A remote SPAN (RSPAN) is sourced in the same manner as a traditional SPAN, either from individual ports or all ports in a VLAN. An RSPAN consumes one SPAN session in the same way that a local SPAN does. However, the RSPAN uses a VLAN for a destination instead of an interface.
We do not recommend the use of RSPAN for collecting data across multiple switches. Instead, use Multi-Port Monitor or a SPAN aggregation tool, both of which let you gather data from multiple switches with less risk and more flexibility than RSPAN.
You can an RSPAN with a VACL. With this combination, you can filter traffic before it leaves the switch, without the risk of applying a VACL to a production VLAN.
The preceding illustration shows how data from the source VLANs is copied to a new RSPAN VLAN. The following commands represent the configuration in the illustration:
monitor session 1 source interface gigabitethernet1/28 monitor session 1 destination remote vlan 999
The following illustration shows how a VACL is applied to the RSPAN VLAN.
On the RSPAN VLAN, a VACL captures only the data of interest for Application Delivery Analysis or UC Monitor. Add an ACL to forward only the traffic that is captured. Traffic that is dropped has no impact to the production VLANs. In the diagram, the VACL shown in red is a restrictive ACL that does not capture all traffic. Notice that there is no second ACL to forward all other traffic. Only one monitor session is used. Do not configure a second monitor session from the RSPAN VLAN. The VACL captures all of the data that meets the ACL when the switchport capture command is applied to the interface connected to Application Delivery Analysis or UC Monitor.
|
Copyright © 2013 CA.
All rights reserved.
|
|