Configuring RSPAN on Intermediate Switch
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2015 11:48 AM - edited 03-07-2019 10:04 PM
In above diagram I am trying to configure RSPAN on Cisco 6509 Switch. As it is a intermediate switch, I am not sure how do I configure it.
Can anyone please assist me in configuring the same.
- Labels:
-
Other Switching
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2015 11:59 AM
You can SPAN a vlan or physical port
see config guide for the 6500 series:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/span.html#wp1059942
HTH
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2015 07:39 PM
Thanks for your input Reza
I have already gone through the document.
Where I got confused was using RSPAN, when we have multiple hops.
After going through some documents I have got a solution to use "reflector-port" feature. But my current IOS doesn't support this feature.
For e.g:
6509 Switch is VTP Server & 4500 Switches are VTP Client
----------------------------------------------------
4500 Switch SW1 Configuration
---------------------------------------------------
monitor session 2 source interface f1/3
monitor session 2 destination remote vlan 2
---------------------------------------------------
4500 Switch SW2 Configuration
---------------------------------------------------
monitor session 2 source remote vlan 2
monitor session 2 destination interface f1/3
---------------------------------------------------
6509 Switch Configuration
---------------------------------------------------
vlan 2
remote-span
Not sure what will be be my RSPAN configuration on 6509 Switch.
Please, assist me in configuring the same.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-03-2015 01:26 PM
Here is one completely different approach: you can dedicate one port of every access switch as span target, and connect all those span-target cables to a dedicated "sniffer" switch (this could be a cheap 3500xl-en you have propping a door open, or a 2960X for 1gigE). Then configure the "sniffer" switch to span _all_ ports and send traffic out _one_ port to your analyzer. Whenever you fire-up span on one of the access switches, the analyzer will see it. (*)
BTW, another completely different approach with ERSPAN-capable switches: you can configure the access switch to ERSPAN, and direct the traffic to the IP address of the destination server "C2". Wireshark can see inside the GRE tunnel header to show you the actual sniff traffic (websearch "wireshark decode erspan"). I don't think Catalyst 4506 will do ERSPAN, but 4500X should.
(*)gigamon works too :)
