With today’s less expensive and more powerful hardware it should come as no surprise that this functionality is now available on network hardware it’s self. I’ve written about this in the past here. Historically the easiest way to do this was to configure some type of SPAN port on a switch to copy the traffic to your pack capture device. I noticed that in the following case( which is my first post), we just configured without using remote span vlan.One of the most fundamental troubleshooting concepts in all of IT is to capture packets and review the data as it flows over the wire. The RSPAN vlan provides a L2 path between the first and the last switch and allows to carry the captured traffic to the destination port on the destination switch. No access ports should be member of RSPAN Vlan for the same reason in any switch on the path.
To be noted the RSPAN vlan has to be permitted on all trunk links between switches on the path and it has to be an unused dedicated vlan for the special configuration that disables MAC address learning.
It is like if you have removed the destination port and put it in a special state ( to be noted the destination port is considered down (monitoring) by the switch and without additional commands you cannot use it for accessing the network) dedicated to this monitoring task. It is not a problem what Vlan the destination port belongs to as actually it is configured to be the destination of a SPAN session.
In this case you can use RSPAN as no routers are on the path and you have end-to-end L2 connectivity. If not ,How can we monitor traffic using wireshark in above case? If yes, How does Sw1 determine the destination port F1/2 is located on different switch sw3? We wish to capture traffic sw1's f1/1 using wireshark connected to sw3's f1/2. What about if the source port is located on different switch as shown below: Monitor session 1 destination interface FastEthernet1/2 Monitor session 1 source interface FastEthernet1/1 both Here source port and destination port both are on the same switch.I used these commands on sw1 and I was able to capture traffic : I encountered a situation where i had to monitor traffic on a switch port using wireshark as shown below:
0 kommentar(er)
