RSPAN over multiple switches

Answered Question
Feb 19th, 2007

I have a Trunked ring of 4-2950 Switches. All support RSPAN. I want to monitor ports Fa0/2 off of BOTH switch A & B. My sniffer is off port Fa0/23 on switch D. RSPAN VLAN =900, Reflector ports are Fa0/22 on both A & B.

However, my sniffer only detects data on Fa0/2 off Switch A. It does NOT see any data from Fa0.2 off Switch B. Hope someone knows what the heck I did wrong. Thanks.

Configuration Data:

Switch A & B set up:

monitor session 2 source interface Fa0/2

monitor session 2 destination remote vlan 900 reflector-port Fa0/22

Switch C;

No RSPAN configuration.

Switch D:

monitor session 2 source remote vlan 900

monitor session 2 destination interface Fa0/23

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 9 years 7 months ago

Chris

Confusion reigns :-)

As you have a looped network which of the ports forming the switch interlinks is in blocking mode due to STP ?

Also what version of IOS are you running on your switches.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Richard Burts Mon, 02/19/2007 - 09:01

Chris

Are you sure that VLAN 900 is carried on trunk from switch B that gets to switch D?

HTH

Rick

cbrun Mon, 02/19/2007 - 09:47

Rick,

Yes, VLAN 900 is on the trunk.

The trunks show VLAN 900 as allowed and active. Ther trunks are A--B--D--C--A.

By default Spanning-tree pruned the trunk between A & B, so I forced it to prune between A and C. It did not help.

Jon Marshall Mon, 02/19/2007 - 10:38

Chris

From the 2950 config guide on RSPAN restrictions/guidelines.

==============================================

In a network consisting of only Catalyst 2950 or Catalyst 2955 switches, you must use a unique RSPAN VLAN session on each source switch. If more than one source switch uses the same RSPAN VLAN, the switches are limited to act only as source switches to ensure the delivery of all monitored traffic to the destination switch.

==============================================

The way you have your switches setup for A to get to D it has to go through B so B is an intermediate switch as i read it. But according to the above it can't be. What's confusing me and what makes me unsure this is the problem is that i would have thought you would have seen traffic from switch B not switch A.

Maybe i'm misunderstanding it. It might be worth trying to use a separate RSPAN vlan for each switch to see if it fixes the issue.

HTH

Jon

cbrun Mon, 02/19/2007 - 12:07

Thanks Jon,

Maybe I am misunderstanding the RSPAN restrictions/guidelines. I want A & B to only act as source switches (Fa0/2 in each case) and D to act as the destination switch. Hence, I had only a single RSPAN VLAN.

I tried multiple RSPAN VLANs ... but then D can only see the RSPAN VLAN for A or B, the intent is to see A and B.

I also am surprised that I can only see A, thru B or C ... I can't tell, while traffic from B is not seen on D and they are directly trunked.

Correct Answer
Jon Marshall Mon, 02/19/2007 - 16:49

Chris

Confusion reigns :-)

As you have a looped network which of the ports forming the switch interlinks is in blocking mode due to STP ?

Also what version of IOS are you running on your switches.

Jon

cbrun Tue, 02/20/2007 - 16:14

All 4 are running: C2950 Software (C2950-I6Q4L2-M), Version 12.1(11)EA1.

STP is blocking 900 between C--A.

cbrun Wed, 03/07/2007 - 05:08

Problem found. The hardware did not support EI. I was permitted to config RSPAN, but it is an EI feature, and thus it did not work as expected.

Actions

This Discussion