SPAN on 3560s, RSPAN instead?

Unanswered Question
Nov 8th, 2007
User Badges:

Need a little help with this since I am not too familiar with RSPAN. Here is the situation in a nutshell. We have a Voice and Data network over multiple 3560 switches configured with several VLANs as follows:


VLAN 2 - Voice

VLAN 3 - Data

VLAN 10 - Voice


We use an IPCC recording server attached to the second switch to record calls on VLAN 10 (hence the two voice VLAN's). The phones that are on VLAN 10 are spread out between all 5 switches. The port on the second switch is tagged to VLAN 20 and is the only port on VLAN 20. Currently I have the monitor setup on Switch 1 as follows:


#show monitor

Session 1

---------

Type : Remote Source Session

Source VLANs :

Both : 10

Dest RSPAN VLAN : 20


monitor session 1 source vlan 10

monitor session 1 destination remote vlan 20


The problem is two fold. Not all of the phones on VLAN 10 are able to be recorded on the server. We are also able to record some of the phones from VLAN 2 even though they should not be able to.


Its been suggested that doing this via RSPAN would fix the problem. If thats the case then what should the RSPAN config look like?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
thotsaphon Thu, 11/08/2007 - 08:53
User Badges:
  • Gold, 750 points or more

Hi Erik

I would recommend using rspan in your case.

Firstly you need the remote vlan ,let's say vlan 99.

Let Switch1 has many ip phones(vlan 10) on it.

Let Switch2 has many ip phones(vlan 10) and voice recorder(vlan 2) on it.

In case you've already known what the port is connected by the voice recorder. let's say f0/20(vlan2)


On first switch :

monitor session 1 source vlan 10

monitor session 1 destination remote vlan 99


On second switch :

monitor session 1 source vlan 10

monitor session 1 destination remote vlan 99

monitor session 2 source remote vlan 99

monitor session 2 destination interface fa0/20


To make sure that you do add vlan 99 on both of switches.


Hopes this works. Not just for 2 switches ;-)

Thot



erik.kneebone Thu, 11/08/2007 - 09:16
User Badges:

When you say VLAN 100 do you mean VLAN 99?


From what I am gathering the basic config for all the switches where the destination port/vlan is not on would be as follows:


create vlan 99 with:

vlan 99

remote-span


then setup the monitor:

monitor session 1 source vlan 10

monitor session 1 destination vlan 99


On the switch where the destination would be is:


create vlan 99 with:

vlan 99

remote-span


then setup the monitor:

monitor session 1 source vlan 10

monitor session 1 destination vlan 99


then setup the second monitor:

monitor session 2 source vlan 99

monitor session 2 desination interface fa0/20


By doing it that way I basically get ride of vlan 20 that I was using before in favor of a specific port.

cisco_lad2004 Fri, 12/07/2007 - 12:12
User Badges:
  • Gold, 750 points or more

Source Switch:

create vlan 99 with:

vlan 99

remote-span

!

monitor session 1 source vlan 10

monitor session 1 destination vlan 99


Destination Switch:


create vlan 99 with:

vlan 99

remote-span

!

monitor session 1 source vlan 99 <== u carried SPAN traffic from source on this VLAN

monitor session 1 desination interface fa0/20 <== Sniffer port.


make sure Vlan 99 is trunked from source to destination and dedicated for SPAN only.


HTH


Sam

Actions

This Discussion