VLAN and Rule Based Mirroring
This example shows detailed configuration of VLAN with rule based mirroring.
#configure terminal | Enter configure mode. |
(config)#bridge 1 protocol mstp | Configure bridge 1 as MSTP bridge. |
(config)#vlan 101-110 bridge 1 state enable | Configure VLANs |
(config)#interface xe10 | Enter interface mode. |
(config-if)#switchport | Configure interface as a layer 2 port. |
(config-if)#bridge-group 1 | Associate bridge to an interface. |
(config-if)#switchport mode trunk | Configure port as a trunk. |
(config-if)#switchport trunk allowed vlan add 101-110 | Allow VLANs 101-110 on the interface. |
(config-if)#no shutdown | Make interface admin up |
(config-if)#exit | Exit interface mode. |
(config)#interface xe20 | Enter interface mode. |
(config-if)#switchport | Configure interface as a layer 2 port. |
(config-if)#bridge-group 1 | Associate bridge to an interface. |
(config-if)#switchport mode trunk | Configure port as a trunk. |
(config-if)#switchport trunk allowed vlan add 101-110 | Allow VLANs 101-110 on the interface. |
(config-if)#no shutdown | Make interface admin up |
(config-if)#exit | Exit interface mode. |
(config)#interface xe5 | Enter interface mode. |
(config-if)#switchport | Configure interface as a layer 2 port. |
(config-if)#exit | Exit interface mode. |
(config)#monitor session 1 | Enter monitor session configuration mode |
(config-monitor)#destination interface xe5 | Configure the interface as destination port |
(config-monitor)#source vlan 101 | Configure source VLAN to be mirrored |
(config-monitor)#filter src-mac host 0000.0000.0005 | Configure the rule to match the source MAC |
(config-monitor)#no shut | Activate monitor session |
(config-monitor)#end | Exit monitor session configuration mode |
Validation
Enter the below commands to confirm the configurations.
#show running-config monitor
!
monitor session 1
source vlan 101
destination interface xe5
10 filter src-mac host 0000.0000.0005
no shut
#show monitor session all
session 1
---------------
type : local
state : up
source intf :
tx :
rx :
both :
source VLANs :
rx : 101
destination ports : xe5
filter count : 1
Legend: f = forwarding enabled, l = learning enabled
#show monitor session 1 filter
session 1
---------------
filter count : 1
---------------
match set 1
---------------
source mac address : 0000.0000.0005 (host)
RSPAN Overview
When several switches need to be analyzed with a single centralized sniffer, remote switched port analyzer (RSPAN) is used. In RSPAN, all the mirrored traffic will be tagged with a RSPAN VLAN ID and forwarded to remote destination via a port called reflector port. Reflector port will have the same characteristics of a local destination port. RSPAN VLAN ID will be a dedicated VLAN for the monitoring purpose and will not participate in bridging. RSPAN destination switch will strip the RSPAN VLAN tag and send it the sniffer for analysis. RSPAN will have the same sub-categories as SPAN except that the mirrored traffic will be tagged with RSPAN VLAN header and forwarded to destination switch for analysis.
Topology
Figure 24-37: RSPAN Topology
Last modified date: 08/28/2023