In a larger environment, there may be a need to forward mirrored traffic across multiple switches to reach the traffic analyser.
From the source port, the mirrored traffic placed on a special VLAN called a RSPAN VLAN. The RSPAN VLAN acts differently from a regular VLAN.
Any ports that are associated with the RSPAN VLAN to not learn any MAC addresses. This ensures that the port associated with the VLAN does not try to use the port associated with the RSPAN VLAN to transmit data to a host.
Traffic is flooded out of all ports associated with a RSPAN VLAN. This means that the RSPAN VLAN should not be associated with ports that are not trunk ports between the source port and destination port.
To configure the RSPAN VLAN, on each switch that will partake in forwarding the SPAN traffic, configure the VLAN:
vlan 500 name RSPAN remote-span
Next, configure the SPAN on the source switch:
monitor session 10 source interface GigabitEthernet0/1 monitor session 10 destination remote vlan 500
On the destination switch, complete the configuration to mirror the traffic from the VLAN to the destination port
monitor session 10 source remote vlan 500 monitor session 10 destination interface GigabitEthernet0/0
The RSPAN session can be verified with the command show monitor session
Leave a Reply