Chapter 30 Configuring SPAN and RSPAN

Configuring SPAN and RSPAN

You can apply an output ACL to RSPAN traffic to selectively filter or monitor specific packets. Specify these ACLs on the RSPAN VLAN in the RSPAN source switches.

For RSPAN configuration, you can distribute the source ports and the destination ports across multiple switches in your network.

RSPAN does not support BPDU packet monitoring or other Layer 2 switch protocols.

The RSPAN VLAN is configured only on trunk ports and not on access ports. To avoid unwanted traffic in RSPAN VLANs, make sure that the VLAN remote-span feature is supported in all the participating switches.

Access ports (including voice VLAN ports) on the RSPAN VLAN are put in the inactive state.

RSPAN VLANs are included as sources for port-based RSPAN sessions when source trunk ports have active RSPAN VLANs. RSPAN VLANs can also be sources in SPAN sessions. However, since the switch does not monitor spanned traffic, it does not support egress spanning of packets on any RSPAN VLAN identified as the destination of an RSPAN source session on the switch.

You can configure any VLAN as an RSPAN VLAN as long as these conditions are met:

The same RSPAN VLAN is used for an RSPAN session in all the switches.

All participating switches support RSPAN.

We recommend that you configure an RSPAN VLAN before you configure an RSPAN source or a destination session.

If you enable VTP and VTP pruning, RSPAN traffic is pruned in the trunks to prevent the unwanted flooding of RSPAN traffic across the network for VLAN IDs that are lower than 1005.

Configuring a VLAN as an RSPAN VLAN

First create a new VLAN to be the RSPAN VLAN for the RSPAN session. You must create the RSPAN VLAN in all switches that will participate in RSPAN. If the RSPAN VLAN-ID is in the normal range (lower than 1005) and VTP is enabled in the network, you can create the RSPAN VLAN in one switch, and VTP propagates it to the other switches in the VTP domain. For extended-range VLANs (greater than 1005), you must configure RSPAN VLAN on both source and destination switches and any intermediate switches.

Use VTP pruning to get an efficient flow of RSPAN traffic, or manually delete the RSPAN VLAN from all trunks that do not need to carry the RSPAN traffic.

Beginning in privileged EXEC mode, follow these steps to create an RSPAN VLAN:

 

Command

Purpose

Step 1

 

 

configure terminal

Enter global configuration mode.

Step 2

 

 

vlan vlan-id

Enter a VLAN ID to create a VLAN, or enter the VLAN ID of an

 

 

existing VLAN, and enter VLAN configuration mode. The range is

 

 

2 to 1001 and 1006 to 4094.

 

 

The RSPAN VLAN cannot be VLAN 1 (the default VLAN) or VLAN

 

 

IDs 1002 through 1005 (reserved for Token Ring and FDDI VLANs).

Step 3

 

 

remote-span

Configure the VLAN as an RSPAN VLAN.

Step 4

 

 

end

Return to privileged EXEC mode.

Step 5

 

 

copy running-config startup-config

(Optional) Save the configuration in the configuration file.

 

 

 

 

 

Catalyst 3750-E and 3560-E Switch Software Configuration Guide

 

 

 

 

 

 

OL-9775-02

 

 

30-17

 

 

 

 

 

Page 653
Image 653
Cisco Systems 3750E manual Configuring a Vlan as an Rspan Vlan, 30-17