Remote port
monitoring using Wireshark
Step 1: Need
to create RSPAN VLAN
SW1(config)# vlan 900
SW1(config-vlan)# remote span
SW1(config-vlan)# end
SW3(config)# vlan 900
SW3(config-vlan)# remote span
SW3(config-vlan)# end
NOTE:
-
The RSPAN Vlan needs to exist
in the Vlan database of the source switch, the destination switch and all
switches in the transit path between them. It also needs to be allowed on all
Trunk ports between the source and destination switches.
-
The RSPAN VLAN cannot be VLAN 1 (the default VLAN) or
VLAN IDs 1002 through 1005 (reserved for Token Ring and FDDI VLANs).
Need to
configure the following commands on the switch which has the Internet port:
#no monitor session 1
#monitor session 1 source
interface fastethernet 0/1
#monitor session 1 destination
remote vlan 900
The source
interface above will be your Internet port that you need to monitor and the
Vlan ID for the remote VLAN will be your newly created RSPAN Vlan.
Then on the
destination switch, i.e. the one you have the host who needs to see the
packets:
#no monitor session 1
#monitor session 1 source remote
vlan 900
#monitor session 1 destination
interface fastethernet 0/10
The source
Vlan will be the RSPAN Vlan and the destination interface will be the port that
you want to output your packets to.
Verify
#Show monitor 1
0 comments:
Post a Comment