Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1416
Views
0
Helpful
1
Replies

Bridge RSPAN over GRE (without using ERSPAN)?

packetjockey
Level 1
Level 1

‎06-21-2007 10:19 AM - edited ‎03-05-2019 04:53 PM

The overall goal is to have a method of fine granular sniffing (VACL) and transporting the 'sniffed' traffic over an IP network.

Equipment I have is a cat3550 running c3550-ipservicesk9-mz.122-25.SEE3. I know ERSPAN exists (6500 w/ sup720) but I want this done on a 3550 (this is the challenging part).

I've been attempting to get this done by bridging the rspan vlan over a gre tunnel. I have not had much success with this. GRE tunnel works just fine, rspan vlan is just not being bridged over it.

Just to test the ability of bridging a rspan vlan, I was able to bridge the rspan vlan to another vlan. I took this same concept and attempted to bridge the rspan vlan over a gre tunnel... no luck with this yet.

----------

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Switch

!

!

no aaa new-model

ip subnet-zero

!

vtp mode transparent

!

!

!

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan access-map RSPAN.VACL 10

action forward

match ip address RSPAN.ACL

vlan filter RSPAN.VACL vlan-list 100

!

vlan 10

name user-vlan

!

vlan 100

name rspan-vlan

remote-span

!

vlan 200

name mgmt-vlan

!

!

interface Tunnel0

ip address 10.10.10.1 255.255.255.0

tunnel source Vlan200

tunnel destination 10.0.0.2

bridge-group 1

bridge-group 1 spanning-disabled

!

interface FastEthernet0/1

description RSPAN port

switchport trunk native vlan 100

switchport mode dynamic desirable

!

interface FastEthernet0/15

description Sniffer port

switchport access vlan 200

switchport mode access

no cdp enable

spanning-tree portfast

spanning-tree bpdufilter enable

!

interface FastEthernet0/31

description User Port

switchport access vlan 10

switchport mode access

spanning-tree portfast

spanning-tree bpdufilter enable

!

interface Vlan1

no ip address

shutdown

!

interface Vlan10

description User VLAN

ip address 192.168.0.1 255.255.255.0

!

interface Vlan100

description SVI for RSPAN

no ip address

bridge-group 1

!

interface Vlan200

description external

ip address 10.0.0.1 255.255.255.0

!

ip classless

ip http server

ip http secure-server

!

!

ip access-list extended RSPAN.ACL

permit ip any any

!

!

control-plane

!

!

line con 0

line vty 0 4

no login

line vty 5 15

no login

!

!

monitor session 1 source vlan 10 rx

monitor session 1 destination remote vlan 100 reflector-port Fa0/1

end

----------

Any ideas on how this could be done? Thanks.

Labels:
0 Helpful
1 Reply 1

amritpatek
Level 6
Level 6

‎06-27-2007 10:22 AM

RSPAN source sessions do not copy locally sourced RSPAN VLAN traffic from source trunk ports that carry RSPAN VLANs. RSPAN source sessions do not copy locally sourced RSPAN GRE-encapsulated traffic from source ports.

Each RSPAN source session can have either ports or VLANs as sources, but not both. The RSPAN source session copies traffic from the source ports or source VLANs and switches the traffic over the RSPAN VLAN to the RSPAN destination session. The RSPAN destination session switches the traffic to the destination ports

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card