Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
374
Views
0
Helpful
3
Replies

VSPAN/RSPAN multiple copies of the same source traffic

g.schaarup
Level 1
Level 1

‎01-14-2004 03:06 AM - edited ‎03-02-2019 12:52 PM

Hi

I am looking for a way how to VSPAN/RSPAN the same vlan that is configured on several swithes without getting multiple copies of the same source traffic.

Ex.

VLAN 2 is configured sw1, sw2, sw4 and sw4 (and on access switches trunk connected to sw1-4). Switch 1-4 is trunk interconnected. If sw1-4 is configured to monitor vlan 2 as source and destinated to a remote vlan, I guess that I will get severel copies (as many as the sw hops the traffic travels) of the source traffic ?

If so is there a way to filter the monitoring of vlan 2 on the trunks that interconnect sw1-4 (to avoid mulitiple copies of the same source traffic)?

Thanks

Gert Schaarup (gsc@bec.dk)

Labels:
0 Helpful
3 Replies 3

skarundi
Level 4
Level 4

‎01-14-2004 09:39 AM

have you configured VSPAN on a cat6k ?

From URL: http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a008007f323.html

WS-X6k-SUp1a-PFC, WS-X6K-SUP2-PFC2, WS-X6K-SUP2-MSFC2—Two packets are forwarded by the SPAN destination port if the packets get switched on the same VLAN.

If the VSPAN is configured on a cat6k then

to avoid this problem, you could use VACLs

on the RSPAN vlan to block intra-vlan traffic

and thus you don't see that kind of that traffic.

0 Helpful

g.schaarup
Level 1
Level 1
In response to skarundi

‎01-15-2004 07:25 AM

Thanks

But the answer doesnt make any sence to me, how should the VACL be configured to prevent dublicate copies of the source traffic.

Ex.

If sw1 has vlan2 ports assigned and sw1 is trunk connected to sw2 that also has vlan2 ports assigned. If sw1 and sw2 then is configured to monitor vlan2 as source and vlan4 is the remote vlan destination. Then if a vlan2 port on sw1 send traffic/data that has to cross sw1 and sw2 I guess the monitor session on sw1 sends the traffic once and when the the data enter the trunk to sw2 the monitor session on sw2 send the traffic twice (i.e. dublicate copies of the source traffic). How should a VACL be able to prevent this ?

Thanks

Gert Schaarup (gsc@bec.dk)

0 Helpful

skarundi
Level 4
Level 4
In response to g.schaarup

‎01-16-2004 12:13 PM

the vacl will not prevent duplicate copies. it would just block the intra vlan traffic that is been duplicated. So you won't see the intra vlan traffic at all. Only inter vlan traffic.

0 Helpful
Customers Also Viewed These Support Documents