05-14-2010 04:35 AM - edited 03-06-2019 11:05 AM
Hi,
I'm doing rspan between two 3750G connected by trunk on etherchannel running version 12.2(44)SE5.
I only get receive traffic from the remote span vlan. I have create the remote span vlans and allowed it on the trunk interface on both sides.
Switch 1
Session 1
---------
Type : Remote Source Session
Source Ports :
Both : Gi1/0/17
Dest RSPAN VLAN : 4094
monitor session 1 source interface Gi1/0/17
monitor session 1 destination remote vlan 4094
Switch 2
Session 1
---------
Type : Remote Source Session
Source Ports :
Both : Gi1/0/17
Dest RSPAN VLAN : 4094
Session 2
---------
Type : Remote Destination Session
Source RSPAN VLAN : 4094
Destination Ports : Gi1/0/27
Encapsulation : Native
Ingress : Disabled
monitor session 1 source interface Gi1/0/17
monitor session 1 destination remote vlan 4094
monitor session 2 destination interface Gi1/0/27
monitor session 2 source remote vlan 4094
If I do local span then I get all the transmit/receive traffic from the source interface.
Thanks.
05-18-2010 08:03 AM
Pretty much what you are trying to do is RSPAN the same switch´s traffic tying to fool the switch to send it´s own interface traffic to the rspan vlan and then capture it again with another monitor session. Unfortunately this is not possible.
I have seen it working a couple of times but you will get unexpected results.
It looks like you´ll need a third switch for this task.
- Jorge
08-14-2010 02:53 AM
Hi,
I have added a third switch 3750-24P running 12.2(46)SE and trunked to my switch1 allowing RSPAN VLAN 4094 on the trunk. Now my issue is the destination port on switch3 does not receive any traffic, I see taffic coming in on the trunk interface.
switch3#sh monitor
Session 1
---------
Type : Remote Destination Session
Source RSPAN VLAN : 4094
Destination Ports : Fa1/0/1
Encapsulation : Native
Ingress : Disabled
Trunk:
switchs3#sh int fa1/0/24
FastEthernet1/0/24 is up, line protocol is up (connected)
30 second input rate 3019000 bits/sec, 614 packets/sec
30 second output rate 3000 bits/sec, 4 packets/sec
Destination port:
switch3#sh int fa1/0/1
FastEthernet1/0/1 is down, line protocol is down (monitoring)
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
monitor session 1 destination interface Fa1/0/1
monitor session 1 source remote vlan 4094
Any ideas what am I missing here?
Thanks
08-14-2010 08:40 AM
Hello,
Can you please post the output of "show vlan" from both switches?
Regards,
NT
08-14-2010 06:53 PM
Hi,
Output from both switches below:
switch1#sh vlan remote-span
Remote SPAN VLANs
------------------------------------------------------------------------------
4094
switch3#sh vlan remote
Remote SPAN VLANs
------------------------------------------------------------------------------
4094
Thanks.
08-14-2010 07:06 PM
Hello,
Can you try removing the local span session that sends traffic to remote
VLAN and see if that helps?
Regards,
NT
08-14-2010 07:38 PM
Hi,
Since the addition of switch3, switch 1 and 2 only have the following configured:
monitor session 1 source interface Gi1/0/17
monitor session 1 destination remote vlan 4094
cheers
08-14-2010 07:41 PM
Hello,
Does the third switch also have VLAN 4094 configured as RSPAN VLAN?
Regards,
NT
08-14-2010 07:58 PM
Hi,
Yes it has, as in one of replies above:
switch3#sh vlan remote
Remote SPAN VLANs
------------------------------------------------------------------------------
4094
Thanks,
11-08-2010 01:58 PM
Hello Satendark,
What you are seeing is expected behavior with the folllowing configurations, this is a limitation on 3750
monitor session 1 source interface Gi1/0/17
monitor session 1 destination remote vlan 4094
monitor session 2 destination interface Gi1/0/27
monitor session 2 source remote vlan 4094
You cannot copy local source gig 1/0/17 traffic to rpsan vlan and again create a another monitor session copying that traffic to destination on the same source switch. This can be done on 6500 series switches.
But there is a hack, here is waht you need to do.
monitor session 1 source interface Gi1/0/17
monitor session 1 destination remote vlan 4094
( you dont need the second monitor session )
Rspan traffic is flooded on trunks , so you can configure the sniffer port ( destination port Gi1/0/27 as following.)
interface Gi1/0/27
switchport trunk encapsulation dot1q
switchport trunk native vlan 4096
switchport mode trunk
switchport trunk allowed vlan 4096
spanning-tree portfast trunk
You will see all your trafffic.
Thanks and let me know how it goes.
Ruvin
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: