Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
471
Views
0
Helpful
2
Replies

RSPAN problem

xianglingzj
Level 1
Level 1

‎03-27-2009 12:49 AM - edited ‎03-06-2019 04:51 AM

Dear all, current we have a very simple RSPAN problem:

The topology is as simple as:

SW1 --- SW2

The configuration is also very simple

SW1:

!

interface GigabitEthernet3/12

description TO SW2

logging event link-status

logging event bundle-status

logging event trunk-status

wrr-queue cos-map 1 1 1

wrr-queue cos-map 2 1 0 2 4 6 7

priority-queue cos-map 1 3 5

rcv-queue cos-map 1 2 2

mls qos trust dscp

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-802,804-4094

switchport mode trunk

!

interface GigabitEthernet5/1

switchport

switchport access vlan 812

channel-group 3 mode on

!

interface GigabitEthernet5/2

switchport

switchport access vlan 812

channel-group 3 mode on

!

interface Port-channel3

switchport

switchport access vlan 812

!

(truncated)

monitor session 1 destination interface Fa0/30

monitor session 1 source remote vlan 921

!

SW2

interface FastEthernet0/30

description Spare IT point ER1 I/O 857 (Cubicle A6)

switchport access vlan 200

switchport mode access

ip access-group DHCP-GUARD in

no logging event link-status

service-policy input limit-ping

spanning-tree portfast

spanning-tree guard root

!

interface GigabitEthernet0/2

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-802,804-4094

switchport mode trunk

mls qos trust dscp

wrr-queue cos-map 1 1

wrr-queue cos-map 2 0

wrr-queue cos-map 3 2 4 6 7

wrr-queue cos-map 4 3 5

priority-queue out

!

monitor session 1 destination interface Fa0/30

monitor session 1 source remote vlan 921

Link Po3 and Vlan 812 are both showing up and there are data pass through data and a sniffer is able to see those data when connected to SW2 F0/30

But when the following commands are entered:

!

int range g5/1 - 2

mls qos trust dscp

int po3

mls qos trust dscp

!

end

The data from Po3 suddenly disappeared from SW2 F0/30, and all the broadcast data from VLAN200 start to appear in that. Does anyone have any idea on this? Please advise, thanks.

Labels:
0 Helpful
2 Replies 2

stephenshaw
Level 1
Level 1

‎03-27-2009 06:05 AM

Hi,

two items to check ...

1. Don't see the trunk port for SW2 - is it allowing the VLANs you need? SW1 is, but no info shown for SW2.

2. "monitor session 1 source remote vlan 921" is configured on both SW1 and SW2. But what VLAN do you really want to monitor? That VLAN should be configured on one of the Switches and also allowed across the trunk. Ensure the VLANs in question are configured on both switches too.

As an example if VLAN 200 needs to be monitored you would configure "monitor session 1 source vlan 200" on one of the switches only. The other switch would remain with the configuration you have "monitor session 1 source remote vlan 921"

As long as the VLAN 200 is also on SW2, the RSPAN will be able to monitor all traffic for this VLAN.

0 Helpful

xianglingzj
Level 1
Level 1
In response to stephenshaw

‎03-30-2009 01:49 AM

Thanks, I made a mistake in SW1 configuration, the SW1 RSPAN configuration shall be:

monitor session 1 source interface Po3

monitor session 1 destination remote vlan 921

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card