03-23-2009 12:19 PM - edited 03-04-2019 04:03 AM
Hello, All!
I have problem with RSPAN monitoring session over multiply switches.
My configuration is like this:
|catalyst1 2960|---|some switch1|---|some switch2|---|catalyst2 2960|
catalysts is under my control, while some switch 1 and 2 under control of other admins. Probably, "some switches" is HP switches.
vlan 100 span this switches and operates correctly.
Catalyst1 configuration:
vlan 100
name rspan-vlan
remote-span
!
monitor session 1 source vlan 123
monitor session 1 destination remote vlan 100
!
Catalyst2 configuration:
vlan 100
name rspan-vlan
remote-span
!
monitor session 2 destination interface Fa0/1
monitor session 2 source remote vlan 100
!
However, traffic from vlan 123 is not reaching remote destination port. What is the problem?
03-23-2009 12:28 PM
Hi Eugeniy,
Please let me know that some sw1 and some sw2 already know about vlan 100. How are 4 switches connecting? Trunk? Access?
HTH,
Toshi
03-23-2009 12:34 PM
Yes, it is connected via trunk ports.
VLAN 100 is fully operational.
03-23-2009 12:37 PM
Hello Eugeniy,
remote span could be a Cisco proprietary feature.
the remote-span command instructs the switches to disable MAC address learning.
However you need a clean L2 path end to end with vlan 100 defined on all links in the list of permitted vlans and all links have to be trunk ports.
in the CCO configuration examples also the switches in the middle define the vlan as remote-span vlan.
You can configure any VLAN as an RSPAN VLAN as long as these conditions are met:
-The same RSPAN VLAN is used for an RSPAN session in all the switches.
>>>-All participating switches support RSPAN.
see
So I'm afraid you cannot go through the two HP switches
Hope to help
Giuseppe
03-23-2009 12:46 PM
hi,
I'm afraid that Giuseppe nailed this problem.
Good Job! 5P.
Toshi
03-23-2009 12:49 PM
Yes, you right.
>>All participating switches support RSPAN
This is clearly defined.
So any ideas about how to monitor traffic on vlan 123?
03-23-2009 01:11 PM
Hello Eugeniy,
the only possible option is a local span with a sniffer connected to the destination port of the first C2960.
for a short time capture you can think to use a laptop with wireshark (ethereal) installed.
hint: if you have a PC with two NICs you can control it remotely.
Hope to help
Giuseppe
03-23-2009 01:16 PM
Eugene,
Can I allow Vlan123 go through Cat1->someSw1->someSw2->Cat2? I will then do a span-port(Locally) on Cat2. It's not a good idea though. (grin)
Giuseppe has provided a good solution .
Toshi
03-24-2009 12:22 AM
>>Can I allow Vlan123 go through Cat1->someSw1->someSw2->Cat2? I will then do a span-port(Locally) on Cat2. It's not a good idea though. (grin)
You can allow vlan 123 through this switches, but SPAN in this case will not collect traffic from Cat1.
And you right, this is not good idea.
03-24-2009 12:24 AM
>>for a short time capture you can think to use a laptop with wireshark (ethereal) installed.
This is not good idea. Collector is special server, connected to Cat2
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: