Using RSPAN to watch a VLAN

Answered Question
May 24th, 2010
User Badges:

I have a switch in building A.  We want to capture all the audio traffic and send it to a switch in Building B.  Can I do that?


It seems simple enough to create the RSPAN VLAN, and reflector port.

Can I say "monitor session 1 source vlan 5" and then "monitor session 1 dest remote vlan 22 reflector-port fa0/21"

Cisco 3560s


The Cisco docs seem a little grey on this matter, but I've had a long day, so it may be my grey cells malfunctioning!!


I know I can monitor ALL traffic from those ports, but just trying to be efficient tells me I don't want the data traffic from the data VLAN, just the VOIP stuff.


Thanks.

Correct Answer by Jon Marshall about 7 years 3 days ago

townofnewmarket wrote:


Yes, but I guess my bigger question is this:


Both buildings (in fact several buildings all connected via fiber) have a VLAN 5 for voice.  So if I do this, even though I am doing it on Building A's switch (issuing the monitor session command), I would be grabbing all traffic from VLAN 5 (all switches) and forwarding it to the reflector port, wouldn't I?  Which would not be what I want, so I would probably go back to just mirroring all data.


Am I correct in that assumption?


No, you will be grabbing the vlan 5 traffic off the switch in building B and sending it to the switch in building A.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Mon, 05/24/2010 - 12:49
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

townofnewmarket wrote:


I have a switch in building A.  We want to capture all the audio traffic and send it to a switch in Building B.  Can I do that?


It seems simple enough to create the RSPAN VLAN, and reflector port.

Can I say "monitor session 1 source vlan 5" and then "monitor session 1 dest remote vlan 22 reflector-port fa0/21"

Cisco 3560s


The Cisco docs seem a little grey on this matter, but I've had a long day, so it may be my grey cells malfunctioning!!


I know I can monitor ALL traffic from those ports, but just trying to be efficient tells me I don't want the data traffic from the data VLAN, just the VOIP stuff.


Thanks.


If you have L2 adjacency between your 2 buildings then yes you could use RSPAN to send all the vlan 5 traffic to a destination port on a switch in building A. Is this what you are asking ?


Jon

townofnewmarket Mon, 05/24/2010 - 13:35
User Badges:

Yes, but I guess my bigger question is this:


Both buildings (in fact several buildings all connected via fiber) have a VLAN 5 for voice.  So if I do this, even though I am doing it on Building A's switch (issuing the monitor session command), I would be grabbing all traffic from VLAN 5 (all switches) and forwarding it to the reflector port, wouldn't I?  Which would not be what I want, so I would probably go back to just mirroring all data.


Am I correct in that assumption?

Correct Answer
Jon Marshall Mon, 05/24/2010 - 13:41
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

townofnewmarket wrote:


Yes, but I guess my bigger question is this:


Both buildings (in fact several buildings all connected via fiber) have a VLAN 5 for voice.  So if I do this, even though I am doing it on Building A's switch (issuing the monitor session command), I would be grabbing all traffic from VLAN 5 (all switches) and forwarding it to the reflector port, wouldn't I?  Which would not be what I want, so I would probably go back to just mirroring all data.


Am I correct in that assumption?


No, you will be grabbing the vlan 5 traffic off the switch in building B and sending it to the switch in building A.


Jon

Actions

This Discussion