cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
994
Views
10
Helpful
9
Replies

RSPAN over multiply switches

Eugene Khabarov
Level 7
Level 7

Hello, All!

I have problem with RSPAN monitoring session over multiply switches.

My configuration is like this:

|catalyst1 2960|---|some switch1|---|some switch2|---|catalyst2 2960|

catalysts is under my control, while some switch 1 and 2 under control of other admins. Probably, "some switches" is HP switches.

vlan 100 span this switches and operates correctly.

Catalyst1 configuration:

vlan 100

name rspan-vlan

remote-span

!

monitor session 1 source vlan 123

monitor session 1 destination remote vlan 100

!

Catalyst2 configuration:

vlan 100

name rspan-vlan

remote-span

!

monitor session 2 destination interface Fa0/1

monitor session 2 source remote vlan 100

!

However, traffic from vlan 123 is not reaching remote destination port. What is the problem?

9 Replies 9

Hi Eugeniy,

Please let me know that some sw1 and some sw2 already know about vlan 100. How are 4 switches connecting? Trunk? Access?

HTH,

Toshi

Yes, it is connected via trunk ports.

VLAN 100 is fully operational.

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Eugeniy,

remote span could be a Cisco proprietary feature.

the remote-span command instructs the switches to disable MAC address learning.

However you need a clean L2 path end to end with vlan 100 defined on all links in the list of permitted vlans and all links have to be trunk ports.

in the CCO configuration examples also the switches in the middle define the vlan as remote-span vlan.

You can configure any VLAN as an RSPAN VLAN as long as these conditions are met:

-The same RSPAN VLAN is used for an RSPAN session in all the switches.

>>>-All participating switches support RSPAN.

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_44_se/configuration/guide/swspan.html#wp1073772

So I'm afraid you cannot go through the two HP switches

Hope to help

Giuseppe

hi,

I'm afraid that Giuseppe nailed this problem.

Good Job! 5P.

Toshi

Yes, you right.

>>All participating switches support RSPAN

This is clearly defined.

So any ideas about how to monitor traffic on vlan 123?

Hello Eugeniy,

the only possible option is a local span with a sniffer connected to the destination port of the first C2960.

for a short time capture you can think to use a laptop with wireshark (ethereal) installed.

hint: if you have a PC with two NICs you can control it remotely.

Hope to help

Giuseppe

Eugene,

Can I allow Vlan123 go through Cat1->someSw1->someSw2->Cat2? I will then do a span-port(Locally) on Cat2. It's not a good idea though. (grin)

Giuseppe has provided a good solution .

Toshi

>>Can I allow Vlan123 go through Cat1->someSw1->someSw2->Cat2? I will then do a span-port(Locally) on Cat2. It's not a good idea though. (grin)

You can allow vlan 123 through this switches, but SPAN in this case will not collect traffic from Cat1.

And you right, this is not good idea.

>>for a short time capture you can think to use a laptop with wireshark (ethereal) installed.

This is not good idea. Collector is special server, connected to Cat2

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: