RSPAN and 2950 switches

rnarayana · ‎09-14-2004

Hello ,

I have 3 2950 switches ,switch1,switch2,switch3.switch1 is connected to both switch 2 and 3.

I have a websense server that is connected to port 17 on switch 1.This websense server has 2 nic cards.One to send the traffic out and the other to monitor( port 17).

I have setup RSPAN and what ever I do websence does not work with RSPAN .How ever if I try to setup SPAN websense works.

Here are my configs.

Switch1:

int fas0/23

switchport mode trunk

monitor session 2 source remote vlan 99

monitor session 2 destination int fas 0/17

switch3

int fas0/1

switch mode trunk --- (port connected to switch 1)

monitor session 2 source interface fas 0/ 2- 47

monitor session 2 destination remote vlan 99 reflector-port fas0/48.

Note:Vlan 99 has been setup as remote Span vlan.

Does any one has any idea on this.

Thanks in advance.

pflunkert · ‎09-14-2004

Hi,

the configuration on the cat 2950 (Switch 1) should looks like this:

conf t

vlan 99

name RSPAN-VLAN

remote-span !!! control this with the command "show vlan remote-span"

!

monitor session 1 source interface Fa0/17 !!! Source Port of the traffic

monitor session 1 destination remote vlan 99 reflector-port Fa0/3 !!! Nothing is connected to Port Fa0/3!!!!

On the other catalyst (switch 3)

monitor session 1 source vlan 99

monitor session 1 destination interface Fa1/48 !!! To this Port the sniffer is connected

Both switches should be connected through vtp or must must configure the vlan 99 on switch 3 as remote-span also.

Regards

Peter

rnarayana · ‎09-15-2004

Peter,

Thanks for your reply.In my case switch3 is the source and switch1 is the one to which the sniffer or the websense is connected.I have the same exact configurations as you have specified.I have vlan 99 as the remote span vlan.Do you know what else could be the problem.

Thanks,

Radhika.

pflunkert · ‎09-15-2004

Radhika,

i tested the configuration in our lab. So i'am sure that the configuration is corect. You can try to use another port as source port. What software versions you use and can you post the "sh vlan remote-span" from both switches. Please also post your configs. I will put after the test in our lab.

Regards

Peter

carnage669 · ‎09-30-2004

I'm having similar issues. I have a 3550 as my source and a 2950 as the destination.

3550:

vlan 109

remote-span

monitor session 1 source interface gigabitethernet0/11

monitor session 1 destination remote vlan 109 reflector-port gigabitethernet0/8

2950:

monitor session 1 source remote vlan 109

monitor session 1 destination interface fastethernet0/25

I can tell the port on the 3550 is looping back the data, but 0/25 on the 2950 isn't receiving anything.

The show vlan remote-span on both switches looks right. The 2950 has picked up on VLAN109 automatically. I'm not sure why 0/25 isn't seeing anything. Any help would be appreciated.

kycheong · ‎09-22-2004

Hi, are u manage to solve your problem ? as i'm having a similar setup as you have, can't work at this point of time as well.

Regards

KY

rnarayana · ‎09-22-2004

Hello ,

I had to open a case with Cisco and they told me that 2950 is not recommened as a destination Rspan switch.It is a restrication of 2950 switches.They gave me one bug id.

I heard the solution is replace one of the 2950 which is a destination Rspan switch with 3550 .

I hope this helps.

Thanks,

Radhika

pflunkert · ‎09-23-2004

Hi Radhika,

in my tests the destination was a cat 3750, 4500 or cat 6500. SO it could be possible. Can you post id, please. I want wait for a bug-fix.

Regards

Peter

rnarayana · ‎09-23-2004

Peter,

According to Ciscowe cannot you 2950 as the destination switch.We can use any other switch .As you told it was the switch architechure limitation.Iwill try to find the bug and post it.

Thanks,

Radhika

Prashanth Krishnappa · ‎09-22-2004

There are some hardware restrictions with RSPAN on CAT2950 platform. The following page should help

http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCef64307