Problem with RSPAN on Cisco 3750ME

Unanswered Question
Aug 18th, 2010

Hello.

We're trying to use the RSPAN feature on our Catalyst 3750ME switch and
there seems to be a problem with the way it works on ES ports. Here's
our setup:

Monitoring Station (MS)   ----   3750G   ----   3750ME   ----
Monitored PC (PC)

What we're trying to do here is monitor all the PC's traffic. MS is just
another computer running Wireshark.

The MS is connected to interface GigabitEthernet2/0/8 on 3750G. This
interface is used as the destination interface of 3750G's monitoring
session.

The PC is connected to interace FastEthernet1/0/1 on 3750ME, which is a
trunk carrying several VLAN's. The whole interface is used as a source
interface of 3750ME's monitoring session. We're generating traffic from
PC (which participates in one of the VLAN's carried in the trunk) by
pinging one of the VLAN interfaces on 3750ME.

The RSPAN VLAN number is 911. It is used as the destination remote VLAN
of 3750ME's monitoring session and as the source remote VLAN of 3750G's
monitoring session.

VLAN911 is carried in/out of the 3750G via the GigabitEthernet2/0/24
trunk interface.

Now here's the strange part. When one of the FastEthernet interfaces on
C3750ME is used as a trunk to carry VLAN 911, everything works fine:
we're able to observe PC's ICMP requests and 3750ME's replies in the
monitored traffic, as expected. But when we reconfigure 3750ME so that
one of it's Gigabit (ES) interfaces is used as a trunk to carry our
RSPAN VLAN, the ICMP traffic is no longer monitored. All we see on the
MS is OSPF traffic, arp's, some multicast packets.

There are no L1 connectivity problems between switches, and we make sure
that VLAN 911 is seen in a list of forwarded VLAN's on the 3750ME's
trunk used in each case.

Here are some config excerpts:

3750G:

vlan 911
  remote-span

interface GigabitEthernet2/0/8
  description MONITORING STATION

interface GigabitEthernet2/0/24
  description TRUNK TO 3750ME
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 2,352,355,406,690,911
  switchport mode trunk

monitor session 1 destination interface Gi2/0/8
monitor session 1 source remote vlan 911


3750ME (working config):

vlan 911
  name test_rspan
  remote-span

interface FastEthernet1/0/1
  description MONITORED PC
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 2,355,406,690,912
  switchport mode trunk
  speed 100
  spanning-tree portfast

interface FastEthernet1/0/2
  description TRUNK TO 3750G
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 2,352,355,406,690,911
  switchport mode trunk
  speed 100
  spanning-tree portfast

monitor session 1 source interface Fa1/0/1
monitor session 1 destination remote vlan 911

3750ME (config that's not working):

vlan 911
  name test_rspan
  remote-span

interface FastEthernet1/0/1
  description MONITORED PC
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 2,355,406,690,912
  switchport mode trunk
  speed 100
  spanning-tree portfast

interface GigabitEthernet1/1/1
  description TRUNK TO 3750G
  switchport trunk allowed vlan 911
  switchport mode trunk
  speed auto 1000

monitor session 1 source interface Fa1/0/1
monitor session 1 destination remote vlan 911

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion

Related Content