I need to span phones traffic from vlan voice to vlan rspan. Record server only one

---

@dijix1990 wrote:

I need to span phones traffic from vlan voice to vlan rspan. Record server only one

---

What kind of recording server are you using? Most of the current ones use a SIP trunk and recording profile instead of a SPAN port.

I need to record sessions between two phones which placed on the same switch

You could set up RSPAN on your 2960 and use the RSPAN VLAN as source VLAN for ERSPAN on your gateway device - that is assuming that the two phones are on the same site and your recording server is remote. 

don't understand your idea.

OK, I have 2960 with monitor session

monitor session 1 source vlan 975
monitor session 1 destination remote vlan 103

what I need to do to encapsulate rspan to erspan on my asr1002-X

On your ASR you configure VLAN 103 as source. Refer to the following config guide for detailed instructions: https://www.cisco.com/c/en/us/td/docs/routers/ios/config/17-x/lan-wan/b-lan-wan/m_lnsw-conf-erspan.html 

Your source ERSPAN configuration would look something like this:

monitor session 100 type erspan-source
    source vlan 103

But asr1002x it's l3 device. It doesn't have l2 ports, there's only bdi for l2 features

That is fine. You can use an L3 interface/subinterface as a source.

And how? Vlan 103 is l2 only  how can I sent traffic of rspan via asr? I use erspan, but only for traffic L3 and I don't know how can I sent vlan 103 without gateway through erspan

Hm can you give an example of create a VxLAN VNI mapped to the same VLAN?

I tried to use this construction for RSPAN

bridge-domain 103
 member vni 6025
 member GigabitEthernet0/0/1 service-instance 103

bridge-domain 975
 member vni 6035
 member GigabitEthernet0/0/1 service-instance 975

interface GigabitEthernet0/0/1
 service instance 103 ethernet
  description RSPAN
  encapsulation dot1q 103
   service instance 975 ethernet
  description Voice_DHCP
  encapsulation dot1q 975

Branch 1 - VXLAN - Branch 2

Branch 1 has record server and rspan configuration

monitor session 1 source vlan 975
monitor session 1 destination remote vlan 103

the same Branch 2 has rspan configuration

monitor session 1 source vlan 975
monitor session 1 destination remote vlan 103

but after it I see macflap

May 14 12:03:54.491: %SW_MATM-4-MACFLAP_NOTIF: Host 0077.8df9.b2b0 in vlan 103 is flapping between port Twe1/0/45 and port Po19
May 14 12:03:54.491: %SW_MATM-4-MACFLAP_NOTIF: Host b4a8.b9e8.5fe8 in vlan 103 is flapping between port Po19 and port Po28

Apparently, the mac addresses from site 1 that are packed into vlan103 after vxlan are unpacked for some reason

sh mac add vlan 103
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
 103    0004.a3b9.67f0    DYNAMIC     Twe1/0/45
 103    0004.f2f2.3a6c    DYNAMIC     Twe1/0/45
 103    0004.f2f7.ca1e    DYNAMIC     Twe1/0/45
 103    001b.d432.e7c9    DYNAMIC     Twe1/0/45

Thanks for that output @dijix1990 

As discussed, RSPAN is not VxLAN-aware. So it causes MAC learning of mirrored (spoofed) trafic, which leads to flapping.

So, use ERSPAN, which avoids flooding and MAC learning issues beacuse it encapsulates mirrored trafic in GRE/IP, as @Torbjørn proposed.