RSPAN can't work on my 3750, Why?

Unanswered Question
Apr 1st, 2010

I want to monitor fa1/0/19's traffic to fa1/0/13 by RSPAN.

My configuration is as follow, but I can't capture packets on interface fa1/0/13, please give me some help, thanks.

========

interface FastEthernet1/0/13
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 234
switchport mode trunk

interface FastEthernet1/0/19
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 222
switchport mode trunk

monitor session 1 source interface Fa1/0/19 rx
monitor session 1 destination remote vlan 234

Switch(config)#vlan 234
Switch(config-vlan)#remote-span

=======

Switch#show monitor session 1 detail
Session 1
---------
Type                   : Remote Source Session
Description            : -
Source Ports           :
    RX Only            : Fa1/0/19
    TX Only            : None
    Both               : None
Source VLANs           :
    RX Only            : None
    TX Only            : None
    Both               : None
Source RSPAN VLAN      : None
Destination Ports      : None
Filter VLANs           : None
Dest RSPAN VLAN        : 234

======

Switch#show vlan id 234

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
234  abc                              active    Fa1/0/13

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
234  enet  100234     1500  -      -      -        -    -        0      0 

Remote SPAN VLAN
----------------
Enabled

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

=====

Switch#show version
Cisco IOS Software, C3750ME Software (C3750ME-I5K91-M), Version 12.2(40)SE, RELEASE SOFTWARE (fc3)
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Fri 24-Aug-07 01:09 by myl
Image text-base: 0x00003000, data-base: 0x01AD3000

ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750ME Boot Loader (C3750ME-HBOOT-M) Version 12.1(14r)AX, RELEASE SOFTWARE (fc1)

Switch uptime is 2 weeks, 19 hours, 9 minutes
System returned to ROM by power-on
System image file is "flash:c3750me-i5k91-mz.122-40.SE/c3750me-i5k91-mz.122-40.SE.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html you require further assistance please contact us by sending email to
[email protected] ME-C3750-24TE (PowerPC405) processor (revision H0) with 118784K/12280K bytes of memory.
Processor board ID FDO1142Z7XT
Last reset from power-on
1 Virtual Ethernet interface
24 FastEthernet interfaces
4 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

If

cisco

1024K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       : 00:1D:E6:3E:98:80
Motherboard assembly number     : 73-9938-04
Motherboard serial number       : FDO113306CW
Model revision number           : H0
Motherboard revision number     : C0
Model number                    : ME-C3750-24TE-M
Daughterboard assembly number   : 73-9939-03
Daughterboard serial number     : FDO11390EHM
System serial number            : FDO1142Z7XT
Top Assembly Part Number        : 800-25952-05
Top Assembly Revision Number    : A0
Version ID                      : V06
CLEI Code Number                : COMS900ARA
Daughterboard revision number   : A0
Hardware Board Revision Number  : 0x09


Switch   Ports  Model              SW Version              SW Image           
------   -----  -----              ----------              ----------         
*    1   28     ME-C3750-24TE      12.2(40)SE              C3750ME-I5K91-M   


Configuration register is 0xF

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 04/01/2010 - 01:23

Are fa1/0/13 and fa1/0/19 on the same switch ?

If so you don't need RSPAN you need to use SPAN. RSPAN is used when the source and destination ports are on different switches.

Your config would look like -

monitor session 1 source interface Fa1/0/19 rx
monitor session 1 destination interface fa1/0/13 encapsulation replicate

see this link for full details -

3750  SPAN configuration

Jon

Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

guxianghong Thu, 04/01/2010 - 01:55

Thanks for your reply.

Yes, local SPAN can work on my switch.

But Here I want to use RSPAN, I configure the switch just follow the configuration guide, but there are no packets monitored.

The configuration guide says RSPAN just need to configure destination vlan, then which port does the monitored packets sent out?

Jon Marshall Thu, 04/01/2010 - 01:58

guxianghong wrote:

Thanks for your reply.

Yes, local SPAN can work on my switch.

But Here I want to use RSPAN, I configure the switch just follow the configuration guide, but there are no packets monitored.

The configuration guide says RSPAN just need to configure destination vlan, then which port does the monitored packets sent out?

If you look at the config guide i sent a link to then you'll see that RSPAN does need a destination port to send traffic to. The RSPAN vlan is simply used as a vlan to transmit the SPANned packets between switches. You still have to have a destination port configured.

Jon


Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

guxianghong Thu, 04/01/2010 - 02:44

The config guide you sent is for local SPAN.

I know that local SPAN does have to configure destination interface, but how to configure RSPAN's destination port on RSPAN source session switch?

Or we don't need to configure RSPAN's destination port on RSPAN source session switch, we just need to configure RSPAN destination VLAN, all traffic monitored to the RSPAN session will be flooded in the RSPAN VLAN, then all monitored packets will be sent out of RSPAN VLAN's member port?

Thanks.

guxianghong Thu, 04/01/2010 - 02:38

Thanks for your reply.

I read RSPAN configuration again,

On RSPAN source session switch, the example configuration is:

----------------------

This example shows how to create RSPAN VLAN 901.

Switch(config)# vlan 901

Switch(config-vlan)# remote span

Switch(config-vlan)# end

Switch(config)# no monitor session 1

Switch(config)# monitor session 1 source interface gigabitethernet1/0/1 tx

Switch(config)# monitor session 1 source interface gigabitethernet1/0/2 rx

Switch(config)# monitor session 1 source interface port-channel 12 

Switch(config)# monitor session 1 destination remote vlan 901

Switch(config)# end

-----------------

My question is, if there are lots of data traffic received by po12, which interface does the monitored traffic been sent out? All the member port of vlan 901?

francisco_1 Thu, 04/01/2010 - 03:31

How RSPAN works is a copy of traffic received on the source ports you are monitoring for example PO12  are copied to the RSPAN dedicated vlan 901 and forwarded over trunk ports carrying the RSPAN vlan 901 to a destination session monitoring the RPSNA vlan. You cannot have a source port or standard working port carry normal traffic as part of vlan 901 because no MAC address learning occurs on the RSPAN VLAN. 

RSPAN Config example

Source Switch:

vlan 250
remote span
end

monitor session 1 source interface fastethernet0/1 tx
monitor session 1 source interface fastethernet0/2 rx
monitor session 1 destination remote vlan 250

YOU NEED TO HAVE A TRUNK BETWEEN SWITCHES WITH VLAN 250 ENABLE ON TRUNK

Destination Switch:

vlan 250
remote span
end

monitor session 1 source remote vlan 250
monitor session 1 destination interface fastethernet0/7
end

That will send ALL traffic from RSPAN VLAN 250 to the destination fastethernet0/7, where we can plug our sniffer, traffic analyzer, or anything that we may need/want.

Hope the above makes sense

Francisco

shailesh.h Thu, 04/01/2010 - 07:25

I think you may try following configuration ... should work

interface FastEthernet1/0/13
no switchport trunk encapsulation dot1q
no switchport trunk allowed vlan 234
no switchport mode trunk
switchport access vlan 234

interface FastEthernet1/0/19
no switchport trunk encapsulation dot1q
no switchport trunk allowed vlan 222
no switchport mode trunk
switchport access vlan 222

monitor session 1 source interface Fa1/0/19 rx
monitor session 1 destination remote vlan 234

Switch(config)#vlan 234
Switch(config-vlan)#remote-span

guxianghong Thu, 04/01/2010 - 22:19

I tried you config, but it still can't work.

See my config:

===========

interface FastEthernet1/0/7
switchport access vlan 234

end

interface FastEthernet1/0/8
switchport access vlan 222
end

monitor session 1 source interface Fa1/0/8
monitor session 1 destination remote vlan 234

Switch(config)#vlan 234
Switch(config-vlan)#remote-span

===========

By the way, the following config can't display in running-config:

=========

Switch(config)#vlan 234
Switch(config-vlan)#remote-span

=========

Is this a bug ?

shailesh.h Fri, 04/09/2010 - 07:02

first instead of RSAP try with simple SPAN with source interf

ace and destination interface...

if it works fine then configure for RSPAN.. as far as config steps concern appears ok to me...

Cheers...

shailesh.h Fri, 04/23/2010 - 10:18

Hi,

I was going through the couple of documentation related to SPAN / RSPAN and clicked your scenario. I view to rectify your problem is

interface FastEthernet1/0/7
switchport access vlan 234

end

interface FastEthernet1/0/8
switchport access vlan 222
end

monitor session 1 source interface Fa1/0/8
monitor session 1 destination remote vlan 234

You can add following lines if it permits and check

monitor session 2 source vlan 234

monitor session 2 destination interface Fa1/0/7

Normally SPAN use when you are doing monitoring within same switch and RSPAN when you does monitoring from remote SWitch.

Hope you can try this and share feedback

Shailesh

Actions

This Discussion

Related Content