Hello my company is testing out Darktrace packet inspection tool. I have been trying to get Cisco SPAN up and running to allow for testing.
Our home office we have two c2960s setup with SPAN and RSPAN respectively
monitor session 1 source vlan x , y , z
monitor session 1 destination interface g1/0/1
monitor session 1 source vlan x , y
monitor session 1 destination remote vlan z
this configuration works for our home office. My issue is setting up RSPAN on our remote offices. I initially setup RSPAN at a remote site and immediately lost management access to the remote switch. All devices behind the switch were still up and active, we only lost management access of the switch, rebooting the switch resolved the issue.
So I now have a test environment setup in my office to see what went wrong. My current test bench is:
c2960 -> SonicWall TZ 205 <> SonicWall TZ 205 <- c2960
The problems I'm having:
1. RSPAN traffic does not appear to be passing across my firewalls. Since this is a test environment I a policy set on both firewalls to allow WAN to LAN any any, and in reverse LAN to WAN any any. And I can ping between my switches.
2. I have RSPAN setup on SWITCH2 connected to SW2. When I add the remote vlan to SW2, x0:901, I lose management access to the SonicWall, disabling vlan 901 resolves the issue.
I have rebuilt this setup from scratch a few times in the past 2 days and I still get the same results. RSPAN from switch to switch works like it is supposed to but not across L3.
Does any one have any experience in setting this up? Could I get some pointers as where to go from here? Since RSPAN is only vlan tagged traffic and no real destination am I just missing something in the setup to allow for vlan 901 traffic to be forwarded correctly?
We only have c2960s in use so we cannot use ERSPAN.
No comments:
Post a Comment