cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2381
Views
0
Helpful
3
Replies

RSPAN Issues

acisco
Level 1
Level 1

Hi, having issues getting RSPAN to work properly sending traffic to a PC (nProbe). After nProbe converts the flows to NetFlow and sends it to our collector (nfdump), the collector isn't really adding flows. I see some traffic but they're mainly broadcasts and multicasts from that room (which I can identify by subnet in flow source IP).

 

The issue could be with the collector/exporter but with local SPAN (on 2960) I was able to get more meaningful proper flows added to the collector (e.g. HTTPS traffic).

 

3560 > g0/1 connects to g0/2 < 2960 

3560 > g0/2 connects to a room in a building.

2960 > g0/1 connects to the PC.

 

 Both have vlan 99, remote-span configured.

RSPAN Source (3560):

interface GigabitEthernet0/1
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,99
 switchport mode trunk
 switchport nonegotiate
!
monitor session 1 source interface Gi0/2
monitor session 1 destination remote vlan 99

RSPAN Destination (2960):

 

 

interface GigabitEthernet0/1
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/2
 switchport trunk allowed vlan 1,99
 switchport mode trunk
 switchport nonegotiate
!
monitor session 1 destination interface Gi0/1
monitor session 1 source remote vlan 99

I would appreciate any assistance with this and if there's anything wrong with the config. Have checked counters etc. and there's definitely a lot of traffic going out / in the physical SPAN interfaces. 

 

1 Accepted Solution

Accepted Solutions

acisco
Level 1
Level 1

Issue seems to be solved. Not sure exactly how but things are working now. I did remove VLAN 1 from the trunk, that may have been it.

View solution in original post

3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

can you please post VLAN 99 configuration of all the switches.

 

show output for the below command from all the switches.

 

 show vlan remote-span

show monitor

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Shoot, I forgot to do that. Will have to be in a few days if that's all right with you. I don't have physical access over the weekend and I can't manage the devices remotely.

acisco
Level 1
Level 1

Issue seems to be solved. Not sure exactly how but things are working now. I did remove VLAN 1 from the trunk, that may have been it.