You can use another monitor session or add another source
for monitor
session
1.
> Hey folks. I'm studying for my security lab, and have
a few questions on
> the correct configuartion of RSPAN.
>
> Given the scenario where there are two trunked
switches, with our IDS
> sensing port configured on Switch 1, and the
requirement that we monitor
> VLAN 10 from both switches, how would we configure
this?
>
> Switch 2 seems straight forward:
>
> vlan 99
> remote-span
> monitor session 1 source vlan 10 rx
> monitor session 1 dest remote vlan 99 reflector-port
fa0/21
>
>
> For Switch 1, my question is what is the proper way to
capture traffic the
> RSPAN VLAN, as well as VLAN 10 on switch 1 and send it
to the destination
> port? Do we need to configure two monitor sessions, or
two sources in one
> session? Should we configure the first session to send
VLAN 10 to the
> RSPAN VLAN, or directly to the sensing port?
>
> For example, we know we need these commands to monitor
the RSPAN:
>
> Switch 1:
>
> monitor session 1 source remote vlan 99
> monitor session 1 destinatino int fa0/10 [IDS Sensing
Port]
>
> The above commands will allow us to view VLAN 10
traffic from Switch 2.
> But how do we view the VLAN 10 traffic from switch 1 as
well?
>
> Sorry to be so picky. I lost pionts on this on my
first attempt, so I'm
> trying to make sure I get it right.
>
> Thanks all!
>
> - Dave
--
Ivan
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7
&i=108975&t=108974
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.
groupstudy.com/list/cisco.html
|