rspan question

Unanswered Question
Oct 2nd, 2007
User Badges:

Hi,

I am running into some problems when I configured the Rspan. See the rough diagram below


core switch

/ \

/ \

Switch one Switch two


I configured the following in Switch one


Monitor session 1 source fa0/9

Monitor session 1 destination remote vlan 100


On Switch two I configured the following:


Monitor session 1 source remote vlan 100

Monitor session 1 destination int fa0/20


I have attached a pc running ethereal on switch two fa0/20, also I have verified that vlan 100 is configured as remote span vlan on all switches. All the trunk links allow all vlan including vlan 100. But what I get from ethereal are only boardcast traffics destinated to switch one's Fa0/9, I can't see any unicast. Can anyone give me a clue? Thanks in advance.


(On Ethereal I have checked the "capture packet in promiscuous mode) check box)


Chears

Xiao

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Kevin Dorrell Tue, 10/02/2007 - 23:08
User Badges:
  • Green, 3000 points or more

Are there any switches in the path that do not support RSPAN, for example 2950 etc? The RSPAN VLAN might be propagated by the VTP on the switches, but it is essential that each switch in the path understands the concept of the RSPAN VLAN.


Essentially, and RSPAN VLAN is one on which MAC learning has been disabled, so that all frames are flooded throughout the VLAN. If there is a switch on the path that does not understand that, then it will learn MAC addresses and start filtering in the normal way, leaving you only the broadcasts.


BTW, you would be well advised to allow the RSPAN VLAN only on trunks that are in the path between your source and your monitor. If you allow it all over your network, and you start monitoring some Gigabit port, then your slower links will be overloaded with monitor traffic.


A question for those who know more about it than I do: does pruning work on an RSPAN VLAN?


Kevin Dorrell

Luxembourg


da_heizhu Wed, 10/03/2007 - 00:03
User Badges:

Thanks Kelvin. Now I understand Rspan better. I was a bit uncertain about the 2950.. yes there is a 2950 at upstream of the sniffer.. does it means to say that 2950 does not support RSPAN? howerver on 2950 there are commands for RSPAN, pretty much the same as those on 2960 except for the need to configure reflector port. Please advise, thanks.


Xiao

Kevin Dorrell Wed, 10/03/2007 - 01:11
User Badges:
  • Green, 3000 points or more

Sorry, I take that back. The 2950 does support - I was getting confused with the older 2900XL series.


I had a look at the commands, and the reflector port is necessary only on a switch that is copying from the source into the RSPAN VLAN, (as is the case according to your diagram) and is configured on monitor session n destination command. If the switch is just passing the RSPAN VLAN transparently, the reflector port should not be necessary.


Could you do a show monitor on the source switch and destination switch please.


Kevin Dorrell

Luxembourg


Actions

This Discussion