You are on page 1of 2

How To Configure RSPAN on Cisco Switch?

Capturing network traffic can be a very effective way of solving complicate issues particularly
when log files are not yielding useful results. One issue typically is the ability to actually
physically perform the capture. Typically you do not have physical access to all devices to setup
a local SPAN instance. In other cases a local SPAN is not possible because all ports are presently
occupied. A wiring closet may not lend its self well to this type of activity either.
To overcome these limitations a Remote or RSPAN can be used. Essentially this is a SPAN
session that writes the output to a specially configured dedicated VLAN. The VLAN spans
multiple switches and can be used to deliver traffic to a system with a network analyzer thats
attached to some other switch in another part of the network.
Ok, lets check out some configuration with the example topology below. The plan is to capture
traffic from Switch1 on port Gi0/1. The traffic will ride the RSPAN VLAN to interface Gi0/48
on Switch2. Our typical data VLAN is VLAN 40 and the RSPAN VLAN is ID 45.
First, create the RSPAN VLAN:
Switch1(config)# vlan 45
Switch1(config-vlan)# remote-span
Switch1(config-vlan)# name RSPAN
Ok, thats it. You will need this on each switch unless of course VTP is propagating this

throughout the switched domain. Now, lets capture traffic and kick it into the RSPAN VLAN.
Switch1(config)# monitor session 5 source interface GigabitEthernet 0/1
Switch1(config)# monitor session 5 destination remote vlan 45
With that completed its now time to jump to the far switch and write the traffic out to our sniffer.
Switch2(config)# monitor session 5 source remote vlan 45
Switch2(config)# monitor session 5 destination interface GigabitEthernet 0/48
Thats all there really is to it. There are a few different options for actually filtering traffic thats
captured in a span session.
Lm th no cu hnh rspan trn cisco chuyn i?
Giao thng mng chim rt c th l mt cch hiu qu ca gii quyt vn phc tp ha
c bit khi cc tp tin ghi lu cha nhng hu ch kt qu. Mt vn thng l kh nng
thc s v th cht thc hin vic bt gi. Thng bn khng c quyn truy cp vo vt l tt c
cc thit b thit lp mt v d chiu di a phng. Trong cc trng hp khc mt chiu di
a phng khng phi l c th bi v tt c cc cng hin ti ang bn rn. Mt dy t c th
khng gip n t phi hot ng kiu ny.
vt qua nhng hn ch mt rspan hay t xa c th c s dng. V c bn y l mt bui
chiu di vit kt xut ti mt c bit cu hnh dnh vlan. The vlan spans nhiu cng tc v
c th c dng giao lu lng truy cp ti h thng mt vi mt b phn tch mngname
l gn b vi mt s chuyn i khc trong mt phn ca mng.
c ri, hy kim tra cu hnh vi mt s mu th d topology bn di. K hoch l bt
c giao thng t switch1 trn cng gi0/ 1. giao thng s ci nga the rspan vlan gi0/ 48 trn
giao din switch2. vlan d liu in hnh ca chng ta l vlan 40 and the rspan vlan l id 45.
u tin, to ra nhng rspan vlan:
Tin trnh cu hnh (switch1)# Vlan 45
Switch1 (config-vlan)# iu khin t xa-chiu di
Switch1 (config-vlan)# Rspan tn
c ri, vy . Anh s cn ci ny trn mi chuyn i tr phi tt nhin vtp l propagating
khp ny i tn min. By gi, hy bt gi giao thng v n vo h thng rspan vlan.
Tin trnh cu hnh (switch1)# Theo di phin chy 5 ngun gigabitethernet 0/1 giao din
Tin trnh cu hnh (switch1)# Theo di t xa n 5 phin chy vlan 45
Vi iu lm xong n by gi l thi gian nhy ti xa chuyn giao thng v vit ra sniffer
ca chng ta.
Tin trnh cu hnh (switch2)# Theo di t xa phin chy 5 ngun vlan 45
Tin trnh cu hnh (switch2)# Theo di phin chy 5 giao din ch gigabitethernet 0/48
l tt c nhng g tht s l n. l mt s ty chn khc nhau thc s lc giao thng
l b bt trong mt bui chiu di