Re: N3K - remote span VLAN drop L2 protocol frames

Adam84 · ‎08-23-2018

Problem:

N3K doesn't pass L2 protocol frames in VLAN marked as remote span (i.e. with dst-mac 01-80-c2-00-00-02).

I've set VLAN for remote span in network. It is also configured on N3K that only passes that VLAN, and it's configured as remote-span. I can see that frames with L2 protocols are coming on ingress interface with that remote-span VLAN, but aren't forwarded to egress ports. As for me, these frames are intercepted by CPU, and dropped. Why is that? Checked on N3K model C3064PQ and 3048, software 7.0(3)I4(7).

Rajeshkumar Gatti · ‎08-27-2018

What is the configuration you are using?

We don't support remote span on the N3k platform. Looks like you have n3k configured as transit but I could be wrong.

-Raj

Adam84 · ‎08-31-2018

N3K has VLAN configured as remote-span VLAN. Monitor session is configured on other devices. N3K is supposed to just transmit frames further, and it drops i.e LACP frames in that VLAN. I think that frames in VLAN marked as remote-span shouldn't go to CPU at all, and that's why they are dropped.

Simplified config:

vlan dot1Q tag native

system vlan long-name

vlan 4085
  name Monitoring-VLAN
  remote-span

vlan configuration 4085
  no ip igmp snooping

interface Ethernet1/11
  description HQ-L2-sw2
  switchport mode trunk
  switchport trunk native vlan 4085
  switchport trunk allowed vlan 4085

interface Ethernet1/12
  description SQ-L2-sw1
  switchport mode trunk
  switchport trunk native vlan 4085
  switchport trunk allowed vlan 4085

LACP frames enter N3K on eth1/11, and aren't transmitted out on eth1/12. I think same happens with any L2 protocol frames that are directed to CPU.