Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
0
Helpful
3
Replies

About RSPAN question

HWangLoyalty_2
Level 1
Level 1

‎05-13-2009 01:04 PM - edited ‎03-06-2019 05:43 AM

I want to capture packets between two servers belonged to different VLAN. Two servers are connected to different access switch Cat3750, and those access switches are connected directly Cat6500. I think I have to run RSPAN between three switches.

Please check the following configuration:

Switch 3750A:

vlan 22

remote-span

!

!

monitor session 1 source interface gigabitethernet1/0/2(connect to ServerA)

monitor session 1 destination remote vlan 22

Switch 3750B:

vlan 22

remote-span

!

!

monitor session 1 source interface gigabitethernet2/0/2(connect to ServerB)

monitor session 1 destination remote vlan 22

Switch Cat6500

vlan 22

remote-span

monitor session 1 source remote vlan 22

monitor session 1 destination interface Gi3/15 (connect to monitoring server)

My questions is:

a. How to guarantee we only receive the traffics between two servers on the monitoring server?

b. Do I have to remove VLAN 22 from the trunk interface connected to Cat6500?

Please advice! Thanks a lot

Labels:
0 Helpful
3 Replies 3

whitbych1
Level 1
Level 1

‎05-15-2009 02:19 PM

To answer your first question. You will not be able to guarantee you only receive traffic between the two servers. With the configuration you're displaying, you are mirroring all traffic going to and from the specified interfaces to your remote vlan. You will need a tool like wireshark to filter the source and destination IPs to only view traffic between the two servers exclusivel.

I don't fully understand your second question.

0 Helpful

whitbych1
Level 1
Level 1

‎05-15-2009 02:20 PM

To answer your first question. You will not be able to guarantee you only receive traffic between the two servers. With the configuration you're displaying, you are mirroring all traffic going to and from the specified interfaces to your remote vlan. You will need a tool like wireshark to filter the source and destination IPs to only view traffic between the two servers exclusively.

I don't fully understand your second question.

0 Helpful

HWangLoyalty_2
Level 1
Level 1
In response to whitbych1

‎05-19-2009 05:27 AM

Thanks for your suggestion.

I already used VACL to complete packet capture.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card