Operating instructions
166 Cisco Systems Intelligent Gigabit Ethernet Switch Module
Step 2.2:
Configure VLAN
and trunking options
.
All desired VLANs were
already created as part of the
base configuration, and IP
addresses were added at
that time. This step sets up
the aggregated links created
in step 2.1 to be 802.1Q
trunks and allows the desired
VLANs to be carried.
Note the different VLANs on
the different aggregations. As
noted previously, controlling
VLANs is considered a good
security practice (although it
might increase the amount of
work for network
administrators).
int port-channel 2
description EtherChannel to CIGESM1
switchport trunk encapsulation dot1q
switchport trunk native vlan 2
switchport trunk allowed vlan
2,10,15,30,35,40,45,50,500
switchport mode trunk
spanning-tree guard root
Note: Configuring root guard on the port
channel interface between 6500s and the
Cisco Systems IGESMs will help to
ensure stability in your network.
Also note that the addition of VLAN 500
above to the allowed VLANs was only
done on the 6500-1 to support the
demonstration of RSPAN.
int g2/28
description Trunk to CIGESM2
switchport trunk encapsulation dot1q
switchport trunk native vlan 2
switchport trunk allowed vlan
2,10,15,20,25,30,35,40,45,50
switchport mode trunk
spanning-tree guard root
int port-channel 2
description EtherChannel to CIGESM2
switchport trunk encapsulation dot1q
switchport trunk native vlan 2
switchport trunk allowed vlan
2,20,25,30,35,40,45,50
switchport mode trunk
spanning-tree guard root
Note: Configuring root guard on the port
channel interface between 6500s and the
Cisco Systems IGESMs will help to
ensure stability in your network.
int g2/28
description Trunk to CIGESM1
switchport trunk encapsulation dot1q
switchport trunk native vlan 2
switchport trunk allowed vlan
2,10,15,20,25,30,35,40,45,50
switchport mode trunk
spanning-tree guard root
end
Step 2.3:
Configure to
support the RSPAN VLAN as
defined on CIGESM1
.
For test purposes, a sniffer
will be placed on g2/2 to
capture traffic to port g0/1 on
CIGESM1 (as defined in step
3).
vlan 500
remote-span
monitor session 5 source remote vlan
500
monitor session 5 destination
interface g2/2
int g2/2
no shutdown
end
The two monitor commands listed above
are wrapped in this document and should
be each on their own line.
The use of VLAN 500 as the RSPAN
VLAN is defined on CIGESM1 in an
upcoming step. The VLAN selection, the
selection of the
session to use, and the
selection of g2/2 as the destination port
were all arbitrary.
For this example, we will only be
showing an RSPAN from CIGESM1 to
6500-1
Description and comments On the 6500-1 On the 6500-3