Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

how to capture vlan traffic accross multiple cisco switch stacks

Posted on 2013-12-06
2
Medium Priority
?
760 Views
Last Modified: 2013-12-11
I have a need to span traffic for a particular vlan to a single port on one of my core switches for packet capture purposes.
Currently this vlan traffic propagates throughout the network via trunk connections from the core switch to several cisco switch stacks.  So my question is if I setup a monitor session to capture this specific vlan as a source on the core switch, is it going to be enough to capture all the vlan traffic on the network.   Or, do I need to enable some type of RSPAN?  

thank you.
0
Comment
Question by:FREDARCE
2 Comments
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 39702796
Are you trying to capture traffic on all ports within the VLAN, or all traffic that crosses the VLAN interface? When you monitor a VLAN interface, you only see the traffic that hits that L3 interface. It's really easy to monitor that L3 interface from the same switch that has the L3 interface. If you also want to capture traffic that stays on the VLAN, you are probably looking at RSPAN, which is something I don't have any experience with.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 2000 total points
ID: 39702959
No, the switches only route traffic to other switches when they need to. You'd want a span session on each switch, with the vlan's configured in each span session. You can FWD those spans to the core switch, but make sure you add new trunks if the existing ones will be saturated. Look for RSPAN on cisco's site: (as mentioned above)
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_55_se/configuration/guide/swspan.html#wp1317252
-rich
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question