Monday, August 19, 2013

Remote SPAN VLAN traffic analyzing

Troubleshooting traffic with RSPAN


Imagine an Enterprise with 2000 IP telephones and similar number of various terminal equipment (PCs, printers, scanners etc.). As in real world scenarios tight budget is a normal thing so one must create as best as he can with a small amount of money. 
In this design , we have 3 buildings that are logically organized in one Cisco VTP domain that is providing data and telephony services to clients inside the organization.
 

Two central C4505 Cisco catalyst switches along with C3750 are acting as VTP servers in this VTP domain. In production enviroment on can stumble upon a lot of problems with VOIP calls with a lot of RTP traffic going on. 
To troubleshoot these situations there is a great Cisco tool that gives you an option to analyze and capture VOIP traffic data from one location.
Assume the this information is traveling trough one VLAN in the VTP domain you can create and assign on VLAN for this purpose only.

Here is the config for the RSPAN vlan:

SWL3-1
vlan 999
remote-span
end

As we created a VLAN on one of the central L3 switches we can test the SPAN info over the access switches. The config is as follows:

SWL2-1
monitor session 1 source interface Fa0/22
monitor session 1 destination remote vlan 999

SWL2-2
monitor session 1 source remote vlan 999
monitor session 1 destination interface Fa0/45

This is all to it. Now to test this one can attach a PC with a packet sniffer, say Wireshark and capture packets from the second access switch as VOIP calls are occuring on the first access switch. Normally we presume that an IP telephone is connected to interface Fa0/22 on the first switch. This switch can be in any location , important is that it is a member of the VTP domain.

Thanks for reading and feel free to comment.


No comments:

Post a Comment