How to Remote port monitoring using Wireshark

Remote port monitoring using Wireshark
Step 1: Need to create RSPAN VLAN

SW1(config)# vlan 900
SW1(config-vlan)# remote span
SW1(config-vlan)# end
SW3(config)# vlan 900
SW3(config-vlan)# remote span
SW3(config-vlan)# end

NOTE:
-          The RSPAN Vlan needs to exist in the Vlan database of the source switch, the destination switch and all switches in the transit path between them. It also needs to be allowed on all Trunk ports between the source and destination switches.
-          The RSPAN VLAN cannot be VLAN 1 (the default VLAN) or VLAN IDs 1002 through 1005 (reserved for Token Ring and FDDI VLANs).

Need to configure the following commands on the switch which has the Internet port:

#no monitor session 1
#monitor session 1 source interface fastethernet 0/1
#monitor session 1 destination remote vlan 900

The source interface above will be your Internet port that you need to monitor and the Vlan ID for the remote VLAN will be your newly created RSPAN Vlan.

Then on the destination switch, i.e. the one you have the host who needs to see the packets:

#no monitor session 1
#monitor session 1 source remote vlan 900
#monitor session 1 destination interface fastethernet 0/10

The source Vlan will be the RSPAN Vlan and the destination interface will be the port that you want to output your packets to.

Verify
#Show monitor 1


0 comments:

Post a Comment