06-21-2007 10:19 AM - edited 03-05-2019 04:53 PM
The overall goal is to have a method of fine granular sniffing (VACL) and transporting the 'sniffed' traffic over an IP network.
Equipment I have is a cat3550 running c3550-ipservicesk9-mz.122-25.SEE3. I know ERSPAN exists (6500 w/ sup720) but I want this done on a 3550 (this is the challenging part).
I've been attempting to get this done by bridging the rspan vlan over a gre tunnel. I have not had much success with this. GRE tunnel works just fine, rspan vlan is just not being bridged over it.
Just to test the ability of bridging a rspan vlan, I was able to bridge the rspan vlan to another vlan. I took this same concept and attempted to bridge the rspan vlan over a gre tunnel... no luck with this yet.
----------
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
no aaa new-model
ip subnet-zero
!
vtp mode transparent
!
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan access-map RSPAN.VACL 10
action forward
match ip address RSPAN.ACL
vlan filter RSPAN.VACL vlan-list 100
!
vlan 10
name user-vlan
!
vlan 100
name rspan-vlan
remote-span
!
vlan 200
name mgmt-vlan
!
!
interface Tunnel0
ip address 10.10.10.1 255.255.255.0
tunnel source Vlan200
tunnel destination 10.0.0.2
bridge-group 1
bridge-group 1 spanning-disabled
!
interface FastEthernet0/1
description RSPAN port
switchport trunk native vlan 100
switchport mode dynamic desirable
!
interface FastEthernet0/15
description Sniffer port
switchport access vlan 200
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree bpdufilter enable
!
interface FastEthernet0/31
description User Port
switchport access vlan 10
switchport mode access
spanning-tree portfast
spanning-tree bpdufilter enable
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
description User VLAN
ip address 192.168.0.1 255.255.255.0
!
interface Vlan100
description SVI for RSPAN
no ip address
bridge-group 1
!
interface Vlan200
description external
ip address 10.0.0.1 255.255.255.0
!
ip classless
ip http server
ip http secure-server
!
!
ip access-list extended RSPAN.ACL
permit ip any any
!
!
control-plane
!
!
line con 0
line vty 0 4
no login
line vty 5 15
no login
!
!
monitor session 1 source vlan 10 rx
monitor session 1 destination remote vlan 100 reflector-port Fa0/1
end
----------
Any ideas on how this could be done? Thanks.
06-27-2007 10:22 AM
RSPAN source sessions do not copy locally sourced RSPAN VLAN traffic from source trunk ports that carry RSPAN VLANs. RSPAN source sessions do not copy locally sourced RSPAN GRE-encapsulated traffic from source ports.
Each RSPAN source session can have either ports or VLANs as sources, but not both. The RSPAN source session copies traffic from the source ports or source VLANs and switches the traffic over the RSPAN VLAN to the RSPAN destination session. The RSPAN destination session switches the traffic to the destination ports
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: