VLAN RSPAN with 3 switches?

Unanswered Question
Aug 13th, 2010
User Badges:

Okay my goal is to make voip server monitoring work in CCX 4.0 environment. This is how my 3 switches are connected:


Phones------SW1-----.1q-----CoreSW-----.1q-----SW2(f0/2)------CCX Monitoring Servers


Where,

CoreSW: WS-C3750G-48TS-E

SW1: WS-C3750-48PS-S (Source)

SW2: WS-C3560-24PS-S (Destination)


Note: I also have a bunch of different Cisco switches connected to the CoreSW, not mentioned here.


Both the phones and Servers are in the same voice vlan (let's name it vlan 10). With 2 switches directly connected, the config should look like this:


Source switch:

SW1(config)#monitor session 1 source vlan 10

SW1(config)#monitor session 1 destination remote vlan 10


Destination switch:

SW2(config)#monitor session 1 source vlan 10
SW2(config)#monitor session 1 destination fastethernet 0/2


However, I have the 3rd switch (CoreSW) in the middle, it seems to be a little tricky here. Do I have to configure anything on the CoreSW so that the monitored traffic would flow only from SW1 to SW2 directly without flooding to other switches that are also connected to the CoreSW?


Any suggestion would greatly appreciated.


==================================

Note: the above config is referenced from here:

http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml#topic5

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Nagaraja Thanthry Fri, 08/13/2010 - 16:45
User Badges:
  • Cisco Employee,

Hello,


Typically, the remote vlan should be something other than your regular data

vlan. So, you can define a new vlan (say vlan 900) on all three switches

(including the Core switch) and define it as RSPAN vlan.


configure terminal

vlan 900

remote-span

exit


Then, on the source switch:


SW1(config)#monitor session 1 source vlan 10

SW1(config)#monitor session 1 destination remote vlan 900


On the Destination switch:


SW2(config)#monitor session 1 source remote vlan 900

SW2(config)#monitor session 1 destination fastethernet 0/2


Hope this helps.


Regards,


NT

ktran-anet Fri, 08/13/2010 - 16:59
User Badges:

Nagaraja,


Thanks for your suggestion. Your config looks clean.


However, I'm trying to figure out how the vlan 900 in this example works if I only have one NIC on each of my servers which is currently assiged to vlan 10. So do you suggest that I should use a 2nd NIC on each server and assign it to vlan 900 to make this work?


Is a dedicated RSPAN vlan a must have vlan and the only way to make this work? or is it just a smart choice that most people are doing?

Nagaraja Thanthry Fri, 08/13/2010 - 17:17
User Badges:
  • Cisco Employee,

Hello,


If I understand you right, you need the CCX servers to be on VLAN 10. You

can use the same ports that are in VLAN 10 for spanning as well as

communication. You need to configure "ingress forwarding" option along with

the monitor session.


monitor session 1 destination interface


and also add a manual ARP entry for CCX servers IP.


http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/relea...

2.2_40_se/configuration/guide/swspan.html#wp1228704


Hope this helps.


Regards,


NT

ktran-anet Fri, 08/13/2010 - 18:05
User Badges:

The document that you sent says:


Configuring a VLAN as an RSPAN VLAN
First create a new VLAN to be the RSPAN VLAN for the RSPAN session. You must create the RSPAN VLAN in all switches that will participate in RSPAN.


So correct me if I'm wrong, on all 3 switches, I should have the RSPAN VLAN 900 configured


CoreSW(config)#vlan 900

CoreSW(config-vlan)#remote-span


SW1(config)#vlan 900

SW1(config-vlan)#remote-span


SW2(config)#vlan 900

SW2(config-vlan)#remote-span



Then, on the source switch:


SW1(config)#monitor session 1 source vlan 10

SW1(config)#monitor session 1 destination remote vlan 900


On the Destination switch:


SW2(config)#monitor session 1 source remote vlan 900

SW2(config)#monitor session 1 destination fastethernet 0/2

ktran-anet Tue, 08/17/2010 - 09:07
User Badges:

Okay I did that and I don't see traffic coming from the source switch. See attached Sniffer.png


am I missing something here?

Attachment: 

Actions

This Discussion