cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
584
Views
0
Helpful
3
Replies

Multiple Span port

NGeo171
Level 1
Level 1

Hello Team,

 

I have a network where i have to do RSPAN port configuration to monitor traffic. The network is very big so we are doing RSPAN from each location  ( 25 switch altogether)  and move it towards an aggregation switch and then from there i want to forward it to an IDS (different vendor for OT technology). 

 

My question is if i do a RSPAN port config on switch A and switch B (in figure), will Aggregation switch be able to send the RSPAN data information to the IDS if i configure RSPAN on Aggregation switch as well.

 

Will i need any extra config on Aggregation switch ? and will this aggregation switch be able to forward all the RSPAN information to the IDS as all RSPAN ports from 25 switches (25 ports) are terminating on Aggregation Switch. Will this work ? 

 

In short,

25 RSPAN ports terminating on Aggregation switch --> RSPAN it again to IDS , will this work ?

 

Untitled.png

3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

RSPAN will do transport the logs as expected, you want have agg switch also required to Span you need to add source span information to send to IDS

 

here is a good example document :

 

https://blog.ine.com/utilizing-span-and-rspan#:~:text=In%20the%20world%20of%20network,the%20original%20traffic%20as%20normal

 

Note: also look at the product documentation and limitations. (since we do not know the model of the device and IOS running on it)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thank you so much for the reply. Ill go through document.

Here i have multiple span source, all terminating in an aggregation switch, which is then RSPAN to the IDS

Was just thinking How will i be able to add source span information on the IDS because the source will be aggregation switch now. Sorry if am ignorant about this.

 

Thank you.

 

You RSPAN All other devices to Agg Switch ( you can have dedicated VLAN to ship this information)

 

From Agg to IDS should be Local SPAN.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: