and RSPAN when we sniff something from the other, remote switch :
First step we need to do is create RSPAN VLAN. You need to remember thoes VLAN :
- can't be assigned to any acces port
- the same RSPAN VLAN is used for an RSPAN session in all switches
- all participating switches suppoer RSPAN
- RSPAN should be allowed in all trunk. This point is really important espesially when you use pruning. Remember to remova your RSPAN VLAN from pruning.
Source and Destination switch :
vlan 200
remote span
You can use access list to filtr packet but remember to do this on RSPAN VLAN on sourced switch.
Next step is to confiugre monitor session.
Let's assume we would like to sniff flow from interface G0/1 - SWITCH 1 to interface G0/2 - SWITCH 2
SWITCH 1
monitor session 1 source interface g0/1monitor session 1 destinarion remote vlan 200
SWITCH 2
monitor session 1 source remote vlan 200monitor session 1 destination interface g0/2
I personally use wireshark. When I turn on monitor session on SWITCH 2 my computer lose connection so don't panic when you are remotly connected to your PC. When you will turn off monitors session connection will be ok.
More about RSPAN you can find here : CISCO
Like this post....Really a good one
Find a huge range of Remote switches