We are trying to install a websense server, and need the websense server to see all traffic to and from our firewall. The firewall and the websense server are connected to different switches, so we set up an Rspan session.
Our infrastructure looks like this:
Firewall - conected to port 1/1 of a Catos 6506 Webense - connected to port g0/35 on a 3560
On the 6506: set vlan 200 rspan name Websense state active set rspan source 1/1 200 both session 3 multicast enable
On the 3560: monitor session 3 source remote vlan 200 monitor session 3 destination interface G 0/35 ingress vlan 117
The problem is we are unable to communicate with the Websense server because the ingress isn't working.
GigabitEthernet0/35 is up, line protocol is down (monitoring) Hardware is Gigabit Ethernet, address is 0014.f2ac.eea3 (bia
0014.f2ac.eea3) MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:07, output hang never Last clearing of "show interface" counters 10w5d Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 2000 bits/sec, 2 packets/sec 5 minute output rate 5000 bits/sec, 2 packets/sec 1782422 packets input, 375991157 bytes, 0 no buffer Received 28835 broadcasts (0 multicast) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 8884370 packets output, 1642299926 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped outswitch#show monitor Session 3
--------- Type : Remote Destination Session Source RSPAN VLAN : 200 Destination Ports : Gi0/35 Encapsulation : Native Ingress : Enabled, default VLAN = 117 Ingress encapsulation: Untagged
switch#show run int g0/35 ! interface GigabitEthernet0/35 switchport access vlan 117 srr-queue bandwidth share 10 10 60 20 srr-queue bandwidth shape 10 0 0 0 queue-set 2 mls qos trust cos auto qos voip trust spanning-tree portfast end
I am at a loss. All documentation shows that the ingress command should work, but I am unable to get this working. Please let lend a hand if you have exerience with Rspan or port monitoring.