Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8299
Views
0
Helpful
5
Replies

Span ports - multiple sources to single destination port on 3750s

paul.matthews
Level 5
Level 5

‎05-24-2011 04:47 AM - edited ‎03-07-2019 12:39 AM

Guys, I am looking at a requirement to monitor two ports to a single destination port.

The two ports are on different 3750s, so RSPAN would be needed, but one of the ports is on the same switch as the destination port, and I have a nagging thoought that may not be allowed.

So switch 1, source innterface f1/0/1

switch switch 2, source int f1/0/1 target F1/0/4.

On switch one I can go:

vlan123

remote-vlan

mon sess 1 source int f1/0/1

mon sess 1 des rem vlan 123

Switch 2 is this allowed?:

vlan123

remote-vlan

mon sess 1 source int f1/0/1

mon sess 1 des rem vlan 123

mon sess 2 des int f1/0/4

Thanks,

Paul.

Labels:
0 Helpful
5 Replies 5

Antonio Knox
Level 7
Level 7

‎05-24-2011 05:16 AM

There is no need to add vlan 123 to Switch 2 if VTP is running.  The RSPAN vlan is handled just like any other vlan and will be learned by client switches in the same VTP domain.  Use a 2nd monitor session to deliver the RSPAN vlan traffic to your Sniffer.  So, your config should look more like this:

Switch 1:

vlan123

remote-vlan

mon sess 1 source int f1/0/1

mon sess 1 des rem vlan 123

Switch 2:

mon sess 1 source int f1/0/1

mon sess 1 des rem vlan 123

mon sess 2 source rem vlan 123

mon sess 2 dest int fa1/0/4

Please rate if helpful.

0 Helpful

paul.matthews
Level 5
Level 5
In response to Antonio Knox

‎05-24-2011 05:21 AM

Thanks for the suggestion - it was only after submitting and looking a little later I realised the omission I had mad. My concern is more on a 3750, can I span a local port into an rspan VLAN, *and* pull the rspan VLAN out to a destination on the same switch?

0 Helpful

Antonio Knox
Level 7
Level 7
In response to paul.matthews

‎05-24-2011 05:25 AM

Yes, you will be able to accomplish this with no problem on a 3750.

Please rate helpful posts.

0 Helpful

paul.matthews
Level 5
Level 5
In response to Antonio Knox

‎05-24-2011 05:45 AM

Again, thanks fr tat. Looking at the details, I was expecting the source ports to be access ports, b

ut it now appears they are trunks. Is there any issue with spanning a trunk port over

rspan?

0 Helpful

Antonio Knox
Level 7
Level 7
In response to paul.matthews

‎05-24-2011 05:57 AM

You can do this, but I HIGHLY RECOMMEND that you implement vlan filters to it.  If you're monitoring a trunk port to a RSPAN vlan, that RSPAN vlan will pretty much be monitoring itself, which creates a virtual monitoring loop and will eventually hault your switch.  Read up here:

Vlan filtering

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_see/configuration/guide/swspan.html#wp1200141

Configuring Vlan Filtering 3750

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_see/configuration/guide/swspan.html#wp1210225

Please rate if helpful.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card