cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1108
Views
0
Helpful
1
Replies

Forward ERSPAN at the local Router

bander.cisco
Level 1
Level 1

Hello everybody,

I configured erspan on the remote and the local router and it works fine. For sniffing the packets I have to connect the packet sniffer (e.g. wireshark on a laptop) to an interface on the local router (i.e. the destination of the erspan traffic), but I want to connect the packet sniffer to a switch connected to the local router (because I am sitting behind the local switch). The problem is that the local router (a catalyst 6509) allows to forward the erspan traffic only to a hard interface (gigaethernet, tengigaeth) but not to a vlan or loopback. The switch and the local router are of course connected via a trunk, so actually I can configure rspan on the local switch but the problem the packet sniffer will see the whole traffic of the trunk link and not only the desired erspan traffic. Any solutions without crating a new link between the local router and the switch?

1 Reply 1

scrye
Level 1
Level 1

Just a wild guess, wonder if a VACL might help. I have no experience with VACLs, but they seem to be able to do many things ...

Steve

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco