Cisco RSPAN Question
Ok, can one of you Cisco Gurus straighten me out please? Trying to configure an RSPAN session between 2 devices on 2 switches. The 'source' PC (the one who's traffic I want to see) is on a 3550 switch on fa0/24. The 'destination' PC (my computer running a packet capture) is on a 6509 switch on gi8/38. I've created the RSPAN vlan and its propogated out via VTP. My problem is, I'm not understanding what the 'reflector-port' is. Is that just any empty port on the same switch as the source computer? So my commands are below. on the source switch monitor session 1 source interface fa0/24 tx monitor session 1 destination remove vlan 800 reflector-port fa0/?? on the destination switch monitor session 1 source remote vlan 800 monitor session 1 destination inteface gi8/38 Thanks all and have a happy Turkey Day! *** John C. Kelsey, MCSE Senior Network Analyst DuBois Regional Medical Center (: 814.375.3073 2 : 814.375.4005 *: jckel...@drmc.org mailto:jckel...@drmc.org *** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Cisco RSPAN Question
Reflector-ports need to be configured to be just any empty port on the 3550. RSPAN and SPAN use the ASIC of an available switch port for 'processing power'. Thus, the port you pick *cannot* be in use as the ASIC tied to it will be 'stolen' by the SPAN/RSPAN process. Newer switches have a dedicated ASIC built-in to support SPAN/RSPAN sessions without using a reflector-port, but the older switches require it. Hope this helps! Aaron T. Rohyans Senior Network Engineer CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP, JNCIA-ER DPSciences Corporation 7400 N. Shadeland Ave., Suite 245 Indianapolis, IN 46250 Office: (317) 348-0099 Fax: (317) 849-7134 arohy...@dpsciences.com http://www.dpsciences.com/ From: Kelsey, John [mailto:jckel...@drmc.org] Sent: Wednesday, November 25, 2009 11:26 AM To: NT System Admin Issues Subject: Cisco RSPAN Question Ok, can one of you Cisco Gurus straighten me out please? Trying to configure an RSPAN session between 2 devices on 2 switches. The 'source' PC (the one who's traffic I want to see) is on a 3550 switch on fa0/24. The 'destination' PC (my computer running a packet capture) is on a 6509 switch on gi8/38. I've created the RSPAN vlan and its propogated out via VTP. My problem is, I'm not understanding what the 'reflector-port' is. Is that just any empty port on the same switch as the source computer? So my commands are below. on the source switch monitor session 1 source interface fa0/24 tx monitor session 1 destination remove vlan 800 reflector-port fa0/?? on the destination switch monitor session 1 source remote vlan 800 monitor session 1 destination inteface gi8/38 Thanks all and have a happy Turkey Day! *** John C. Kelsey, MCSE Senior Network Analyst DuBois Regional Medical Center (: 814.375.3073 2 : 814.375.4005 *: jckel...@drmc.org mailto:jckel...@drmc.org *** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Cisco RSPAN Question
Yes, that is extrememly helpful! Thanks so much! *** John C. Kelsey DuBois Regional Medical Center (: 814.375.3073 *: jckel...@drmc.org mailto:jckel...@drmc.org *** -Original Message- From: Rohyans, Aaron [mailto:arohy...@dpsciences.com] Sent: Wednesday, November 25, 2009 11:32 To: NT System Admin Issues Subject: RE: Cisco RSPAN Question Reflector-ports need to be configured to be just any empty port on the 3550. RSPAN and SPAN use the ASIC of an available switch port for 'processing power'. Thus, the port you pick *cannot* be in use as the ASIC tied to it will be 'stolen' by the SPAN/RSPAN process. Newer switches have a dedicated ASIC built-in to support SPAN/RSPAN sessions without using a reflector-port, but the older switches require it. Hope this helps! Aaron T. Rohyans Senior Network Engineer CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP, JNCIA-ER DPSciences Corporation 7400 N. Shadeland Ave., Suite 245 Indianapolis, IN 46250 Office: (317) 348-0099 Fax: (317) 849-7134 arohy...@dpsciences.com http://www.dpsciences.com/ From: Kelsey, John [mailto:jckel...@drmc.org] Sent: Wednesday, November 25, 2009 11:26 AM To: NT System Admin Issues Subject: Cisco RSPAN Question Ok, can one of you Cisco Gurus straighten me out please? Trying to configure an RSPAN session between 2 devices on 2 switches. The 'source' PC (the one who's traffic I want to see) is on a 3550 switch on fa0/24. The 'destination' PC (my computer running a packet capture) is on a 6509 switch on gi8/38. I've created the RSPAN vlan and its propogated out via VTP. My problem is, I'm not understanding what the 'reflector-port' is. Is that just any empty port on the same switch as the source computer? So my commands are below. on the source switch monitor session 1 source interface fa0/24 tx monitor session 1 destination remove vlan 800 reflector-port fa0/?? on the destination switch monitor session 1 source remote vlan 800 monitor session 1 destination inteface gi8/38 Thanks all and have a happy Turkey Day! *** John C. Kelsey, MCSE Senior Network Analyst DuBois Regional Medical Center (: 814.375.3073 2 : 814.375.4005 *: jckel...@drmc.org mailto:jckel...@drmc.org *** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~