Configuring Remote SPAN (RSPAN) for Catalyst 4000 and 6500
| [ LiB ] |
Remote SPAN (RSPAN) takes SPAN one step further by allowing the monitoring of source ports, source VLANs , and destination ports across multiple switches across the network. Traffic for each RSPAN session is carried over an RSPAN VLAN.
To more clearly present the configuration concepts and steps, we go through lab examples for both the Catalyst OS and Catalyst IOS configurations. Refer to Figure 4.3 for the RSPAN configuration examples for both the Catalyst OS and Catalyst IOS lab exercises. The tasks for these exercises are
-
Monitor traffic from VLAN 100 on Switch1.
-
Monitor traffic from VLAN 200 on Switch2.
Figure 4.3. Visual objective for Catalyst OS and Catalyst IOS RSPAN configuration examples.
Catalyst OS RSPAN Configuration Tasks
The steps to configure RSPAN on the Catalyst OS can be summarized as follows :
- Configure an RSPAN VLAN.
- Configure the source switches with the set rspan command.
- Configure the destination switches with the set rspan command.
1. Configure the RSPAN VLAN with the set vlan Command
Use this syntax to configure the RSPAN VLAN with the set vlan command:
switch1> set vlan 1000 rspan switch2> set vlan 1000 rspan
You must configure the RSPAN VLAN on all source, destination, and intermediate switches. The complete syntax for the set vlan command is
set vlan { vlans } { mod/ports } set vlan { vlans } rspan Table 4.3 lists and describes command syntax for the set vlan commands.
Table 4.3. Command Syntax for the set vlan Commands
| Command Syntax | Description |
|---|---|
| vlans | VLAN identifier number; valid values are from 1 to 1000 and 1025 to 4094. |
| mod/ports | Number of the module and ports on the module belonging to the VLAN. |
| rspan | (Optional) Create a VLAN for a remote SPAN. |
2. Configure RSPAN Source Ports or VLANS with the set rspan source Command
Use this syntax to configure RSPAN source ports or VLANS with the set rspan source command:
switch1>(enable) set rspan source 100 1000 switch2>(enable) set rspan source 200 1000
You must configure the ports or VLANs for each switch with ports or VLANs that will be RSPAN sources. The set rspan source command syntax is
set rspan disable source [ rspon_vlan all] set rspan source { src_mod/src_ports } { src_vlans... sc0} { rspan_vlan } [rxtxboth] [multicast{enabledisable}] [filter vlans... ] [create]
Table 4.4 lists and describes the command syntax for the set rspan source commands.
Table 4.4. Command Syntax for the set rspan source Commands
| Command Syntax | Description |
|---|---|
| disable source | Keywords to disable remote SPAN source information |
| rspan_vlan | (Optional) RSPAN VLAN |
| all | (Optional) Keyword to disable all RSPAN source or destination sessions |
| src_mod/src_ports | Monitored ports (RSPAN source) |
| src_vlans | Monitored VLANs (RSPAN source) |
| sc0 | Keyword to specify that the inbound port is a valid source |
| rx | (Optional) Keyword to specify that ingress traffic from the source is monitored |
| tx | (Optional) Keyword to specify that egress traffic from the source is monitored |
| both | (Optional) Keyword to specify that both ingress and egress traffic from the source is monitored |
| multicast enable | (Optional) Keywords to enable monitoring of multicast traffic (egress only) |
| multicast disable | (Optional) Keywords to disable monitoring of multicast traffic (egress only) |
| filter vlans | (Optional) Keywords to monitor traffic on selected VLANs on source trunk ports |
| create | (Optional) Keyword to create a new RSPAN session instead of overwriting the previous SPAN session |
3. Configure RSPAN Destination Port with the set rspan destination command
To configure the RSPAN destination port with the set rspan destination command, use this syntax:
switch1>(enable) set rspan destination 0/8 1000 inpkts enable
Next, you configure the destination switch with a destination port. Again, the keywords inpkts enable allow the destination port on the switch to receive a TCP reset packet from the Sensor. The complete command syntax for the set rspan destination command is
set rspan disable destination [ mod/port all] set rspan destination { mod/port } { rspan_vlan } [inpkts {enabledisable}] [learning {enabledisable}] [create]
Table 4.5 lists and describes the command syntax for the set rspan destination commands.
Table 4.5. Command Syntax for the set rspan destination Commands
| Command Syntax | Description |
|---|---|
| disable destination | Keyword to disable RSPAN destination information |
| mod/port | (Optional) RSPAN destination port |
| all | (Optional) Keyword to disable all RSPAN source or destination sessions |
| rspan_vlan | (Optional) RSPAN VLAN |
| inpkts enable | (Optional) Keyword to allow the RSPAN destination port to receive normal ingress traffic (from the network to the bus) while forwarding the RSPAN traffic |
| inpkts disable | (Optional) Keyword to disable the receipt of normal inbound traffic on the RSPAN destination port |
| learning enable | (Optional) Keyword to enable learning for the RSPAN destination port |
| learning disable | (Optional) Keyword to disable learning on the RSPAN destination port |
| create | (Optional) Keyword to create a new RSPAN session instead of overwriting the previous SPAN session |
Catalyst IOS RSPAN Configuration Tasks
The commands for configuring RSPAN on the Catalyst 4000 and 6500 switches that are running Catalyst IOS software are described in the following sections.
1. Configure an RSPAN VLAN with the vlan Command
Use this syntax to configure an RSPAN VLAN with the vlan command:
Router1(config)# vlan 1000 Router1(config-vlan)# remote-span Router2(config)# vlan 1000 Router2(config-vlan)# remote-span
You must configure the RSPAN VLAN on all source, destination, and intermediate switches. The complete syntax for the vlan command is
vlan { vlan_id } { vlan-range } Table 4.6 lists and describes the command syntax for the vlan command.
Table 4.6. Command Syntax for the vlan Command
| Command Syntax | Description |
|---|---|
| vlan-id | Number of the VLAN. For Supervisor Engine 1, valid values are from 1 to 1005; for Supervisor Engine 2, valid values are from 1 to 4094. |
| vlan-range | Range of configured VLANs. For Supervisor Engine 1, valid values are from 1 to 1005; for Supervisor Engine 2, valid values are from 1 to 4094. |
2. Configure the Source and Destination for the RSPAN Source Session with the monitor session Command
Here is the syntax for using the monitor session command to configure the source and destination for the RSPAN source session:
Router1(config)# monitor session 2 source vlan 100 Router1(config)# monitor session 2 destination remote vlan 1000 Router2(config)# monitor session 2 source vlan 200 Router2(config)# monitor session 2 destination remote vlan 1000
You need to configure both the RSPAN source session and the RSPAN destination session for each switch with ports or VLANs that will be RSPAN sources. The first monitor session command uses the keyword source to configure an RSPAN source of VLAN 100 ingress for the session. The second monitor session command uses the keyword destination to configure RSPAN VLAN 1000 as the destination for the session. The monitor session command syntax is
monitor session session source {{interface type} {{vlan type } [rxtxboth]} {remote vlan rspan-vlan-id }} monitor session session destination {remote vlan rspan-vlan-id}
3. Configure the Source and Destination for an RSPAN Destination Session with the monitor session Command
Use this syntax to configure the source and destination for an RSPAN destination session with the monitor session command:
Router1(config)# monitor session 2 source remote vlan 1000 Router1(config)# monitor session 2 destination interface fastethernet 0/8
The RSPAN VLAN is configured as the source, and a port is configured as the destination. The first monitor session command uses the keyword source to configure the RSPAN VLAN as the source for the RSPAN destination session. The second monitor session command uses the keyword destination to configure a destination port for the session. The monitor session command syntax is
monitor session session source {remote vlan rspan-vlan-id } monitor session session destination {interface mod/number }
 | To configure RSPAN on Catalyst 4000 and 6500 switches running Catalyst IOS, use the vlan command to configure the RSPAN VLAN. Then, use the monitor session command to configure the source and destination for both the RSPAN source session and the RSPAN destination session. |
| [ LiB ] |
