Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1629
Views
0
Helpful
3
Replies

ERSPAN source sessions from different vrf's

aajvandewiel
Level 1
Level 1

‎04-28-2010 06:26 AM - edited ‎03-06-2019 10:50 AM

Hello,

using a 6509 with a sup 720 PFC3C/MSFC3 I need to configure two ERSPAN source session, but in different vrf's and each to a different destination

session and ERSPAN ID.I have got one source session running using a loopback (in vrf ABCDE) as origin IP address and wanted to setup the next source session with a different loopback (in vrf FGHIJ) origin IP address (with different ERSPAN-ID).

I got the message that all ERSPAN source sessions (on a single switch) need to use the same Origin IP address.

monitor session 4 type erspan-source

source interface Gi3/15

destination

  erspan-id 4

  ip address (on remote switch A)

  origin ip address 10.6.1.13 (loopback in vrf ABCDE)

  vrf ABCDE

!

!

monitor session 5 type erspan-source

shutdown

source interface Gi2/31

destination

  erspan-id 5

  ip address (on remote switch B)

origin ip address 10.6.1.14 (loopback in vrf FGHIJ) is not allowed.

  vrf FGHIJ

I wonder if using the origin ip address 10.6.1.13 in session 5 would get this ERSPAN working since this loopback is in another vrf. Or is this vrf only
needed to reach the destination ip address to setup the GRE tunnel? Just want to minimize any risk in breaking the ERSPAN session 4 since this
is a feed to a voice recording system.
Regards,
Arthur

Labels:
0 Helpful
3 Replies 3

shailesh.h
Level 1
Level 1

‎04-28-2010 09:51 AM

Link below may help you to some extend

http://www.cisco.com/en/US/partner/docs/routers/7600/ios/12.2SXF/configuration/guide/span.html

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎04-28-2010 10:01 AM

Hello Arthur,

as explained in the configuration guide linked by Shailesh

>> All ERSPAN source sessions on a router must use  the same origin IP address, configured with the origin  ip address command (see the "Configuring  ERSPAN Source Sessions" section).

this is a known constraint, you need to think of an alternate solution that allows you to use a single ip address.

You can add route-target import and export route-targets on first VRF in order to make this IP address visible also on the second VPN so that you can be compliant with this requirement.

Hope to help

Giuseppe

0 Helpful

aajvandewiel
Level 1
Level 1
In response to Giuseppe Larosa

‎04-29-2010 04:27 AM

Thanks Shailesh, Guiseppe,

so I am correct in assuming that the origin ip address in the first vrf will not be reachable from within the second vrf?

I will look into the route-target import/export. Perhaps another option to investigate is moving the to be monitored NIC to

another switch (with no ERSPAN source sessions on it).

Thank you!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card