Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2650
Views
0
Helpful
1
Replies

Cisco UCS not getting RSPAN and ERSPAN

salahuddin Jawad
Level 1
Level 1

‎06-03-2012 04:23 AM

Hello,

We are running Cisco UCS which si connected with FI to cisco 4510R switch and problem is we are not receiving RSPAN and ERSPAN packets on UCS server machine. we advise any workaround for this.

We are trying to resolve this issue via using PPTP tunnel between cisco switch 4510R and UCS machine to bypass febric interconnect. any one commint will this be workable solution?

Thanks,

Jawad

1 person had this problem
Labels:
0 Helpful
1 Reply 1

wsmyth
Level 1
Level 1

‎08-27-2020 08:18 AM

I know this question is ancient but perhaps answering this here will help someone else in the future.

 

When using ERSPAN, you do NOT need to implement PPTP. PPTP is outdated and insecure at the present time. ERSPAN uses a GRE tunnel between source and destination to pass the mirrored/SPAN'd traffic.  The GRE tunnel is able to "pierce" the UCS Fabric Interconnects and hit a server (physical or virtual) that connects to the UCS FIs.  This is the only supported type of SPAN that can be used with UCS FIs. SPAN and RSPAN rely on a destination switch, and the mirrored frames would never be passed through the FIs down to the UCS servers.  ERSPAN works by creating a tunnel to the server's IP address, and thus will traverse the UCS FIs successfully. 

 

The only other requirement is that your server destination has the ability to decapsulate the GRE packets. This can be accomplished fairly easily using any Linux server flavor (e.g. Security Onion, RHEL, Debian, CentOS, Ubuntu, etc.) with native FOSS applications available to Linux. Also, I believe the Wireshark application can act as a GRE endpoint and will natively decapsulate and capture the traffic from the ERSPAN.  There may be other tools as well, but I'm not familiar with them.

 

Here's an article to get you started: https://www.cisco.com/c/en/us/support/docs/servers-unified-computing/ucs-b-series-blade-servers/200521-Configure-a-Virtual-Machine-on-a-UCS-Bla.html

It's a bit dated but still applicable. 

 

Hope this helps someone in the future.

 

William

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking products for a $25 gift card