination port can participate in only one SPAN session at a time. A destination port in one SPAN session cannot be a destination port for a second SPAN session.
A destination port cannot be a source port.
A destination port cannot be an EtherChannel group.
Note: From Cisco IOS Software Release 12.2(33)SXH and later, PortChannel interface can be a destination port. Destination EtherChannels do not support the Port Aggregation Control Protocol (PAgP) or Link Aggregation Control Protocol (LACP) EtherChannel protocols; only the on mode is supported, with all EtherChannel protocol support disabled.
Note: Refer to Local SPAN, RSPAN, and ERSPAN Destinations for more information.
A destination port can be a physical port that is assigned to an EtherChannel group, even if the EtherChannel group has been specified as a SPAN source. The port is removed from the group while it is configured as a SPAN destination port.
The port does not transmit any traffic except that traffic required for the SPAN session unless learning is enabled. If learning is enabled, the port also transmits traffic directed to hosts that have been learned on the destination port.
10-16-2017 12:07 AM
Well, thank you for help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide