Topology is as follows:
R5----SW1----SW2----SW4----R4/R6
R4 and R6 are on VLAN 300, 192.168.250.0/24 subnet
R5 is on VLAN 100, connected to port f0/5 of SW1
Inter-switch links are dot1q trunks
I will set up RSPAN between the switches and use debug ip packet with an ACL to verify.
3550 is the source:
SW4(config)#vlan 999
SW4(config-vlan)#remote-span
SW4(config)#monitor session 1 source vlan 300 rx
SW4(config)#monitor session 1 destination remote vlan 999 reflector-port f0/12
3560 is connected to the monitor:
SW1(config)#monitor session 1 source remote vlan 999
SW1(config)#monitor session 1 destination interface f0/12
On R5 We can verify like this:
R5(config)#access-list 1 permit 192.168.250.4 0.0.0.0
R5(config)#access-list 1 permit 192.168.250.6 0.0.0.0
R5(config)#no service timestamps debug
R5#debug ip packet 1 detail
IP packet debugging is on (detailed) for access list 1
IP: s=192.168.250.4 (Ethernet0/0), d=224.0.0.5, len 80, rcvd 0, proto=89
IP: s=192.168.250.6 (Ethernet0/0), d=224.0.0.5, len 80, rcvd 0, proto=89
IP: s=192.168.250.4 (Ethernet0/0), d=224.0.0.5, len 80, rcvd 0, proto=89
IP: s=192.168.250.6 (Ethernet0/0), d=224.0.0.5, len 80, rcvd 0, proto=89
Here we can see EIGRP packets from VLAN 300, which verifies our monitoring is working. The only place I specified "remote-span" under a VLAN was the source 3550. However, I have read that that this required on all switches that carry the remote-span VLAN.
Let's add a source on SW2, where R2 is plugged into f0/2. We will put it on a different VLAN just to prove it is working:
SW2(config)#int f0/2
SW2(config-if)#sw a v 150
SW2(config)#vlan 999
SW2(config-vlan)#remote-span
SW2(config)#monitor session 1 source interface f0/2
SW2(config)#monitor session 1 destination remot vlan 999
If we jump to R5, we won't see any packets from R2...hmm...oh yeah, the ACL!
R5(config)#access-list 1 permit 192.168.0.2 0.0.0.0
There we go:
IP: s=192.168.0.2 (Ethernet0/0), d=224.0.0.2, len 48, rcvd 0
UDP src=1985, dst=1985
IP: s=192.168.0.2 (Ethernet0/0), d=224.0.0.5, len 88, rcvd 0, proto=89
IP: s=192.168.250.4 (Ethernet0/0), d=224.0.0.5, len 80, rcvd 0, proto=89
IP: s=192.168.0.2 (Ethernet0/0), d=224.0.0.2, len 48, rcvd 0
UDP src=1985, dst=1985
IP: s=192.168.250.6 (Ethernet0/0), d=224.0.0.5, len 80, rcvd 0, proto=89
Looks like we got HSRP packets from R2 and OSPF packets from R4 and R6.
Key things to remember:
-Reflector port needed on 3550
-remote-span command used under the RSPAN VLAN. In this example, I only did it on the source, but I would verify that you need it on all devices with this VLAN.
-To allow destination port to connect back to the network use "ingress" keyword on session destination command
Saturday, January 31, 2009
Subscribe to:
Post Comments (Atom)
the config starts of with SW4 but in the topology there is no SW4
ReplyDeleteThank you Ajaz, it should be SW4 instead of SW3. I updated the post.
ReplyDeleteThank you so much for sharing the topology plus the configurations. But I already forgot how I could connect a switch to a router? In which slot should I put the wiring?
ReplyDeleteIvy
Click here to visit my website.