Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1019
Views
3
Helpful
6
Replies

questions about RSPAN

Go to solution
egr1985
Visitor

‎12-18-2025 09:00 AM

My main question is it possible to create an RSPan where source ports are location on sw1 and sw2 with the destination port to a remote collector also resides on sw 2. And two what would the commands be?

what i was thinking was this:

SW1 :

vlan 999 remote-span

monitor session 1 source giga 1/0/1-23

monitor session 1 destination remote vlan 999

sw2:

vlan 999 remote-span

monitor session 1 source giga 1/0/1-23(port 23 would be the trunk between the two switches)

monitor session 1 destination int giga 1/0/24 to remote collector

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
M02@rt37
VIP
VIP
In response to egr1985

‎12-18-2025 09:38 PM

Hello @egr1985 

OK, dont include on Sw1 the Trunk port to your monitor session:

monitor session 1 source interface Gi1/0/1-22
monitor session 1 destination remote vlan 999

On SW2 _ 2 sessions:

monitor session 1 source remote vlan 999
monitor session 1 destination interface Gi1/0/24

monitor session 2 source interface Gi1/0/1-22
monitor session 2 destination interface Gi1/0/24 

Gi1/0/24 where your IDS is plunged.

---

On both Sw:

vlan 999
remote-span

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

6 Replies 6

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni

‎12-18-2025 09:27 AM

Hi,

   Your config on SW1 looks correct, however, on SW2 it should be:

vlan 999
 remote-span
monitor session 1 source remote vlan 999
monitor session 1 destination interface giga 1/0/24

You need one trunk interface between the two switches that allows VLAN 999; additionally, based on traffic volume of VLAN999, would be recommended to have an additional dedicated trunk between the two switches where only VLAN 999 is allowed.

Thanks,

Cristian.

Go to solution
M02@rt37
VIP
VIP

‎12-18-2025 09:43 AM

Hello @egr1985 

On SW2, the trafic coming from Sw1 arrives inside the RSPAN VLAN (999), so SW2 must explicitly declare that vlan as a remote source !

You don't re-SPAN the access ports on SW2 unless you want local traffic from SW2 as well (that would require a second session)...

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Go to solution
egr1985
Visitor
In response to M02@rt37

‎12-18-2025 10:50 AM

yes, thats what i am trying to accomplish. collecting all traffic from all ports on sw1 and sw2 to a remote collector for an IDS

 

0 Helpful

Go to solution
M02@rt37
VIP
VIP
In response to egr1985

‎12-18-2025 09:38 PM

Hello @egr1985 

OK, dont include on Sw1 the Trunk port to your monitor session:

monitor session 1 source interface Gi1/0/1-22
monitor session 1 destination remote vlan 999

On SW2 _ 2 sessions:

monitor session 1 source remote vlan 999
monitor session 1 destination interface Gi1/0/24

monitor session 2 source interface Gi1/0/1-22
monitor session 2 destination interface Gi1/0/24 

Gi1/0/24 where your IDS is plunged.

---

On both Sw:

vlan 999
remote-span

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Go to solution
egr1985
Visitor
In response to M02@rt37

‎12-31-2025 09:01 AM

hello,

when i attempted to put the monitor session 2 on the second switch with the same destination port 1/0/24 it returned "Interface(s) gi1/0/24 already configured as monitor destinations in other monitor sessions

0 Helpful

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni
In response to egr1985

‎01-04-2026 01:00 PM

Hi,

   Use a single RSPAN session, and configure both remote VLAN 999 and additional local interface as source, while keeping interface Gi1/0/24 as destination.

Thanks,

Cristian.

0 Helpful
Customers Also Viewed These Support Documents