Re: IE-3300 Series Switch [% Platform cannot support remote-span mirro

FITSupport32900 · ‎09-21-2020

For an IDS Design we would like to configure multiple RSPAN session which is working fine for some other Cisco Products like IE-4010-4S24P, WS-C3750-48TS, IE-3000-8TC…unfortunately we struggling to enable this on our IE-3300-8P2S devices using ie3x00-universalk9.17.02.01.SPA.bin or ie3x00-universalk9.17.03.01.SPA.bin.

We got this message: % Platform cannot support remote-span mirroring on VLAN with more than one member ports.

Background:

We use a dual Core environment where the switches are dualed home (Trunk) to the cores witches for redundancy reason.

Plan will be to monitor physical interface using RSPAN sessions from the workgroup switches to our IDS system connected to the core…as mention before, all works fine with other Cisco devices.

Monitor session 2 source interface G1/3 – 8 rx

Monitor session 2 destination remote vlan 1111

After typing the destination command this “error” message appears: % Platform cannot support remote-span mirroring on VLAN with more than one member ports.

Workaround: To configure only one uplink port (Trunk) for remote VLAN 1111 but:

What happens in case of an issue with our primary uplink?
What should we do if we have multiple switches in line, in this case we need remote VLAN 1111 configured on the uplinks?

Legend Mau · ‎11-16-2023

Hi FITSupport32900.

Here the steps to configure a success RSPAN sesion:

1. Configure your remote VLAN as usually.

2. Remove remote VLAN from Portchannel and validate that physical interfaces don't have remote vlan too.

Example:

My remote VLAN is 100, so I need to remove this VLAN from my uplink interfaces (logical and physical)

switch(config)#:interface Po1

switch(config-if)#:switchport trunk allowed vlan remove 100

Validate if the vlan was remove from all member ports.

3. Add remote VLAN in one of the physical interface uplink (as you know you going to lost the physical interface)

Example:

In my case I work with IE-3300-8U2X and only has two 10g interfaces so I configured Te1/2

switch(config)#:interface Te1/2

switch(config-if)#:switchport trunk allowed vlan add 100

NOTE: At this point Te1/2 still remain in suspend and Po1 and Te1/1 in UP state.

4. Now, configure your monitor session.

Example:

monitor session 1 source interface g1/3 - 10

monitor session 1 destination remote vlan 100

5. Now configure the interface Po1 adding the remote VLAN.

Example:

switch(config)#:interface Po1

switch(config-if)#:switchport trunk allowed vlan add 100 ................. ENTER AND HOPE THE MAGIC :p....

Here, each physical interface must be in UP state and RSPAN Working.

#show monitor session remote detail
Session 1
---------
Type : Remote Source Session
Description : -
Source Ports :
RX Only : None
TX Only : None
Both : Gi1/3-10
Source Subinterfaces :
RX Only : None
TX Only : None
Both : None
Source VLANs :
RX Only : None
TX Only : None
Both : None
Source Drop-cause : None
Source EFPs :
RX Only : None
TX Only : None
Both : None
Source RSPAN VLAN : None
Destination Ports : None
Filter VLANs : None
Dest RSPAN VLAN : 50
IP Access-group : None
MAC Access-group : None
IPv6 Access-group : None

For me is working and after two years ago posted asking help I hope this information work for you.

ituske · ‎01-08-2024

Hi,

We faced to the similar issue with IE3300 switches. Based on your message I added remote monitor to port-cannel:

Remove RSPAN VLAN from the port-channel interface.
Add monitor remote destination command.
Add RSPAN VLAN to the port-channel interface.

Is it a supported workaround/setup?

Thanks, Imre

Legend Mau · ‎01-08-2024

Yes, it is supported. The solution was validated by Cisco TAC.

Regards

IE-3300 Series Switch [% Platform cannot support remote-span mirroring on VLAN with more than one member po