Re: SPAN on 3560s, RSPAN instead?

erik.kneebone · ‎11-08-2007

Need a little help with this since I am not too familiar with RSPAN. Here is the situation in a nutshell. We have a Voice and Data network over multiple 3560 switches configured with several VLANs as follows:

VLAN 2 - Voice

VLAN 3 - Data

VLAN 10 - Voice

We use an IPCC recording server attached to the second switch to record calls on VLAN 10 (hence the two voice VLAN's). The phones that are on VLAN 10 are spread out between all 5 switches. The port on the second switch is tagged to VLAN 20 and is the only port on VLAN 20. Currently I have the monitor setup on Switch 1 as follows:

#show monitor

Session 1

---------

Type : Remote Source Session

Source VLANs :

Both : 10

Dest RSPAN VLAN : 20

monitor session 1 source vlan 10

monitor session 1 destination remote vlan 20

The problem is two fold. Not all of the phones on VLAN 10 are able to be recorded on the server. We are also able to record some of the phones from VLAN 2 even though they should not be able to.

Its been suggested that doing this via RSPAN would fix the problem. If thats the case then what should the RSPAN config look like?

Thotsaphon Lueangwattanaphong · ‎11-08-2007

Hi Erik

I would recommend using rspan in your case.

Firstly you need the remote vlan ,let's say vlan 99.

Let Switch1 has many ip phones(vlan 10) on it.

Let Switch2 has many ip phones(vlan 10) and voice recorder(vlan 2) on it.

In case you've already known what the port is connected by the voice recorder. let's say f0/20(vlan2)

On first switch :

monitor session 1 source vlan 10

monitor session 1 destination remote vlan 99

On second switch :

monitor session 1 source vlan 10

monitor session 1 destination remote vlan 99

monitor session 2 source remote vlan 99

monitor session 2 destination interface fa0/20

To make sure that you do add vlan 99 on both of switches.

Hopes this works. Not just for 2 switches ;-)

Thot

erik.kneebone · ‎11-08-2007

When you say VLAN 100 do you mean VLAN 99?

From what I am gathering the basic config for all the switches where the destination port/vlan is not on would be as follows:

create vlan 99 with:

vlan 99

remote-span

then setup the monitor:

monitor session 1 source vlan 10

monitor session 1 destination vlan 99

On the switch where the destination would be is:

create vlan 99 with:

vlan 99

remote-span

then setup the monitor:

monitor session 1 source vlan 10

monitor session 1 destination vlan 99

then setup the second monitor:

monitor session 2 source vlan 99

monitor session 2 desination interface fa0/20

By doing it that way I basically get ride of vlan 20 that I was using before in favor of a specific port.

erik.kneebone · ‎11-09-2007

Can someone confirm my above config example?

kc4ixi · ‎12-06-2007

I am trying to do the same thing for voice recording. Did your above config work?

cisco_lad2004 · ‎12-07-2007

Source Switch:

create vlan 99 with:

vlan 99

remote-span

!

monitor session 1 source vlan 10

monitor session 1 destination vlan 99

Destination Switch:

create vlan 99 with:

vlan 99

remote-span

!

monitor session 1 source vlan 99 <== u carried SPAN traffic from source on this VLAN

monitor session 1 desination interface fa0/20 <== Sniffer port.

make sure Vlan 99 is trunked from source to destination and dedicated for SPAN only.

HTH

Sam