09-21-2020 03:23 AM
For an IDS Design we would like to configure multiple RSPAN session which is working fine for some other Cisco Products like IE-4010-4S24P, WS-C3750-48TS, IE-3000-8TC…unfortunately we struggling to enable this on our IE-3300-8P2S devices using ie3x00-universalk9.17.02.01.SPA.bin or ie3x00-universalk9.17.03.01.SPA.bin.
We got this message: % Platform cannot support remote-span mirroring on VLAN with more than one member ports.
Background:
We use a dual Core environment where the switches are dualed home (Trunk) to the cores witches for redundancy reason.
Plan will be to monitor physical interface using RSPAN sessions from the workgroup switches to our IDS system connected to the core…as mention before, all works fine with other Cisco devices.
Monitor session 2 source interface G1/3 – 8 rx
Monitor session 2 destination remote vlan 1111
After typing the destination command this “error” message appears: % Platform cannot support remote-span mirroring on VLAN with more than one member ports.
Workaround: To configure only one uplink port (Trunk) for remote VLAN 1111 but:
11-16-2023 03:50 PM
Hi FITSupport32900.
Here the steps to configure a success RSPAN sesion:
1. Configure your remote VLAN as usually.
2. Remove remote VLAN from Portchannel and validate that physical interfaces don't have remote vlan too.
Example:
My remote VLAN is 100, so I need to remove this VLAN from my uplink interfaces (logical and physical)
switch(config)#:interface Po1
switch(config-if)#:switchport trunk allowed vlan remove 100
Validate if the vlan was remove from all member ports.
3. Add remote VLAN in one of the physical interface uplink (as you know you going to lost the physical interface)
Example:
In my case I work with IE-3300-8U2X and only has two 10g interfaces so I configured Te1/2
switch(config)#:interface Te1/2
switch(config-if)#:switchport trunk allowed vlan add 100
NOTE: At this point Te1/2 still remain in suspend and Po1 and Te1/1 in UP state.
4. Now, configure your monitor session.
Example:
monitor session 1 source interface g1/3 - 10
monitor session 1 destination remote vlan 100
5. Now configure the interface Po1 adding the remote VLAN.
Example:
switch(config)#:interface Po1
switch(config-if)#:switchport trunk allowed vlan add 100 ................. ENTER AND HOPE THE MAGIC :p....
Here, each physical interface must be in UP state and RSPAN Working.
#show monitor session remote detail
Session 1
---------
Type : Remote Source Session
Description : -
Source Ports :
RX Only : None
TX Only : None
Both : Gi1/3-10
Source Subinterfaces :
RX Only : None
TX Only : None
Both : None
Source VLANs :
RX Only : None
TX Only : None
Both : None
Source Drop-cause : None
Source EFPs :
RX Only : None
TX Only : None
Both : None
Source RSPAN VLAN : None
Destination Ports : None
Filter VLANs : None
Dest RSPAN VLAN : 50
IP Access-group : None
MAC Access-group : None
IPv6 Access-group : None
For me is working and after two years ago posted asking help I hope this information work for you.
01-08-2024 08:02 AM
Hi,
We faced to the similar issue with IE3300 switches. Based on your message I added remote monitor to port-cannel:
Is it a supported workaround/setup?
Thanks, Imre
01-08-2024 04:07 PM
Yes, it is supported. The solution was validated by Cisco TAC.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide