Campus Networks

DEPLOYING REMOTE SWITCH PORT ANALYZER (RSPAN) SOLUTION for FastIron

by ajolly ‎03-05-2015 07:00 PM - edited ‎03-05-2015 07:02 PM (4,174 Views)

 

 

 

 

 

 

 

 

ENTERPRISE CAMPUS NETWORKING

 

 

DEPLOYING REMOTE SWITCH PORT ANALYZER (RSPAN) SOLUTION


Introduction
Customers have the need to monitor the traffic from source ports distributed over multiple
switches in the network. Switch Port Analyzer (SPAN) is a great tool to enable customers to
troubleshoot and monitor their switched networks. SPAN mirrors network traffic from one port to
one or more monitoring ports on the local switch. The destination monitoring port could be
attached to a network analyzer or another network device such as IDS.


Mirrored traffic can be mirrored to a local switch port – SPAN – or to a remote switch port which is
known as RSPAN. Brocade FastIron switches support SPAN and RSPAN as described below.

 

 

 

SPAN: Switched traffic is mirrored from multiple ports to one or more ports within the same local
switch facilitating exact packet capture on the destination port. For more information, please refer
to port mirroring installation guide at www.brocade.com

 

span.png

Remote SPAN (RSPAN): This feature is an extension to SPAN and allows remote monitoring ports
to be connected to a centralized switch which can monitor mirrored traffic from multiple source
ports located on other switches in the network. This functionality requires the use of a dedicated
VLAN for the RSPAN session. Traffic from source ports is mirrored to a local port from where it is
forwarded to a remote switch with the centralized destination port which has an analyzer
attached.

rspan.png



Brocade Solution --:

Brocade switches provide Remote SPAN functionality by using a dedicated
RSPAN VLAN configuration on the switch. The traffic is mirrored on a local port and looped to
another local port on the same switch. A dedicated RSPAN VLAN is configured and the port
connected to the remote unit is tagged along with untagged lopped port. MAC-Learning is disabled
on the mirror, loop and the remote switch connected interfaces. On the destination port the
RSPAN VLAN is configured with remote interface tagged in it. The traffic can then be simply
mirrored to the sniffer port which is added to the RSPAN VLAN as untagged.

solution.png

Summary
The traffic mirrored trough a Local SPAN feature can be remotely monitored on a connected switch with the RSPAN VLAN configuration on Brocade devices.
SPAN and RSPAN features are critical to aid customers in troubleshooting network problems or to implement other functionality such as Intrusion Detection by forwarding a copy of all traffic received on a port or ports, to a centrally located IDS device.
Brocade FastIron OS Provides the ability to monitor network ports on a local or remote switch by combining multiple features together to offer a RSPAN Solution.

Comments
by nicolas.bussieres-c
‎06-09-2015 08:12 AM - edited ‎06-09-2015 08:13 AM

On the switch with the sniffer(magnifing glass), the receiving port 5/1 must also be configured with mac-learn-disable

Contributors