cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3543
Views
15
Helpful
6
Replies

3560 SPAN session across WAN

averheaghe
Level 1
Level 1

Is it possible to set a SPAN session to monitor a port across the WAN on the 3560?

1 Accepted Solution

Accepted Solutions

Lucien Avramov
Level 10
Level 10

You can monitor a local vlan and SPAN it on a different port of the same switch: that is SPAN.

You can configure Remote SPAN (RSPAN) and that will monitor a port on a switch send it over a vlan to another switch that will read it and send it to an interface. If your vlan goes over a WAN link, that should be fine.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.1_19_ea1/configuration/guide/swspan.html

View solution in original post

6 Replies 6

Lucien Avramov
Level 10
Level 10

You can monitor a local vlan and SPAN it on a different port of the same switch: that is SPAN.

You can configure Remote SPAN (RSPAN) and that will monitor a port on a switch send it over a vlan to another switch that will read it and send it to an interface. If your vlan goes over a WAN link, that should be fine.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.1_19_ea1/configuration/guide/swspan.html

Jon Marshall
Hall of Fame
Hall of Fame

Andrew

If the WAN is routed then unfortunately no you cannot do this with a 3560. The feature you need is called ERSPAN and it is supported on the 6500 switch but not the 3560.

Jon

ERSPAN is to span over GRE, its not on the 3560, as Jon said.

However it depends how is your WAN link. Is it just an mpls type of link that doesnt have GRE encapsulation? That will be for you to find out.

RSPAN is useful to send the SPAN session from a switch to a different switch where your host with the sniffer is located.

To get overview about the 3 features including ERSPAN, this link is handy:

http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SXF/configuration/guide/span.html#wp1059482

It is a typical MPLS WAN. I think RSPAN will do what we need, which is capture the traffic from a voice VLAN on a switch in one location with a capture device in another.

Yes in that case, you should be fine with RSPAN.

It depends on how you move traffic across the MPLS WAN ie. is the same vlan on both side of the MPLS WAN ie. VPLS type setup. If so RSPAN will work.

But if you route across your WAN ie. a vlan in one site is not the same vlan in another site then RSPAN won't work and you would need ERPSAN.

Edit - a typical MPLS network is L3 so RSPAN would not work.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: