Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ERSPAN source sessions from different vrf's

Hello,

using a 6509 with a sup 720 PFC3C/MSFC3 I need to configure two ERSPAN source session, but in different vrf's and each to a different destination

session and ERSPAN ID.I have got one source session running using a loopback (in vrf ABCDE) as origin IP address and wanted to setup the next source session with a different loopback (in vrf FGHIJ) origin IP address (with different ERSPAN-ID).

I got the message that all ERSPAN source sessions (on a single switch) need to use the same Origin IP address.

monitor session 4 type erspan-source

source interface Gi3/15

destination

  erspan-id 4

  ip address (on remote switch A)

  origin ip address 10.6.1.13 (loopback in vrf ABCDE)

  vrf ABCDE

!

!

monitor session 5 type erspan-source

shutdown

source interface Gi2/31

destination

  erspan-id 5

  ip address (on remote switch B)

origin ip address 10.6.1.14 (loopback in vrf FGHIJ) is not allowed.

  vrf FGHIJ

I wonder if using the origin ip address 10.6.1.13 in session 5 would get this ERSPAN working since this loopback is in another vrf. Or is this vrf only
needed to reach the destination ip address to setup the GRE tunnel? Just want to minimize any risk in breaking the ERSPAN session 4 since this
is a feed to a voice recording system.
Regards,
Arthur

3 REPLIES
New Member

Re: ERSPAN source sessions from different vrf's

Hall of Fame Super Silver

Re: ERSPAN source sessions from different vrf's

Hello Arthur,

as explained in the configuration guide linked by Shailesh

>> All ERSPAN source sessions on a router must use  the same origin IP address, configured with the origin  ip address command (see the "Configuring  ERSPAN Source Sessions" section).

this is a known constraint, you need to think of an alternate solution that allows you to use a single ip address.

You can add route-target import and export route-targets on first VRF in order to make this IP address visible also on the second VPN so that you can be compliant with this requirement.

Hope to help

Giuseppe

New Member

Re: ERSPAN source sessions from different vrf's

Thanks Shailesh, Guiseppe,

so I am correct in assuming that the origin ip address in the first vrf will not be reachable from within the second vrf?

I will look into the route-target import/export. Perhaps another option to investigate is moving the to be monitored NIC to

another switch (with no ERSPAN source sessions on it).

Thank you!

872
Views
0
Helpful
3
Replies
CreatePlease login to create content