To configure an rspan destination session on another device, associate the destination port with the rspan vlan. Based on some docs ive been reading you need to specify a reflector port. March 2015 configuring system monitoring on avaya ers 4000 series 5. This post describes how to configure span and rspan on cisco catalyst switches. How to analyze traffic with span feature ciscozine ciscozine. To accomplish this you will have to configure the destination vlan across the entire path between the switches. Network administrators can use this feature to troubleshoot any network related issues in the virtual infrastructure and monitor. Dec 30, 2011 a port is told to send a copy of the traffic when it sends andor receives a frame to another port called a destination span port. When source ports are not located on the same switch as the destination port. The span feature was introduced on switches because of a fundamental difference that switches have with hubs. Ciscos remote span is called remote mirroring by hp. Rspan enables you to send traffic sourced from multiple switches across.
Rspan session cannot cross any layer 3 device as rspan is a lan layer 2 feature. To configure an rspan source session on a device, you associate a set of source ports or source vlans with an rspan vlan. Managed switches have a configuration interface webbased or commandline console, which administrators may use to specify the source port s to be mirrored and the destination port, where copy of all packets will be forwarded. Oct 17, 2014 span is important to mirror received or transmitted or both traffic on one or more source ports to a destination port for analysis. Under what circumstances might one want to enable ingress traffic forwarding from the span andor rspan destination port. A port is told to send a copy of the traffic when it sends andor receives a frame to another port called a destination span port. Whereas rspan allows you to decouple the span destination from the span source ports. Is this a port that is physically connected to the another switch, or is this literally just an open port you temporarily lose because the switch uses its buffer for copying the traffic onto the rspan vlan as it leaves the. In order to configure rspan you need to have an rspan vlan, those vlans have special properties and cant be assigned to any access ports.
Below pictures illustrate how port mirroring feature works. Rspan remote switch port analyzer erspan encapsulated remote switch port analyzer to use rspan, you need to have l2 across your two switches where you configure span source and span destination. I recently tried to set up an analyzer vlan to be added to the list of vlans going across this link and configure remote port mirroring. My topology is sw4506 where i want to mirror port to rspan vlan, this switch is connected via trunk port to l3 switch 4510 and from 4510 via trunk to l2 switch 2960, which is my desired rspan destination port gi02. Span switched port analyzer allows you to mirror traffic from a source or multiple sources on a switch to a destination interface or interfaces on the same switch. Make sure your virtual switch supports this scenario and port mirroring configuration on your physical switches based on the scenario. At the switch that contains an rspan destination port, the rspan vlan data is delivered to the rspan port. Catalyst 2960 switch software configuration guide ol860304 23 configuring span and rspan this chapter describes how to configure switched port analyzer span and remote span rspan on the catalyst 2960 switch. Use the command show monitor session 1 to verify your configuration. First, configure an unused port as the reflector port, do not connect anything to this port. When the reflector port is configured as the springboard of cpu tx direction mirroring, it must be configured as a trunk port and allow the rspan vlan data to pass. Parameter description specifies the mirroring or rspan instance number. The no form of the command is used to restore the reflector port to normal port mode.
Port mirroring, also known as span switched port analyzer, is a method of monitoring network traffic. The traffic that is monitored by span is not directly copied to the destination port, but flooded into a special rspan vlan. The native vlan should not be configured as rspan vlan. Unless otherwise noted, the term switch refers to a catalyst 3750x or 3560x standalone switch and to a catalyst 3750x switch stack. This port is usually connected to a network analyzer, such as a switchprobe device, a workstation running a packetcapturing application, or a remote monitoring rmon probe. Cisco configuring the catalyst switched port analyzer. Network engineers or administrators use port mirroring to analyze and debug data or diagnose errors on a. The source port, in access or trunk mode, should not be added to rspan vlan. Quotes provided courtesy of the cisco catalyst 3750x and 3560x switch software configuration guide, release 12. These are the guidelines to configure remote switched port analyzer rspan. Page 12 configuring a layer 2 interface as a privatevlan host port 1211 configuring a layer 2 interface as a privatevlan promiscuous port 12.
Mar 18, 2009 notice the nice keyword remotespan this designates the vlan to be used in an rspan. Do not configure a second monitor session from the rspan vlan. Spanswitch port analyzer rspanremote spanerspanencapsulated rspan used for switchport monitoring port mirroring span destination interface on the same switch rspan destination interface on the another switch lets you copy all traffic from a source port or source vlan to a destination interface. Page 20 default span and rspan configuration 269 configuring local span 2610 span configuration guidelines 2610 creating a local span.
Find answers to setting up rspan on multilayer switch. Feb 08, 20 the remote mirroring capability on vds helps you send traffic from a virtual machine running on one host to a virtual machine on another host for debugging or monitoring purposes. Port mirroring overview, port mirroring terminology, configuration guidelines for port mirroring on the switches. Configuring system monitoring on avaya ethernet routing switch 4000 series release 5. Remote port mirror configuration for juniper exswitch and cisco switch. An rspan vlan cannot be a privatevlan primary or secondary vlan. Id like to know what is the configuration to put in the qfx, so that it will be. Understanding span,rspan,and erspan cisco community. Remote span rspan is used when source ports are not located on the same switch as the destination port. Erspan allows you to monitor traffic across switches without the need for vlan trunks.
A port cannot serve as an rspan source port or rspan destination port while designated as an rspan reflector port. A span source port can be any type of port a routed port, a physical switch port, an access port, a trunk port, an etherchannel port either one physical port or the entire port channel interface, and so on. During the process of defining vlan parameters, you must specify that the new vlan is an rspan vlan by configuring the remotespan vlan configuration command. The idea is to forward traffic from fastethernet 01 on sw1 to fastethernet 01 on sw2. Recording voip traffic via port mirroring orecx will. This feature is similar to the port mirroring capability available on the physical switches. To configure an rspan destination session on another device, you associate the destination port with the rspan vlan. Cisco ios span and rspan cisco catalyst switches have a feature called span switch port analyzer that lets you copy all traffic from a source port or source vlan to a destination interface.
Remote span rspan the previous page describes the configuration of local span, where both the span source and destination exist on the same switch. Configuring system monitoring on avaya ethernet routing switch 4000 series. Any device connected to a port set as a reflector port loses connectivity until the rspan. Jan 30, 2016 configuring rspan on cisco catalyst switches i recently wrote a post on configuring port mirroring span on cisco catalyst switches. Example 1using rspan and vacls on a single switch, page 2 example 2using rspan and vacls on multiple switches, page 5. A common way of capturing network data for monitoring purposes involves the use of switched port analyzer span ports, also called mirroring ports. How to configure span and rspan in cisco catalyst switches. View and download cisco catalyst 3750x software configuration manual online. Remote switched port analyzer rspan this week i had a task in the ipexpert workbook vol 1 to use rspan. With port mirroring enabled, the switch sends a copy of all network packets seen on one port or an entire vlan to another port, where the packet can be analyzed. Instead, use the ca mtp device or a span aggregation tool. Observe how rspans are configured in a standard switched network.
The configuration of your rspan source ports is no different than the. Sep 07, 2017 with that configuration, your port analyzer should be able to see brsw g62 traffic. Implement switch port analyzer span, remote span rspan. Hence, the configuration of reflector port and the destination port are exclusive.
Notice the nice keyword remotespan this designates the vlan to be used in an rspan. Configure the analyzer vlan called remoteanalyzer in this example. Log in to the webbased utility of the start switch and choose advanced in the display mode dropdown list. Below diagram taken from 2016 ciscolive presentation brkarc2011 overview of troubleshooting and packet capturing tools illustrate it. To create a vlan for rspan on cisco ios, you must create the vlan via the configvlan configuration mode, as opposed to using the older vlan database configuration mode. Configure the interface connected to another switch for trunk mode and associate it with the remoteanalyzer vlan. The netfort span port configurator is a free windows application that gives you an easy way to configure span ports on cisco switches quickly and remotely. This can potentially help save time because the network engineer does not have to worry about placing the sniffer on the same switch as the source. As shown in the diagram below, traffic from a monitored vm on host 1 is sent through multiple physical switches to an analyzer vm on. The span port sends the traffic out the line expecting something to hear it. Catalyst 3750x and 3560x switch software configuration. After completing the rspan source session configuration on vds, we will configure the switch s1 and s2 such that mirror traffic is delivered to the analyzer connected on the s2 port. Refer to the configuring span section of configuring span and rspan for more information.
Catalyst switched port analyzer span configuration example. Remote span rspan best practices broadcom tech docs. It can be used to monitor source ports, vlans and destination ports on different switches in your network. Note span traffic can be sent from one network device through other devices using an rspan configuration. The destination port can then be located anywhere in this rspan vlan. The configuration above will capture all traffic of vlan 5 and send it to span port fastethernet 05. Jul 17, 2008 remote switched port analyzer rspan this week i had a task in the ipexpert workbook vol 1 to use rspan. Hello, i have to implement port mirroring, with rspan to collect and monitor. This vlan needs to be trunked to the other switches involved. Stp can run on rspan vlan trunks but not on span destination ports. Catalyst 3560 switch software configuration guide, rel. Understanding port mirroring on ex series switches.
The source port is g218, and the destination is the rspan vlan. Rspan explanation and configuration will be covered in another article. Rspan is an advanced feature that requires a special vlan to carry the monitored traffic and is not supported by all switches. Using rspan and vacls together now we will examine several example network scenarios where rspan and vacls together can be used to achieve. Four computers a, b, c and d are shown on this example. To configure an rspan source session on one network device, associate a set of source ports and vlans with an rspan vlan. Catalyst 2960 and 2960s software configuration guide, 12. Note for complete syntax and usage information for the commands used in this chapter, see the command reference for this release. If the virtual host is on the same physical switch, you need to configure a switch level span. This chapter describes how to configure switched port analyzer span and remote span rspan on the catalyst 3750x or 3560x switch. Port mirroring on a cisco systems switch is generally referred to as switched port analyzer span or remote switched port analyzer rspan. While span is mirroring ports in the same switch, rspan remote span is mirroring ports in one switch to a port in different switch. Analyze traffic on switch ports with span and rspan.
Discover how a span can traverse a switched network using the remote span feature. Here is a snapshot of that interface traffic from our traffic analyzer. To demonstrate rspan i will use a topology with two switches. You can directly send span traffic to a pc running on wireshark even without configuring erspan destination on another. A port or interface on any line card of the switch should be on the same vlan as the sc0 interface of the switch, which is the management interface. Mar 21, 2018 rspan copies the source traffic into a special rspan configured vlan. Understand how the switched port analyser can be used to first identify, and then mirror local switch port traffic over to a capture device for advanced analysis. Configuring system monitoring on avaya ethernet routing. Then in vmware, 4 create a port group using the same vlan number as the rspan vlan. Explore how to configure and implement a standard local span.
Riverbed recommends remote span rspan and encapsulated remote. When you configure a switch port as a reflector port, it is no longer a normal. Span port configurations vary depending upon device and software version. Spanswitch port analyzer rspanremote spanerspanencapsulated rspan used for switchport monitoringport mirroring span destination interface on the same switch rspan destination interface on the another switch lets you copy all traffic from a source port or source vlan to a destination interface. Configuring span on cisco catalyst switches monitor. Span or rspan destination and source session remains inactive until the destination port or source port or rspan vlan becomes active destination port if configuration change is made to the port while it is acting as a span destination, the change does not take effect until the span destination configuration has been removed. The reflector port forwards only the traffic from the rspan source session with which it is affiliated. Span ports switched port analyser ports allow you to mirror local ports or vlans to a local switch port. Configuring the cisco nexus 5000 series for port mirroring. Rspan allows you to monitor ports across a layer 2 domain such as a data centre without needing to have session destinations dotted throughout the data centre. Rspan remote span feature allows traffic that is sourced from a switch to be mirrored to a remote switch within a layer 2 network over trunk ports. When a hub receives a packet on one port, the hub sends out a copy of that packet on a.
The reflector port is the mechanism that copies packets onto an rspan vlan. Remote span rspan allows the span source and destination to exist on different switches. Now, lets create the session to copy traffic to the rspan. Rspan vlans must be configured in vlan configuration mode by using the remotespan vlan. Other vendors have different names for it, such as roving analysis port rap on 3com switches. There are a couple of things we have to configure here. How to configure cisco span rspan erspan with examples. I would like to clarify few things in this blog entry about the port mirroring feature that is available on vsphere distributed switch vds.
Rspan vlans must be configured in vlan configuration mode by using the remotespan vlan configuration mode command. Configure port mirroring when deploying advanced threat. Remote switched port analyzer unlike local span, remote span rspan allows for the span destination port to be anywhere on the layer 2 network. The technology was created by cisco systems as a way to access data transiting their network routing and data center switches. Configure remote switch port analyzer rspan settings on the. Encapsulated remote switch port analyzer erspan is a cisco proprietary technology working at layer 3. If you are using wireshark as the analyzer software you might get the. Jun 25, 2012 i would like to clarify few things in this blog entry about the port mirroring feature that is available on vsphere distributed switch vds. The output of this session is the stream of span packets that are sent to the rspan vlan. Configure rspan with vmware the remote switched port analyzer rspan enables you to monitor traffic on one switch through a device on another switch and then send the monitored traffic to one or more destinations. These ports are typically available from a network routing switch. If the virtual host is on a different switch, you need to configure rspan or erspan.
1344 1119 60 1327 980 56 387 399 401 806 1427 644 856 836 624 1182 475 154 980 1189 1085 1179 522 1043 295 760 149 192 1293 838 727 814 524 1037 123 1300 315 195 1305 1148 1435