What is Remote SPAN? › IOS Commands for RSPAN with VACL

IOS Commands for RSPAN with VACL

• Description - RSPAN VLAN 777

  vlan 777
  remote-span
  

• Interface gigabit ethernet 9/1

  description SA Monitor Interface
  no ip address
  no shut
  

• Interface VLAN 777

  description RSPAN VLAN - Must exist for VACL RSPAN
  no ip address
  shutdown
  

• Interesting TCP traffic ACL

  access-list extended Monitored-TCP
  permit tcp ip any host x.x.x.x 
  permit tcp ip host x.x.x.x any
  […] 
  

• Define VLAN Access-map

  vlan access-map RSPAN-VACL 10
  match ip address Monitored-TCP
  action forward CAPTURE 
  

• Map the VACL to the RSPAN VLAN

  vlan filter RSPAN-VACL VLAN 777
  

• Monitor session 1 captures bidirectional traffic from uplink ports to RSPAN VLAN 777

  monitor session 1 source g1/1,g2/1
  monitor session 1 destination remote vlan 777
  

• Set int g9/1 for capture

  Int g9/1
  switchport capture
  end