cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1257
Views
0
Helpful
3
Replies

Configuring RSPAN on Intermediate Switch

Dulal Ray
Level 1
Level 1

 

In above diagram I am trying to configure RSPAN on Cisco 6509 Switch. As it is a intermediate switch, I am not sure how do I configure it.

 

Can anyone please assist me in configuring the same.

3 Replies 3

Reza Sharifi
Hall of Fame
Hall of Fame

You can SPAN a vlan or physical port

see config guide for the 6500 series:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/span.html#wp1059942

HTH

Thanks for your input Reza

 

I have already gone through the document.

Where I got confused was using RSPAN, when we have multiple hops.

After going through some documents I have got a solution to use "reflector-port" feature. But my current IOS doesn't support this feature.

 

For e.g:

 

6509 Switch is VTP Server & 4500 Switches are VTP Client

 

----------------------------------------------------

4500 Switch SW1 Configuration

---------------------------------------------------

monitor session 2 source interface f1/3
monitor session 2 destination remote vlan 2

 

---------------------------------------------------

4500 Switch SW2 Configuration

---------------------------------------------------

monitor session 2 source remote vlan 2
monitor session 2 destination interface f1/3

 

---------------------------------------------------

6509 Switch Configuration

---------------------------------------------------

vlan 2

 remote-span

 

Not sure what will be be my RSPAN configuration on 6509 Switch.

 

Please, assist me in configuring the same.

Here is one completely different approach:  you can dedicate one port of every access switch as span target, and connect all those span-target cables to a dedicated "sniffer" switch (this could be a cheap 3500xl-en you have propping a door open, or a 2960X for 1gigE).  Then configure the "sniffer" switch to span _all_ ports and send traffic out _one_ port to your analyzer.  Whenever you fire-up span on one of the access switches, the analyzer will see it. (*)

BTW, another completely different approach with ERSPAN-capable switches: you can configure the access switch to ERSPAN, and direct the traffic to the IP address of the destination server "C2".  Wireshark can see inside the GRE tunnel header to show you the actual sniff traffic (websearch "wireshark decode erspan").  I don't think Catalyst 4506 will do ERSPAN, but 4500X should.

(*)gigamon works too :)

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: