I have some confusion regarding any PC running Sniffer software when conneting it to a SPAN or RSPAN destination port.
According to the documentation I read there is always a warning to never connect a span port back into a live network. But isnt the sniffer PC a live PC, since it has an IP address and the span port is an access port part of a vlan?
I have another inquiry regarding the rspan vlan. Is there any harm in defining an rspan vlan but not defining any destination host or connecting a host to a destination port? Will the copied traffic be dropped or copying wont ocur until a host is connected to the destination port?
One last inquiry is whether there is any problem for rspan vlan when the intermediate and destination switches are 2950 but the source is a 6500 IOS.
Regarding your first question, the port we connect to the sniffer(pc) is configured as "destination span port". So, with this configuration, that port is not acting as a access port. For details, refer the following document.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...