Configuring RSPAN
The earlier "SPAN Ports and Bridging Loops" sidebar
described a situation where in a distributed switch environment an administrator
wants to monitor a set of ports or VLANs spread over several switches. While
approaches described in a sidebar typically work, the best solution in this case
is to use Remote SPAN feature (RSPAN). In short, this approach joins all ports
to be monitored in a special RSPAN VLAN and traffic from this VLAN is
transferred over trunk ports to the destination port, where an IDS is attached.
See Figure 9.7.
In Figure 9.7, switches S1 and S2 are called source
switches. Currently, a switch can have only one RSPAN VLAN configured (this
means it is not possible to have on the same switch two sources for two
different RSPAN sessions).
Switch S3 is an intermediary switch. It does not have the
preceding restrictions on a number of RSPAN VLANS, because it simply forwards
the traffic. Switch S1 also acts as an intermediary switch, forwarding traffic
from host B.
Finally, switch S4 is a destination switch. Some of its ports are
configured as RSPAN destinations. Catalyst 6000 can currently have up to 24
destination ports for RSPAN sessions. All switches are connected via ISL trunks.
STP is running, so loops will be prevented.
The configuration process consists of creating a RSPAN VLAN on
source switches, configuring trunks on intermediary switches (if they are not
already in place) and specifying destination ports on destination switches.
Specific commands used for RSPAN configuration are different in cases of
IOS-based and CatOS Catalyst 4000/6000 switches, so we will describe them
separately.
Sections
Comments (0 posted)
Syndication
