From the course: Cisco CCNP Enterprise: ENCOR v1.1 (350-401) Cert Prep

RSPAN configuration

From the course: Cisco CCNP Enterprise: ENCOR v1.1 (350-401) Cert Prep

Start my 1-month free trial Buy for my team

RSPAN configuration

- [Instructor] If we have a really large enterprise environment with multiple switches, remote span or RSPAN may be our best option for enabling span on the network. This is going to allow the source ports for span to be located on one or multiple remote switches and the destination port can be on a separate switch that's connected to our traffic analyzer. When the traffic is passed between switches, it's going to use a special VLAN called the RSPAN VLAN, which is designated solely for RSPAN traffic. In our topology on screen, you can see that we have two switches connected together by a .1Q trunk. There are two hosts connected to switch one and an additional host connected to switch two. Our traffic analyzer is connected to gig 3/3 on switch one, and what we want to do here is to configure remote span so that we can duplicate data from our connected host on switch two over to our traffic analyzer that's connected to switch one. Now as I said, this requires an RSPAN VLAN to be created dedicated solely for RSPAN traffic. So we're already on switch one, let's go under a global configuration mode and let's create a VLAN, let's say VLAN 100, and now we're under VLAN configuration mode, so let's give this an easily identifiable name as well. Let's say name and I'll call it very simply RSPAN. If we look at our main contextual help options, you're going to see that one of those is the keyword remote-span, and contextual help tells us that this will allow us to specifically identify this as an RSPAN VLAN and we do want to do that, so let me break out of our help command and let me run the command remote-span and I'll hit enter for that. If we exit here and say show vlan remote-span, that's going to show us all of the remote span VLANs that we have designated, which in our case, is only that single VLAN of VLAN 100. Now we need to create this VLAN on our other switch as well, so let's jump over to switch number two, and from here, we'll go under global configuration mode. We'll say VLAN 100, name RSPAN, and we'll designate that as a remote span VLAN with the command remote-span. So that all looks good. We'll break out of there, we'll do a quick show command just to verify that that is in place. We do see our single remote span VLAN, VLAN 100, so that looks good. Let's go back to switch one now, and now we can select our local source and destination ports with pretty much the same commands that we used with our local span configurations. So we'll go under global configuration mode and we'll say monitor session. I'll call that session number one. For the source interface, I want to use gig 0/1 through gig 0/2. We can see that in our topology, we can also see that the traffic analyzer is on gig 3/3, so let's configure that as well. Monitor session 1 destination interface gig 3/3. So basically, we've set up local span on this switch because this is the switch that our traffic analyzer is actually connected to. Now let's do a quick, let me break out of that and we'll do a quick show monitor session 1, and we see that in place, we see that it is capturing on gig 0/1 and 2, the destination port is gig 3/3, so that's good. Let's go over to switch two now and continue our configuration. From here, we'll go under global configuration mode and we can now set our source interface exactly as we do with local span. So we'll say monitor session 1 source interface, and we can see from our topology that it should be gig 0/1, we'll hit enter. Now for the destination, that's going to use a slightly different command because we need to send those replicated packets over our RSPAN VLAN to switch one. So let's say monitor session 1 destination, and let's look at our contextual help. So instead of our interface option that we would typically use with local span, we want to use the remote keyword in this case, followed by the VLAN keyword, and contextual help will tell us that we now need to indicate which VLAN we want to use and of course in our case, that is VLAN 100, and we can hit enter to complete that. Now the show command is slightly different on our remote switch. So here on switch two, let's say show monitor session, and instead of calling out the actual session number, if we look at our help commands, one of those is remote and that's the keyword that we want to use because we are on the remote switch here. And you can see from this output that the remote source is gig 0/1, and that it's going to be copying data in both directions, both incoming and outgoing, and the designation for the data is the RSPAN VLAN, VLAN 100. So now all of our span data is going to cross our trunk link from here on switch two over to switch one, where it will be delivered to the local traffic analyzer on that particular switch. So that's a look at configuring remote span using Cisco Catalyst switches.

Contents