Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1466
Views
5
Helpful
3
Replies

RSPAN not working between 3850s with 4500X between

james.brunner
Level 1
Level 1

‎04-20-2018 11:13 AM - edited ‎03-03-2019 08:47 AM

Hi all,

 

I have a very simple setup: 3850 <> 4500x <> 3850 all daisy-chained togther with trunked port-channels with all vlans permitted on the port-channel and member interfaces.

Each device has vlan150 configured as an RSPAN:

vlan 150
 remote-span
end

On the left-hand 3850, I have a source port passing the traffic to the remote vlan 150:

monitor session 10 source interface Gi1/0/1
monitor session 10 destination remote vlan 150

And on the right-hand 3850, I have a destination port dropping the data off from the rspan:

monitor session 10 source remote vlan 150
monitor session 10 destination interface Gi1/0/48

The 4500x just has the remote-span vlan defined and the two trunked port-channels to each 3850. The 3850s are running 16.3.5b with ipservices and the 4500x is running 3.8.5E with ipbase. All three devices have ip routing enabled.

The problem seems to be that it just isn't working. I get the odd packet but not the copied stream. The source port counters rack up quite nicely. If I create a simple port-to-port span on the left-hand 3850 then I get the full copy of the source at the destination port but this RSPAN just doesn't seem to want to work. The source port has about 3-4Mbps through it at the high point (it's a voice stream from a SIP router) - the destination output is so low it doesn't even register, just one or two packets every minute.

Is there any reason anyone can think of why this setup would not work? I found one document that said RSPAN was only supported in lanbase but the feature explorer confirms RSPAN is in both lanbase and ipservices for 16.3.5b on the 3850. Before you ask, these are all production systems in a remote DC running other services so physical access/downtime is going to be tricky :(

What am I missing?

 

Thanks in advance. JB.

Labels:
0 Helpful
3 Replies 3

chrihussey
VIP Alumni
VIP Alumni

‎04-25-2018 12:11 PM

I saw the doc that said you must be running LAN base on the 3850s. Assuming you are correct about the 16.3.5b code, it doesn't sound like you are doing anything wrong. Couldn't find any bugs but wouldn't rule that out. Other than that:

 

1- Cisco recommends creating the RSPAN VLAN before configuring the source or destination sessions. If it wasn't done in that order, it may be a good idea to remove it all and then recreate it.

 

2- Check the trunks to verify the RSPAN VLAN is forwarding on all. I did see in the documentation "If you enable VTP and VTP pruning, RSPAN traffic is pruned in the trunks to prevent the unwanted flooding of RSPAN traffic across the network for VLAN IDs that are lower than 1005."

 

3-  Just a thought to further identify what's happening. Can you keep the RSPAN session on the first switch and make the RSPAN destination a port on the 4500? If it works you'll know the 3850 image is good and that it is getting to the 4500. May not provide a resolution, but tells you where to focus your efforts.

Regards

0 Helpful

james.brunner
Level 1
Level 1
In response to chrihussey

‎04-28-2018 12:41 AM

Just a quick update for anyone else who might stumble upon this.

RSPAN does seem to only work in LAN base images as per the single line in the release notes "To use RSPAN, the switch must be running the LAN Base image." - so this is exactly what we are seeing in production and lab.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/16-3/configuration_guide/b_163_consolidated_3850_cg/b_162_consolidated_3850_cg_chapter_01000101.html?bookSearch=true#reference_5323577C93FF44B48D6EE79AAFC6724F

So we now have our LAN base device(s) using RSPAN and our IP Base and above using ERSPAN which seems to work fine... except we noted that ERSPAN seems to have an issue under 16.3.5b but works fine under 16.3.6 when talking to an older 6509E destination- although there is nothing in the 16.3.6 release notes relating to a bug fix that I can find - go figure. But hey, it's working so let's not jinx anything.

So in the end, we have a mish-mash of RSPAN and ERSPAN depending on the feature set all running 16.3.6

My only gripe is that as a destination for the ERSPAN we're having to use an older 6509E because the 3850s and 4500Xs don't support "type erspan-destination" only erspan-source. Seems like a real limitation to me especially on the 4500X!

 

Regards and thanks for the sanity check.

JB.

chrihussey
VIP Alumni
VIP Alumni
In response to james.brunner

‎04-30-2018 09:42 AM

Appreciate the update.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents