[c-nsp] ERSPAN
Geyer, Nick
nick.geyer at eds.com
Mon Apr 7 18:54:47 EDT 2008
Hi Everyone,
Just a few quick questions regarding ERSPAN and Wireshark. I have a lab
setup to test this functionality out (two 6509E's with Sup720-3B,
12.2(18)SXF11) however with a laptop connected to the destination mirror
port with Wireshark running, I was unable to see any traffic. Just
hoping someone may be able to provide a few pointers as to where I went
wrong (since I am unable to find many real world example
configurations).
SWITCH-A has a Loopback address of 192.168.100.1/32 and
GigabitEthernet1/47 (source port) is an access port, part of Vlan101.
SWITCH-B has a Loopback address of 192.168.200.1/32 (routed network in
the middle with several hops).
SWITCH-A Configuration:
monitor session 1 type erspan-source
source interface GigabitEthernet1/47
destination
ip address 192.168.200.1
origin ip address 192.168.100.1
erspan-id 1
SWITCH-B Configuration
monitor session 1 type erspan-destination
destination interface GigabitEthernet1/25
source
ip address 192.168.100.1
erspan-id 1
Doing a 'show monitor detail' shows that switch-a is monitoring both rx
and tx on port Gi1/47 and sending the data to 192.168.200.1. The same
command on switch-b shows that the source is 192.168.100.1 and it is
mirroring to port Gi1/25. Doing a 'show interface Gi1/25' shows that the
port is up but line protocol is in a down (monitoring) state.
If anyone can she any extra light on more configuration needed, or if
Wireshark etc needs to be setup in a certain way it would be much
appreciated.
Cheers,
Nick.
More information about the cisco-nsp
mailing list