Solved

ER-SPAN and traffic filtering

Posted on 2009-04-02
5
1,553 Views
Last Modified: 2012-06-27
Hi
We are trying to span traffic from site A to site B.  Site A is a VoIP telephony call centre and site B is a server building where the voice calls must be recorded.  The Cisco floor switches in site A are configured to ER-SPAN the traffic to specific ports in site B, into which are plugged the voice recording servers.  We're using ER-SPAN as its a layer 3 network architecture...this wont be changing.
We set up the SPAN and it sent ALL traffic to site B, and crashed the network.  Ouch.  We need to find a way to restrict or filter the traffic being spanned to be RTP traffic only (just the voice traffic, not someone downloading Shrek 2!)
Limitations with ERSPAN seem to be that we cannot apply an ACL to it, nor can we get the policy based routing right to try filter this traffic.
We're banged our heads together and are stuck!  Any suggestions would be welcomed.
0
Comment
Question by:CasinoAl
  • 3
5 Comments
 

Author Comment

by:CasinoAl
ID: 24047212
I should add that the switches at both ends of this arrangement are Cisco 6500s
thanks
alex
0
 
LVL 32

Expert Comment

by:harbor235
ID: 24056133


What code are you running? With Release 12.2(18)SXD and later releases, for local SPAN, you can configure per-VLAN filtering on destination trunk ports using allowed VLAN lists.

ERSPAN Guidelines and Restrictions

These are ERSPAN guidelines and restrictions:

"Release 12.2(18)SXE and later releases support ERSPAN.

"Release 12.2(18)SXF and later releases support ERSPAN when the router is operating in any switching mode. (CSCec70695)

"Release 12.2(18)SXE and rebuilds support ERSPAN only when the router is operating in the compact switching mode: all modules must be fabric-enabled.

"The following supervisor engines support ERSPAN:

Supervisor engines manufactured with PFC3B and PFC3BXL support ERSPAN.

A WS-SUP720 (a Supervisor Engine 720 manufactured with a PFC3A) can only support ERSPAN if it has hardware version 3.2 or higher. Enter the show module version | include WS-SUP720-BASE command to display the hardware version. For example:

Router# show module version | include WS-SUP720-BASE

 7    2  WS-SUP720-BASE     SAD075301SZ Hw :3.2


To confirm that your supervisor engine supports ERSPAN, enter the show asic-version slot slot_number | include ASIC|HYPERION command for the supervisor engine. For example:

Router# show asic-version slot 1 | include ASIC|HYPERION

Module in slot 1 has 2 type(s) of ASICs

        ASIC Name      Count      Version

         HYPERION          1      (6.0)

harbor235 ;}
   
   
0
 

Author Comment

by:CasinoAl
ID: 24057076
hi
thanks for your comments. We have successfully activated ER SPANing so we know it works.  the tricky bit is that its SPANing ALL traffic on the source switch,  we were trying to filter what's spanned so it is only the RTP streams - this is the VoIP component.

How or where are filters applied?  Is it possible that filtering traffic is simple not compatible with ER-SPAN, or are we just missing the right config item - eg filtering on the ACL, not the VACL etc?

any further comments of course gratefully received!
rgds
alex
0
 
LVL 7

Expert Comment

by:egyptco
ID: 24058704
hi,

you might check this link in ciscowiki: http://supportwiki.cisco.com/ViewWiki/index.php/VACL_Capture_for_Granular_Traffic_Analysis_with_Cisco_Catalyst_6000/6500_Running_Cisco_IOS_Software

in order to filter the traffic you need rather VACL. VSPAN just can't du that.

I'm not quite sure how ER-SPAN is different from VSPAN. it seems it does basically the same but can send the captured traffic over routed network. in any case you might consider to apply PACL on your destination port so you don't need to change your current configuration. just add the needed filtering on port level (no matter this is L2 port you still can apply this special PACL). more info:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/vacl.html

if you manage to make it work you could post some details and/or configuration example. it would be definitely interesting for other readers
0
 

Accepted Solution

by:
CasinoAl earned 0 total points
ID: 24396139
Hi
I'm afriad neither of these solved the issue.  On further escalation direct to Cisco we learned that when employing an ER-SPAN, its not possible to apply a filter or ACL.  I dont understand much about it, but it has to do with GRE tunnels?

We eventually split the network another way so that the ER span picked up and spanned a particular VLAN and the only traffic on that VLAN was voice.

thanks

PS - please can this be marked as "solved by asker?"
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now