cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1601
Views
0
Helpful
7
Replies

RSPAN over multiple switches

cbrun
Level 1
Level 1

I have a Trunked ring of 4-2950 Switches. All support RSPAN. I want to monitor ports Fa0/2 off of BOTH switch A & B. My sniffer is off port Fa0/23 on switch D. RSPAN VLAN =900, Reflector ports are Fa0/22 on both A & B.

However, my sniffer only detects data on Fa0/2 off Switch A. It does NOT see any data from Fa0.2 off Switch B. Hope someone knows what the heck I did wrong. Thanks.

Configuration Data:

Switch A & B set up:

monitor session 2 source interface Fa0/2

monitor session 2 destination remote vlan 900 reflector-port Fa0/22

Switch C;

No RSPAN configuration.

Switch D:

monitor session 2 source remote vlan 900

monitor session 2 destination interface Fa0/23

1 Accepted Solution

Accepted Solutions

Chris

Confusion reigns :-)

As you have a looped network which of the ports forming the switch interlinks is in blocking mode due to STP ?

Also what version of IOS are you running on your switches.

Jon

View solution in original post

7 Replies 7

Richard Burts
Hall of Fame
Hall of Fame

Chris

Are you sure that VLAN 900 is carried on trunk from switch B that gets to switch D?

HTH

Rick

HTH

Rick

Rick,

Yes, VLAN 900 is on the trunk.

The trunks show VLAN 900 as allowed and active. Ther trunks are A--B--D--C--A.

By default Spanning-tree pruned the trunk between A & B, so I forced it to prune between A and C. It did not help.

Chris

From the 2950 config guide on RSPAN restrictions/guidelines.

==============================================

In a network consisting of only Catalyst 2950 or Catalyst 2955 switches, you must use a unique RSPAN VLAN session on each source switch. If more than one source switch uses the same RSPAN VLAN, the switches are limited to act only as source switches to ensure the delivery of all monitored traffic to the destination switch.

==============================================

The way you have your switches setup for A to get to D it has to go through B so B is an intermediate switch as i read it. But according to the above it can't be. What's confusing me and what makes me unsure this is the problem is that i would have thought you would have seen traffic from switch B not switch A.

Maybe i'm misunderstanding it. It might be worth trying to use a separate RSPAN vlan for each switch to see if it fixes the issue.

HTH

Jon

Thanks Jon,

Maybe I am misunderstanding the RSPAN restrictions/guidelines. I want A & B to only act as source switches (Fa0/2 in each case) and D to act as the destination switch. Hence, I had only a single RSPAN VLAN.

I tried multiple RSPAN VLANs ... but then D can only see the RSPAN VLAN for A or B, the intent is to see A and B.

I also am surprised that I can only see A, thru B or C ... I can't tell, while traffic from B is not seen on D and they are directly trunked.

Chris

Confusion reigns :-)

As you have a looped network which of the ports forming the switch interlinks is in blocking mode due to STP ?

Also what version of IOS are you running on your switches.

Jon

All 4 are running: C2950 Software (C2950-I6Q4L2-M), Version 12.1(11)EA1.

STP is blocking 900 between C--A.

Problem found. The hardware did not support EI. I was permitted to config RSPAN, but it is an EI feature, and thus it did not work as expected.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco