Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
693
Views
0
Helpful
3
Replies

SPAN and ERSPAN C9400

rhap4boyz
Level 1
Level 1

‎08-28-2023 12:00 AM - edited ‎08-28-2023 12:01 AM

We have two sites that we would like to send all mirrored traffic to one of the port on site1 for traffic analysis and monitoring using SPAN and ERSPAN.  SPAN for Site1 and ERSPAN for Site 2.  These core switches are running Catalyst 9400 series.

See attached picture.

1. Can core1 be both destination for SPAN and ERSPAN? Is it possible to have both mirrored traffic going to the same destination port?  If not, is there an alternative way of doing this?

2. We would like to exclude backup traffic going over the WAN from Site 1 to Site 2 to be mirrored.  Backup traffic sits on various VLANs in site 1.  Is it possible to exclude certain traffic from being mirrored by IP addresses?  If not, is there an alternative way of doing this?

Thank you!

Screenshot 2023-08-27 at 11.46.21 PM.png

Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎08-28-2023 12:17 AM - edited ‎08-28-2023 12:18 AM

1. The diagram does not show which one you Like to ERSPAN check the guide lines document :

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-9500-series-switches/218111-verify-span-and-erspan-on-catalyst-9000.html

When you SPAN all the Traffic will be captured as RAW, end side sniffer you can discard what ever traffic you do not want it to save the space.

2. you can create a Exclude the VLAN to if you want to exclude any traffic

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

rhap4boyz
Level 1
Level 1

‎08-28-2023 09:24 PM

Thank you for the quick reply, BB.  SPAN and ERSPAN destination for Site1 and ERSPAN source for Site 2.  I believe SPAN and ERSPAN cannot be configured to the same destination port.  Instead, I was thinking configure both ERSPAN source and ERSPAN destination on the same core at site 1 and have it connect to itself so that both ERSPAN Source for Site 1 and Site 2 can go to the same destination port on site 1.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to rhap4boyz

‎08-29-2023 08:33 AM

If the sniffer device has 2 ports - connect both them to switch and use destinatioin ports different.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Top