[c-nsp] RSPAN over IP

Michael Bowe mbowe at pipeline.com.au
Tue Jul 3 19:14:01 EDT 2007


From: "Matt Addison" <maddison at iquest.net>

> Does anyone know if the ERSPAN feature is coming to any other product
> lines or if it's going to remain (65|76)00 only?

If your gear doesn't support ERSPAN, you can do it with
RSPAN via an L2TPv3 tunnel

[switch]--[router]--[ip network]--[router]--[switch]

Site A being sniffed :
* Enable RSPAN on the switches, feed the sniff into RSPAN vlan eg 99
* Create a subinterface on the router in vlan 99 ( no ip address )
* Attach an L2TPv3 xconnect on this interface to router B

Site B where the traffic is being fed to :
* Create a subinterface on the router in vlan 99 ( no ip address )
* Attach an L2TPv3 xconnect on this interface to router A
* Enable RSPAN on the switches, setup your sniffer box on vlan 99 RSPAN
destination port 

>From memory you need pretty recent IOS on the router to do the L2TPv3
xconnect ( 12.4? )

Michael.




More information about the cisco-nsp mailing list