Solved

how to capture vlan traffic accross multiple cisco switch stacks

Posted on 2013-12-06
2
721 Views
Last Modified: 2013-12-11
I have a need to span traffic for a particular vlan to a single port on one of my core switches for packet capture purposes.
Currently this vlan traffic propagates throughout the network via trunk connections from the core switch to several cisco switch stacks.  So my question is if I setup a monitor session to capture this specific vlan as a source on the core switch, is it going to be enough to capture all the vlan traffic on the network.   Or, do I need to enable some type of RSPAN?  

thank you.
0
Comment
Question by:FREDARCE
2 Comments
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 39702796
Are you trying to capture traffic on all ports within the VLAN, or all traffic that crosses the VLAN interface? When you monitor a VLAN interface, you only see the traffic that hits that L3 interface. It's really easy to monitor that L3 interface from the same switch that has the L3 interface. If you also want to capture traffic that stays on the VLAN, you are probably looking at RSPAN, which is something I don't have any experience with.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 39702959
No, the switches only route traffic to other switches when they need to. You'd want a span session on each switch, with the vlan's configured in each span session. You can FWD those spans to the core switch, but make sure you add new trunks if the existing ones will be saturated. Look for RSPAN on cisco's site: (as mentioned above)
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_55_se/configuration/guide/swspan.html#wp1317252
-rich
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now