Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
599
Views
4
Helpful
5
Replies

rspan question

da_heizhu
Level 1
Level 1

‎10-02-2007 10:05 PM - edited ‎03-05-2019 06:50 PM

Hi,

I am running into some problems when I configured the Rspan. See the rough diagram below

core switch

/ \

/ \

Switch one Switch two

I configured the following in Switch one

Monitor session 1 source fa0/9

Monitor session 1 destination remote vlan 100

On Switch two I configured the following:

Monitor session 1 source remote vlan 100

Monitor session 1 destination int fa0/20

I have attached a pc running ethereal on switch two fa0/20, also I have verified that vlan 100 is configured as remote span vlan on all switches. All the trunk links allow all vlan including vlan 100. But what I get from ethereal are only boardcast traffics destinated to switch one's Fa0/9, I can't see any unicast. Can anyone give me a clue? Thanks in advance.

(On Ethereal I have checked the "capture packet in promiscuous mode) check box)

Chears

Xiao

Labels:
0 Helpful
5 Replies 5

Kevin Dorrell
Level 10
Level 10

‎10-02-2007 11:08 PM

Are there any switches in the path that do not support RSPAN, for example 2950 etc? The RSPAN VLAN might be propagated by the VTP on the switches, but it is essential that each switch in the path understands the concept of the RSPAN VLAN.

Essentially, and RSPAN VLAN is one on which MAC learning has been disabled, so that all frames are flooded throughout the VLAN. If there is a switch on the path that does not understand that, then it will learn MAC addresses and start filtering in the normal way, leaving you only the broadcasts.

BTW, you would be well advised to allow the RSPAN VLAN only on trunks that are in the path between your source and your monitor. If you allow it all over your network, and you start monitoring some Gigabit port, then your slower links will be overloaded with monitor traffic.

A question for those who know more about it than I do: does pruning work on an RSPAN VLAN?

Kevin Dorrell

Luxembourg

da_heizhu
Level 1
Level 1
In response to Kevin Dorrell

‎10-03-2007 12:03 AM

Thanks Kelvin. Now I understand Rspan better. I was a bit uncertain about the 2950.. yes there is a 2950 at upstream of the sniffer.. does it means to say that 2950 does not support RSPAN? howerver on 2950 there are commands for RSPAN, pretty much the same as those on 2960 except for the need to configure reflector port. Please advise, thanks.

Xiao

0 Helpful

ankbhasi
Cisco Employee
Cisco Employee
In response to da_heizhu

‎10-03-2007 12:48 AM

HI Xiao,

2950 does support RSPAN you have to configure reflector port on 2950.

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_20_ea2/configuration/guide/swspan.html#wp1336427

HTH

Ankur

0 Helpful

Kevin Dorrell
Level 10
Level 10
In response to da_heizhu

‎10-03-2007 01:11 AM

Sorry, I take that back. The 2950 does support - I was getting confused with the older 2900XL series.

I had a look at the commands, and the reflector port is necessary only on a switch that is copying from the source into the RSPAN VLAN, (as is the case according to your diagram) and is configured on monitor session n destination command. If the switch is just passing the RSPAN VLAN transparently, the reflector port should not be necessary.

Could you do a show monitor on the source switch and destination switch please.

Kevin Dorrell

Luxembourg

0 Helpful

da_heizhu
Level 1
Level 1

‎10-03-2007 12:15 AM

attached a clearer diagram with the switch's model for more info.

Preview file
11 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card