Using RSPAN to watch a VLAN

Answered Question
May 24th, 2010

I have a switch in building A.  We want to capture all the audio traffic and send it to a switch in Building B.  Can I do that?

It seems simple enough to create the RSPAN VLAN, and reflector port.

Can I say "monitor session 1 source vlan 5" and then "monitor session 1 dest remote vlan 22 reflector-port fa0/21"

Cisco 3560s

The Cisco docs seem a little grey on this matter, but I've had a long day, so it may be my grey cells malfunctioning!!

I know I can monitor ALL traffic from those ports, but just trying to be efficient tells me I don't want the data traffic from the data VLAN, just the VOIP stuff.

Thanks.

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 6 years 8 months ago

townofnewmarket wrote:

Yes, but I guess my bigger question is this:

Both buildings (in fact several buildings all connected via fiber) have a VLAN 5 for voice.  So if I do this, even though I am doing it on Building A's switch (issuing the monitor session command), I would be grabbing all traffic from VLAN 5 (all switches) and forwarding it to the reflector port, wouldn't I?  Which would not be what I want, so I would probably go back to just mirroring all data.

Am I correct in that assumption?

No, you will be grabbing the vlan 5 traffic off the switch in building B and sending it to the switch in building A.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Mon, 05/24/2010 - 12:49

townofnewmarket wrote:

I have a switch in building A.  We want to capture all the audio traffic and send it to a switch in Building B.  Can I do that?

It seems simple enough to create the RSPAN VLAN, and reflector port.

Can I say "monitor session 1 source vlan 5" and then "monitor session 1 dest remote vlan 22 reflector-port fa0/21"

Cisco 3560s

The Cisco docs seem a little grey on this matter, but I've had a long day, so it may be my grey cells malfunctioning!!

I know I can monitor ALL traffic from those ports, but just trying to be efficient tells me I don't want the data traffic from the data VLAN, just the VOIP stuff.

Thanks.

If you have L2 adjacency between your 2 buildings then yes you could use RSPAN to send all the vlan 5 traffic to a destination port on a switch in building A. Is this what you are asking ?

Jon

townofnewmarket Mon, 05/24/2010 - 13:35

Yes, but I guess my bigger question is this:

Both buildings (in fact several buildings all connected via fiber) have a VLAN 5 for voice.  So if I do this, even though I am doing it on Building A's switch (issuing the monitor session command), I would be grabbing all traffic from VLAN 5 (all switches) and forwarding it to the reflector port, wouldn't I?  Which would not be what I want, so I would probably go back to just mirroring all data.

Am I correct in that assumption?

Correct Answer
Jon Marshall Mon, 05/24/2010 - 13:41

townofnewmarket wrote:

Yes, but I guess my bigger question is this:

Both buildings (in fact several buildings all connected via fiber) have a VLAN 5 for voice.  So if I do this, even though I am doing it on Building A's switch (issuing the monitor session command), I would be grabbing all traffic from VLAN 5 (all switches) and forwarding it to the reflector port, wouldn't I?  Which would not be what I want, so I would probably go back to just mirroring all data.

Am I correct in that assumption?

No, you will be grabbing the vlan 5 traffic off the switch in building B and sending it to the switch in building A.

Jon

Actions

This Discussion