03-24-2009 07:04 AM - edited 03-06-2019 04:46 AM
I've been setting up an ERSPAN using 6500s.
I hope I have done my homework, but it seems not to work.
here are the source:
<snip>
interface GigabitEthernet4/3
description source
switchport
switchport access vlan 70
switchport mode access
no ip address
load-interval 30
no snmp trap link-status
<snip>
monitor session 50 type erspan-source
source interface Gi4/3
destination
erspan-id 150
ip address 10.20.1.146
ip ttl 50
origin ip address 10.92.0.4
<snip>
and this is the destination:
interface FastEthernet4/3
description OMIF424 eth3 - Test Remote Span
switchport
switchport access vlan 70
switchport trunk encapsulation dot1q
no ip address
load-interval 30
no snmp trap link-status
monitor session 50 type erspan-destination
destination interface Fa4/3
source
erspan-id 150
ip address 10.20.1.146
interfaces are both loopback
routing has been checked.
inbound traffic is 400kbps
outbound traffic is 0kbps
source is a tap, destination is an aggregation IDS.
any hint?
TIA
Ivan
03-24-2009 07:50 AM
Hello Ivan,
The following supervisor engines support ERSPAN:
-Supervisor engines manufactured with PFC3B and PFC3BXL support ERSPAN.
-A WS-SUP720 (a Supervisor Engine 720 manufactured with a PFC3A) can only support ERSPAN if it has hardware version 3.2 or higher. Enter the show module version | include WS-SUP720-BASE command to display the hardware version. For example:
Router# show module version | include WS-SUP720-BASE
7 2 WS-SUP720-BASE SAD075301SZ Hw :3.2
verify what type of sup720 are on the two chassis
Hope to help
Giuseppe
03-24-2009 08:13 AM
source is a SUP720 w/ PFC3B
destination is a SUP32 w/ PFC3B
03-26-2009 02:38 AM
update.
the problem seems to be the source being a TAP.
in fact, when I connect a normal pc, and do some ping to nowhere, the frames are copied.
using TAP results in nothing copied.
there should be something with the packets not going to PFC, and hence not being copied.
03-26-2009 09:31 AM
SOLVED.
the tap turned to be a nortel switch using the 6500 as a destination span port.
the issue was solved simply disabling spanning-tree packets between the nortel and the Cisco.
interface GigabitEthernet4/3
switchport
switchport access vlan 70
switchport mode access
switchport nonegotiate
no ip address
load-interval 30
spanning-tree bpdufilter enable
no shutdown
exit
03-26-2009 11:18 AM
Hello Ivan,
nice news you have solved, and it is good that you have shared on the forum the solution of this issue this can help somebody else.
Best Regards
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide