10-05-2018 02:32 PM - edited 10-05-2018 02:34 PM
Hi, having issues getting RSPAN to work properly sending traffic to a PC (nProbe). After nProbe converts the flows to NetFlow and sends it to our collector (nfdump), the collector isn't really adding flows. I see some traffic but they're mainly broadcasts and multicasts from that room (which I can identify by subnet in flow source IP).
The issue could be with the collector/exporter but with local SPAN (on 2960) I was able to get more meaningful proper flows added to the collector (e.g. HTTPS traffic).
3560 > g0/1 connects to g0/2 < 2960
3560 > g0/2 connects to a room in a building.
2960 > g0/1 connects to the PC.
Both have vlan 99, remote-span configured.
RSPAN Source (3560):
interface GigabitEthernet0/1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,99 switchport mode trunk switchport nonegotiate ! monitor session 1 source interface Gi0/2 monitor session 1 destination remote vlan 99
RSPAN Destination (2960):
interface GigabitEthernet0/1 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/2 switchport trunk allowed vlan 1,99 switchport mode trunk switchport nonegotiate !
monitor session 1 destination interface Gi0/1
monitor session 1 source remote vlan 99
I would appreciate any assistance with this and if there's anything wrong with the config. Have checked counters etc. and there's definitely a lot of traffic going out / in the physical SPAN interfaces.
Solved! Go to Solution.
10-12-2018 03:54 AM
Issue seems to be solved. Not sure exactly how but things are working now. I did remove VLAN 1 from the trunk, that may have been it.
10-05-2018 02:42 PM - edited 10-05-2018 02:43 PM
can you please post VLAN 99 configuration of all the switches.
show output for the below command from all the switches.
show vlan remote-span
show monitor
10-05-2018 02:55 PM
Shoot, I forgot to do that. Will have to be in a few days if that's all right with you. I don't have physical access over the weekend and I can't manage the devices remotely.
10-12-2018 03:54 AM
Issue seems to be solved. Not sure exactly how but things are working now. I did remove VLAN 1 from the trunk, that may have been it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide