RSPAN using CatOS

Posted by jotfco in Cisco switch

This small guide can be useful if you need to configure the RSPAN session on your Catalyst 6500.In this example we will see how to monitor more than one VLan using the RSPAN vlan. RSPAN has all the features of SPAN plus support for source ports and destination ports distributed across multiple switches, allowing remote monitoring of multiple switches across your network.The traffic for each RSPAN session is carried over a user-specified RSPAN VLAN that is dedicated for that RSPAN session in all participating switches. The SPAN traffic from the sources, which cannot be in the RSPAN VLAN, is switched to the RSPAN VLAN and then forwarded to destination ports configured in the RSPAN VLAN. The traffic type for sources (ingress, egress, or both) in an RSPAN session can be different in different source switches, but is the same for all sources in each source switch for each RSPAN session. Do not configure any ports in an RSPAN VLAN except those selected to carry RSPAN traffic. Learning is disabled on the RSPAN VLAN.


Assume to have a network with many VLANs and a VTP domain. For this example i consider 2 core switches (CAT6506),intermediates switches(various Catalyst) and the final switched (where the user is connected to analize the traffic)

First of all you must configure(on the Core Switch) an RSPAN Vlan that will be propagated by the vtp domain to the other switches:

Switch>(enable) set vlan 36 10.10.36.0 rspan

Then we can configure the RSPAN session:

Switch>(enable) set rspan source 10 36

the vlan 10 is the vlan that must be monitored

Now on the catalyst where we are connected we must configure the Rspan destination:

Switch>(enable) set rspan destination 3/48 36

Specifying the destination port 3/48 (our port) we can monitor the vlan 10 that is carried by the rspan vlan 36.

This operation can be performed for all the vlans on the network, but remember that you can open only one rspan session.So you need to monitor the traffic, disable the source for the vlan and create a new source vlan and restart the process…..

To disable the rspan in source/destination use this commands:

Switch>(enable) rspan disable source all
Switch>(enable) rspan disable destination all

when you have finished to capture the traffic remember to remove the rspan vlan

jotfco

 

About jotfco


View more articles by jotfco

The Conversation

Follow the reactions below and share your own thoughts.

Leave a Reply

You may also like-

Cisco Catalyst SPAN/RSPAN configurationCisco Catalyst SPAN/RSPAN configurationConfiguration for SPAN and RSPAN. SPAN mirrors a port within the same switch, while RSPAN mirrors a port in a remote switch. In CatOS, ... Ten Reasons Why You Should JailbreakTen Reasons Why You Should JailbreakJailbreaking your Apple device frees it from a closed and locked environment. By ripping off the barriers, you can customize your device and run ...