Basic rspan configuration rspan remote span feature allows traffic that is sourced from a switch to be mirrored to a remote switch within a layer 2 network over trunk ports. The reflector port forwards only the traffic from the rspan source. If the type is remote vlan, the selected port is a reflector port. Configure remote switch port analyzer rspan settings on the. Recording voip traffic via port mirroring orecx will. How to analyze traffic with span feature ciscozine. Span or rspan destination and source session remains inactive until the destination port or source port or rspan vlan becomes active destination port if configuration change is made to the port while it is acting as a span destination, the change does not take effect until the span destination configuration has been removed. The reflector port is the mechanism that copies packets onto an rspan vlan. The span feature was introduced on switches because of a fundamental difference that switches have with hubs.
I tried setting port 02 to disabled under spanning tree cst port options but it didnt fix it. Any device that is connected to a port that is set as a reflector port loses connectivity until the rspan source session is disabled. During the process of defining vlan parameters, you must specify that the new vlan is an rspan vlan by configuring the remotespan vlan configuration command. Span feature is used in layer 2 networks is a very good tool for. Remote analyzer works by configuring a local analyzer on each and every ex connected by a trunk cannot use access ports. Span session is always used with an fwsm in the catalyst 6500 chassis. It is a way of donating asics to the cause of rspan. This topic contains 8 replies, has 2 voices, and was last updated by rga 10 years, 8 months ago. This is an actual physical port set to loopback mode. By defining reflector port switch will use this ports resources. Span how to easy configure span on cisco switch and port monitor on hp.
The idea is to do a rspan destination of vlan 400 out a reflector port fa02 to my esxi server running a ids server. Hi, i am trying to configure rspan on my cisco switches to accomodate a websense deployment. Configuring rspan on a 2950 796 the cisco learning. Cisco switch uses a reflector port, but its merely to generate the mirror traffic. How to configure cisco span rspan erspan with examples. Span is important to mirror received or transmitted or both traffic on one or more source ports to a destination port for analysis. This topic includes two related examples that describe how to mirror traffic entering ports on the switch to an analyzer vlan so that you can perform analysis using a remote device. It captures the entire config without the more entries and having to hit the. When i go to add another switch to the rspan vlan 400 the trunk port from my first switch to my second switch errdisables. First, configure an unused port as the reflector port, do not connect anything to this port. A port used as a reflector port cannot be a span source or destination port, nor can a port be a reflector port for more than one session at a time.
On a previous setup, the firewall was connected to a cisco sg30010 10gigabit managed swtich. Hello everyone, i would like assitance in recreating an rspan vlan on an m410050g switch. Quotes provided courtesy of the cisco catalyst 3750x and 3560x switch software configuration guide, release 12. Configuring the cisco sgxxx series for port mirroring. In order to redirect copies of the monitored traffic onto the rspan vlan for transport to the destination switch, enter the following commands. Ex switch remote port mirror for analyzing network traffic.
Select the vlan to be used to copy traffic to another device this vlan should be the same as the vlan defined in the rspan vlan id field. The network consists of 3 x cisco switches, 2 of them are 2950s running standard image software sw2 and sw3 and one is a 3560 sw1. Spanningmirroring ports is a very useful tool for troubleshooting. So you can take any free port on the switch for this, you cant use that port for anyhing else when the monitor session is enabled on it. Reflector port a port that copies packets onto an rspan vlan.
The reflector port is responsible for copying the span traffic onto the rspan vlan. When you configure a switch port as a reflector port. How to configure span and rspan in cisco catalyst switches. The traffic for each rspan session is carried over a userspecified rspan vlan that is dedicated for that rspan session in all participating switches. This article describes how to configure remote switched port analyzer rspan vlan when there is a need to capture packets flowing on two or more ports on the ex2300, ex3400, and ex4300 switches. A reflector port will now be configured on the rspan source switch. Cisco configuring the catalyst switched port analyzer.
The switched port analyzer span feature, which is sometimes called port mirroring or port monitoring, selects network traffic for analysis by a network analyzer. Cisco rspan between 2950 and 3560 solutions experts exchange. Rspanstpmaybe issue on edgeswitches ubiquiti community. Is this a port that is physically connected to the another switch, or is this literally just an open port you temporarily lose because the switch uses its buffer for copying the traffic onto the rspan vlan as it leaves the. Configuring rspan on cisco catalyst switches i recently wrote a post on configuring port mirroring. If you have a trunk connecting two switchs u shouldnt configure the reflector port on that interface trunk. The native vlan for loopedback traffic on a reflector port is the rspan vlan. Configure a monitor session on the switch with the source ports and designate one of its ports as a reflector port.
Im attempting to configure rspan and cannot seem to get it running in accordance with the official book. Whether or not you need a reflector port depends on the switch hardware. On the switch that contains the destination port for the session, traffic from the rspan session vlan is simply mirrored out the destination port. Understanding span,rspan,and erspan cisco community.
We have a firewall that we are monitoring network traffic on. Any device connected to a port set as a reflector port loses connectivity until the rspan source session is disabled. Vtp does work with the rspan vlan, it will propogate it to all switches assuming it was. Make sure that the reflector port is a trunk port which allows the rspan vlan switch mode trunk allows all vlans by default. Rspan vlans must be configured on both start and final switches in vlan configuration mode by using the remotespan vlan configuration mode command, or follow the instructions below.
In the world of network monitoring, span and rspan are useful features that can be implemented on cisco switches. Managed switches have a configuration interface webbased or commandline console, which administrators may use to specify the source port s to be mirrored and the destination port, where copy of all packets will be forwarded. Configure remote switch port analyzer rspan settings on. The traffic from the port you want to monitor has to be copied somewhere and the 3550 does that to the reflector port. Below pictures illustrate how port mirroring feature works. Most notably, on page 27 where it has at the bottom of the very first section on idfsyr1 monitor session 3 destination remote vlan 199 both my 2950 and my 3550 force me to add reflector port following that. The reflector port is the mechanism that you use to copy packets onto an rspan vlan. So all the copied data comes back in and ends up on the rspan vlan. Log in to the webbased utility of the start switch and choose advanced in the display mode dropdown list. Four computers a, b, c and d are shown on this example. This article provides instructions on how you can configure rspan on your. These two features provide the ability to transparently monitor by copying select ingress traffic, while allowing the switch to continue to forward the original traffic as normal.
In order to configure rspan you need to have an rspan vlan, those vlans have special properties and cant be assigned to any access ports. While span is mirroring ports in the same switch, rspan remote span is mirroring ports in one switch to a port in different switch. To create a vlan for rspan on cisco ios, you must create the vlan via the configvlan configuration mode, as opposed to using the older vlan database configuration mode. Usually when we admin a network, we need to know what are the protocols used more frequently, and why not, discover if someone are using improper p2p software. The default configuration for local span session ports is to send all packets. A port cannot serve as an rspan source port or rspan destination port while designated as an rspan reflector port. Select port or vlan as the source port or source vlan if port is selected, set the source ports for the mirrored traffic and the. Span how to easy configure span on cisco switch and port.
Under what circumstances might one want to enable ingress traffic forwarding from the span andor rspan destination port. This example shows how to clear any existing rspan configuration for session 1, configure rspan session 1 to monitor multiple source interfaces, and configure the destination rspan vlan and the reflector port. Ciscos remote span is called remote mirroring by hp. Span and rspan on cisco switches infosecmonkey blog site. Spanswitch port analyzer rspanremote spanerspanencapsulated rspan used for switchport monitoring port mirroring span destination interface on the same switch rspan destination interface on the another switch lets you copy all traffic from a source port or source vlan to a destination interface. This post describes how to configure span and rspan on cisco catalyst switches. When you configure a switch port as a reflector port, it is no longer a normal. Port channel is not an option for rspan destination reflector port jump to solution i believe that the reflector port has the same behavior as a destination port and automatically has spanning tree disabled once placed in this role. The reflector port is the mechanism that copies packets to an rspan vlan. The reflector port forwards only the traffic from the rspan source session with which it is affiliated. Remote span rspan is used when source ports are not located on the.
Select the port or link aggregation group lag to be connected to another device source type. Youll find some more detailed information in the documentation. Remote switched port analyzer rspan this week i had a task in the ipexpert workbook vol 1 to use rspan. Rspan rspan configuration is relatively simple and builds upon existing span functionality and configuration syntax. To accomplish this you will have to configure the destination vlan across the entire path between the switches. Catalyst switched port analyzer span configuration example. Find answers to setting up rspan on multilayer switch. Span switched port analyzer its a great tool when you need to troubleshoot something in your network. It can be used to monitor source ports, vlans and destination ports on different switches in your network. As shown in the diagram below, traffic from a monitored vm on host 1 is sent through multiple physical switches to an analyzer vm on. Just make sure that rspan vlan is configured in all switches and u configured the reflector port in an unused port on the remote switch.