Solved: Using RSPAN to watch a VLAN

townofnewmarket · ‎05-24-2010

I have a switch in building A. We want to capture all the audio traffic and send it to a switch in Building B. Can I do that?

It seems simple enough to create the RSPAN VLAN, and reflector port.

Can I say "monitor session 1 source vlan 5" and then "monitor session 1 dest remote vlan 22 reflector-port fa0/21"

Cisco 3560s

The Cisco docs seem a little grey on this matter, but I've had a long day, so it may be my grey cells malfunctioning!!

I know I can monitor ALL traffic from those ports, but just trying to be efficient tells me I don't want the data traffic from the data VLAN, just the VOIP stuff.

Thanks.

Jon Marshall · ‎05-24-2010

townofnewmarket wrote:

Yes, but I guess my bigger question is this:

Both buildings (in fact several buildings all connected via fiber) have a VLAN 5 for voice. So if I do this, even though I am doing it on Building A's switch (issuing the monitor session command), I would be grabbing all traffic from VLAN 5 (all switches) and forwarding it to the reflector port, wouldn't I? Which would not be what I want, so I would probably go back to just mirroring all data.

Am I correct in that assumption?

No, you will be grabbing the vlan 5 traffic off the switch in building B and sending it to the switch in building A.

Jon

View solution in original post

Jon Marshall · ‎05-24-2010

townofnewmarket wrote:

I have a switch in building A. We want to capture all the audio traffic and send it to a switch in Building B. Can I do that?

It seems simple enough to create the RSPAN VLAN, and reflector port.

Can I say "monitor session 1 source vlan 5" and then "monitor session 1 dest remote vlan 22 reflector-port fa0/21"

Cisco 3560s

The Cisco docs seem a little grey on this matter, but I've had a long day, so it may be my grey cells malfunctioning!!

I know I can monitor ALL traffic from those ports, but just trying to be efficient tells me I don't want the data traffic from the data VLAN, just the VOIP stuff.

Thanks.

If you have L2 adjacency between your 2 buildings then yes you could use RSPAN to send all the vlan 5 traffic to a destination port on a switch in building A. Is this what you are asking ?

Jon

townofnewmarket · ‎05-24-2010

Yes, but I guess my bigger question is this:

Both buildings (in fact several buildings all connected via fiber) have a VLAN 5 for voice. So if I do this, even though I am doing it on Building A's switch (issuing the monitor session command), I would be grabbing all traffic from VLAN 5 (all switches) and forwarding it to the reflector port, wouldn't I? Which would not be what I want, so I would probably go back to just mirroring all data.

Am I correct in that assumption?

Jon Marshall · ‎05-24-2010

townofnewmarket wrote:

Yes, but I guess my bigger question is this:

Both buildings (in fact several buildings all connected via fiber) have a VLAN 5 for voice. So if I do this, even though I am doing it on Building A's switch (issuing the monitor session command), I would be grabbing all traffic from VLAN 5 (all switches) and forwarding it to the reflector port, wouldn't I? Which would not be what I want, so I would probably go back to just mirroring all data.

Am I correct in that assumption?

No, you will be grabbing the vlan 5 traffic off the switch in building B and sending it to the switch in building A.

Jon