RSPAN config on SWITCH
Remote SPAN (RSPAN): An extension of SPAN called remote SPAN or RSPAN. RSPAN allows you to monitor traffic from source ports distributed over multiple switches, which means that you can centralize your network capture devices. RSPAN works by mirroring the traffic from the source ports of an RSPAN session onto a VLAN that is dedicated for the RSPAN session. This VLAN is then trunked to other switches, allowing the RSPAN session traffic to be transported across multiple switches. On the switch that contains the destination port for the session, traffic from the RSPAN session VLAN is simply mirrored out the destination port.
Configuring RSPAN:
configure RSPAN you need to have an RSPAN VLAN, those VLANs have special properties and can’t be assigned to any access ports. To create a VLAN for RSPAN on Cisco IOS or IOS XE , you must create the VLAN via the config-vlan configuration mode, as opposed to using the older VLAN database configuration mode. During the process of defining VLAN parameters, you must specify that the new VLAN is an RSPAN VLAN by configuring the remote-span VLAN configuration command
SW1
SW1# configure terminal
(config)# vlan 100
(config-vlan)# remote-span
# show vlan remote-span
You will see VLAN 100
interface GigabitEthernet0/1
description SERVER-Source
switchport access vlan 10
switchport mode access
spanning-tree portfast
interface GigabitEthernet0/0
description SW1-SW2-TRUNK
switchport trunk allowed vlan 10,100
switchport mode trunk
monitor session 1 source interface gi0/1
monitor session 1 destination remote vlan 100SW2
SW2# configure terminal
(config)# vlan 100
(config-vlan)# remote-span
# show vlan remote-span
You will see VLAN 100
interface GigabitEthernet0/1
description WIRESHARK-PC
interface GigabitEthernet0/0
description SW2-SW1-TRUNK
switchport trunk allowed vlan 10,100
switchport mode trunk
monitor session 1 source remote vlan 100
monitor session 1 destination interface gi0/1
verification :
#sh monitor session 1