Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
akw
Community Member

RSPAN failed on 2960/3560

Hello.

I have set of 2960/3560 switches uplinked to 3750 core switch. When configuring RSPAN for TX&RX traffic on 2960/3560 switch everything works fine until CDP packet is received on monitored interface. After that NO UNICAST TX (egress) traffic from monitored port is copied to RSPAN VLAN. Only broadcasts and multicasts are copied. RX (ingress) traffic is copied to RSPAN VLAN normally.

Does anyone experienced this issue? Is it a configuration problem or IOS bug?

My config:

2960/3560:

monitor session 1 source interface Fa0/12

monitor session 1 destination remote vlan 401

output of sh vlan remote-span:

Remote SPAN VLANs

------------------------------------------------------------------------------

401

3750:

monitor session 1 source remote vlan 401

monitor session 1 destination interface g1/0/1

output of sh vlan remote-span:

Remote SPAN VLANs

------------------------------------------------------------------------------

401

VTP is enbaled an all switches for VLAN management.

Thanks for help.

Andrzej Kowalczyk

2 REPLIES
Community Member

Re: RSPAN failed on 2960/3560

Hi,

Your config looks perfect to me. Let us know what IOS you are using in all the switches.

--gaurav

akw
Community Member

Re: RSPAN failed on 2960/3560

The newest one: 12.2(44)SE

I made additional research and got results:

1. Everything is fine when device connected to monitored interface does not have CDP enbaled.

2. The problem appears when CDP packet is received from monitored host.

Look at the following scenario (S1) with RSPAN enabled for MonitoredHost and VLAN 401:

MonitoredHost----C3750_1----Trunk(with RSPAN VLAN 401)---Sniffer(with VLAN support)

In this case sniffer is receiving on VLAN 401 all(TX&RX) packets copied from interface having MonitoredHost connected to.

Now look at the following scenario (S2a):

MonitoredHost----C3750_1----Trunk(with RSPAN VLAN 401)---C3750_2--RSPANDest----Sniffer

In this case Sniffer receive unicast egress frames (transmited to monitored host) for MonitoredHost until first CDP packet sent by MonitoredHost.

"show cdp neighbours" issued on C3750_2 shows MonitoredHost as CDP neighbour along with C3750_1 - probably because copied (by RSAPN) CDP frame received on trunk interface.

-- Andrzej

520
Views
0
Helpful
2
Replies
CreatePlease to create content