RSPAN, which Vlan for dest ports?

Unanswered Question
Jul 31st, 2007

Hi Everyone.

I'm trying to get RSPAN to work. i have a test setup of 2 2950's but cannot get anything to show on the destination port except multi/broadcasts.

on switch 1:

interface FastEthernet0/23

description Reflector Port for VLAN 199

!

interface FastEthernet0/24

description Source Laptop

switchport access vlan 112

monitor session 1 source interface Fa0/24

monitor session 1 destination remote vlan 199 reflector-port Fa0/23

and port fa0/23 is left as default setup, nothing connected, but is flashing away happily as if traffic is working as it should.

on switch 2:

monitor session 1 destination interface Fa0/2

monitor session 1 source remote vlan 199

port fa0/2 is setup as follows:

interface FastEthernet0/2

switchport access vlan 112

This VLAN corresponds to the static IP address setup on the laptop with the packet capture software.

i see no unicast packets on the destination port and no packets can be sent or received from the attched destination laptop.

please help as i am getting nowhere with this.

many thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Amit Singh Tue, 07/31/2007 - 02:11

Hello Ray,

Have you set up the Vlan 99 as RSPAN on both the switches.

Do the following:

Config t

vlan 199

remote-span

Do this on both of the switches.

If you want to enable packet forwrading on the destination port, you have to enable the " ingress " option when you configure the destination port.

monitor session 1 destination interface Fa0/2 ingress vlan 112

HTH,Please rate if it does.

-amit singh

michal.grzelak Tue, 07/31/2007 - 02:16

Hi,

Please check if both switches are connected either using trunk, or access vlan 199, becouse source traffic needs to be send to the second switch. The other thing is that when You create Vlan 199, You need to specify that it is remote-span vlan:

vlan 199

name sniffer

remote-span

exit

There is also another issue. Command reflector-port is no longer in use or supported (I read about it somewhere on cisco.com), so just try following configuration:

on switch 1:

interface FastEthernet0/23

description Reflector Port for VLAN 199

speed auto

no shut

!

interface FastEthernet0/24

description Source Laptop

switchport access vlan 112

speed auto

no shut

!

monitor session 1 source interface Fa0/24

monitor session 1 destination remote vlan 199

on switch 2:

interface FastEthernet0/2

description destination

speed auto

no shut

!

monitor session 1 source remote vlan 199

monitor session 1 destination interface Fa0/2

Pls rate this if You find this helpful.

Kind Regards:

Michal

raycourtney Tue, 07/31/2007 - 03:20

Hi Guys,

thanks for the quick repsonses.

I have used VTP to spread VLAN 199 around, and called it a remote span vlan.

the switches are trunked and the trunks carry all vlans as default.

the source 2950 will not accept the command

"monitor session 1 destination remote vlan 199" without the reflector port option.

I'll upgrade the IOS and try again.

Also, Michal, i see the destination port in your config is set for a default vlan, this will surely mean that the IP address of the sniffer laptop will need to be changed to reflect the new IP address range of that Vlan. (i've just tried it and still no unicast packets flow)

any ideas? are 2950's any good for this?

Amit Singh Tue, 07/31/2007 - 04:07

Ray,

You have to configure the reflector port on 2950. Probably the config that were pasted above are from the some new IOS switches.

Could you please paste the " show vlan " from both the switches. A complete output..

As I said, Please use the ingress option on the destination port to enable the traffic forwarding.

Please see the link below for more info:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_20_ea2/configuration/guide/swspan.html#wp1218090

HTH,Please rate if it does.

-amit singh

raycourtney Tue, 07/31/2007 - 04:37

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/2, Fa0/6, Fa0/8, Fa0/12, Fa0/13, Fa0/14, Fa0/16, Fa0/23

101 HUMETH1 active

108 HUMETH3 active Fa0/18

109 FACILITIES active Fa0/22

110 RFLAN active Fa0/7, Fa0/11

112 FIXED-IP-CLIENTS-2 active Fa0/24

199 RSPAN1 active

999 NULL suspended

1002 fddi-default act/unsup

1003 trcrf-default act/unsup

1004 fddinet-default act/unsup

1005 trbrf-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1 enet 100001 1500 - - - - - 0 0

101 enet 100101 1500 - - - - - 0 0

108 enet 100108 1500 - - - - - 0 0

109 enet 100109 1500 - - - - - 0 0

110 enet 100110 1500 - - - - - 0 0

112 enet 100112 1500 - - - - - 0 0

VLAN AREHops STEHops Backup CRF

---- ------- ------- ----------

1003 7 7 off

Remote SPAN VLANs

------------------------------------------------------------------------------

199

Switch 2:

RayTest#sh vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/2, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12

Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22

Fa0/23, Fa0/24, Fa0/25, Fa0/26

101 HUMETH1 active

108 HUMETH3 active

109 FACILITIES active

110 RFLAN active

112 FIXED-IP-CLIENTS-2 active Fa0/3

199 RSPAN1 active

999 NULL suspended

1002 fddi-default act/unsup

1003 trcrf-default act/unsup

1004 fddinet-default act/unsup

1005 trbrf-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1 enet 100001 1500 - - - - - 0 0

101 enet 100101 1500 - - - - - 0 0

108 enet 100108 1500 - - - - - 0 0

VLAN AREHops STEHops Backup CRF

---- ------- ------- ----------

1003 7 7 off

Remote SPAN VLANs

------------------------------------------------------------------------------

199

Primary Secondary Type Ports

------- --------- ----------------- ------------------------------------------

Actions

This Discussion