cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
236
Views
0
Helpful
2
Replies

SPAN en RSPAN question

gnijs
Level 4
Level 4

Hi all,

I have a question about rspan which i am unable to lab up at this time. the topology is the following:

ACCESS1-----CORE-----ACCESS2

An rspan vlan 300 is defined on all switches and trunks.

Suppose i mirror some ports on the core, to the rspan vlan and then from the rspan vlan to a destination port on the core itself (this may seem strange, but it allows me to apply a vacl on the rspan vlan and filter capture traffic).

Question is: if all mirroring stays local to the core, is the rspan traffic flooded to the access switches or not ?

2 Replies 2

jbrenesj
Level 3
Level 3

I have been asked about this scenario several times.

You are pretty much wanting to do a "local RSPAN" and you want traffic from a local port on the core to be sent out an RSPAN vlan and then be sent back to the core itself. This is not going to work.

I have done several labs trying to find a workaround and the only one I won't recommend.

Use two sessions:

- RSPAN to capture traffic from Access1

- SPAN to capture traffic from the ports on Core

Both sessions will have different destination ports on the Core and you'll plug a hub to both ports and also connect the single monitoring server/device here.

Since a destination port will be up/down (minitoring) it won't accept input frames but if you ever disable the SPAN sessions then you'll create a loop

Once again, it's not recommended.

Wouldn't be easier to get another switch and send traffic from Access1, 2 and core via RSPAN to this new switch that will get traffic from the rspan vlan and send it to one of its ports?

If it is not supported, why does Cisco recommend it in its own SRND ??

Server Farm Security in the Business Ready Data Center Architecture v2.1

See page 7.18 and 7.19

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: