SPAN and RSPAN Configuration

Every switch out of box isolate devices in to their own collision domain that means those devices can only see traffics that is sent to and from them as well as some broadcast traffics. But often times as network administrator we want to keep an eye in to the network because we want to be able to see what really is going on the network so we can pipe the output to any monitoring workstation running a tool like Wireshark to analyze the packets. In order to do that cisco allow us to configure what is known as Switch Port Analyzer session (SPAN) to designate a single or group of source ports and send information out to a destination port. This article gives you a handy way of configuring SPAN and RSPAN.

Configuring Span on the same switch:

Configuring the source monitoring port.

Configuring the destination monitoring port.

SPAN is great when you monitor a port on the same switch. But what happens when you want to monitor on a remote switch, does that mean you have to unplug the device walk down the stairs and plug it on the same switch on the 20th floor. The answer is no. Thanks to the Remote SPAN (RSPAN) we now can monitor a port on any of the switches on our network enviroment while sitting on your chair enjoying our coffee. RSPAN, allows you to create a designated Vlan and flag that Vlan as RSPAN Vlan then you can trunk that vlan to the switch you're monitoring device is on. Here is a handy way of configuring RSPAN.

Configuring RSPAN on diffrent switches:

The first thing you need to do to configure RSPAN is to create a designated vlan that you want to flag that "rspan-vlan", in my case i created vlan 111 on ITmotion-Switch (the switch i want to monitor a port on) and then trunk it to the top switch ITmotion-AdminSwitch.

Finally configure the admin switch to receive the information. Note: depending on your environment you may need to add the vlan on the trunk.