Configuring RSPAN
Configuring RSPAN
This section describes how to configure RSPAN on your switch and it contains this configuration
information:
•
•
•
•
•
•
•
RSPAN Configuration Guidelines
Follow these guidelines when configuring RSPAN:
Note
Since RSPAN VLANs have special properties, you should reserve a few VLANs across your network
for use as RSPAN VLANs; do not assign access ports to these VLANs.
Note
You can apply an output access control list (ACL) to RSPAN traffic to selectively filter or monitor
specific packets. Specify these ACLs on the RSPAN VLAN in the RSPAN source switches.
•
•
•
•
•
•
•
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
55-16
RSPAN Configuration Guidelines, page 55-16
Creating an RSPAN Session, page 55-17
Creating an RSPAN Destination Session, page 55-18
Creating an RSPAN Destination Session and Enabling Ingress Traffic, page 55-19
Removing Ports from an RSPAN Session, page 55-20
Specifying VLANs to Monitor, page 55-21
Specifying VLANs to Filter, page 55-23
RSPAN sessions can coexist with SPAN sessions within the limits described in the
RSPAN Session Limits" section on page
For RSPAN configuration, you can distribute the source ports and the destination ports across
multiple switches in your network.
RSPAN does not support BPDU packet monitoring or other Layer 2 switch protocols.
The RSPAN VLAN is configured only on trunk ports and not on access ports. To avoid unwanted
traffic in RSPAN VLANs, make sure that all participating switches support the VLAN remote-span
feature. Access ports on the RSPAN VLAN are silently disabled.
You should create an RSPAN VLAN before configuring an RSPAN source or destination session.
If you enable VTP and VTP pruning, RSPAN traffic is pruned in the trunks to prevent the unwanted
flooding of RSPAN traffic across the network for VLAN-IDs that are lower than 1005.
Because RSPAN traffic is carried across a network on an RSPAN VLAN, the original VLAN
association of the mirrored packets is lost. RSPAN can only support forwarding of traffic from an
IDS device onto a single user-specified VLAN.
Chapter 55
55-6.
Configuring SPAN and RSPAN
"SPAN and
OL-25340-01