Hello  Andras,

regarding RSPAN source/destination port, I understand this limitation so that the RSPAN session shouldn't use the port as destination or source, which is configured in other RSPAN session as source or destination, not so that I can't use an interface as source for RSPAN where simply  the RSPAN Vlan is allowed.

In my topology I don't use RSPAN source/destination port on the same switch.

I tried the "rspan filter vlan" with a result that I loose the connection over this VLAN which I use in filter.

Hi Konstantin,

Are you using a separate vlan for the RSPAN? Are you trying to access the 3550 switch on another vlan?

Best regards,

Andras

yes sure, I'm using the separate vln for RSPAN session, ans that VLAN has a special type - "remote-span"

Hi Konstantin,

I would suggest to check the switch from console connection when this is happening. Check STP states, Gi0/1 status, look at the logs, try pinging a neighboring device, etc.

Best regards,

Andras

Hello again,

sorry for not been answering so long.

I tried to reproduce to topolgy in a test lab and of course didn't see any problems, but in real network is something very strange happens.

Away from the first problem I described, I did now the following see the picture down there.

"RSPAN destination" session is confgiured on sw-01-02, sorce VLAN 555, destination port Gi0/18

"RSPAN source" session is on sw-10-01- source int F0/48, destination VLna555 (reflector port is one of  unused ports)

before I start the RSPAN source session on sw-10-01 I can reach IP 10.93.1.1 (R-10-01) without problem, but after activation the RSPAN I can see that only 50% packet are coming through and on the managemnet station in tcpdump I see only ICMP replies (those 50%) but no ICMP requests. 

I've tried all possible RSPAN option whithout success. One thing to notice, on all switches there is a command "vlan dot1q tag native", in case it's important.

I'm lost and  can't find any reason.

Hello Konstantin,

Sorry to point to towards two other threads without providing a full explanation, but do you believe your issue is similar to any of these two which have already been discussed here?

https://supportforums.cisco.com/message/3198475#3198475

https://supportforums.cisco.com/message/3202442#3202442

Best regards,

Peter

It can indeed be that you are hitting the following defect:

CSCtj76880 RSPAN causes port to go into BKN state due to PVID inconsistency

This has been fixed in 12.2(55)SE and 12.2(58)SE.

Best regards,

Andras

do you mean update could be the solution? but our problems don't fit 100% to those descrided in that bug.

I would recommend to upgrade to the latest version on the 3560 switches. I see that you are already running the latest on 3550.

Andras

but if I correctly understand, the source of problem is c3550, because I lost the connection to a vlan on c3550 where I star the RSPAN source session.

C3560 is only destination RSPAN and it works well if I start source RSPAN session on the neighbour c3560 - SW-01-01, then I can see and sniff all the traffic without lossing the connection.

it's more funny!

if I disable the RSPAN VLAN 555 on the trun interface of sw-10-01 (where source interface for RSPAN session is configured) then I don't see of course any traffic on the sniffer but no packet loss!

I activated the RSPAN VLAN 55 on the trunk again, and run the "debug ip packets" on the router R-10-01 (which I'm testing with ping) and I see the following:

1. the ping from the router R-01-01 to 10.93.1.1 says "timeout"

2. sniffer host shows nothing, sometimes come the ARP's request from that VLAN 3326, but no ICMP packets.

3. the VLAN3326 interfac on SW-10-01 with an IP 10.93.1.12 can be reached without problem

4. the debug on the destination router R-10-01 says that it gets ALL packets and sends ALL answers!

it means that at least forward direction is working, but the   backward direction has a problems, but why I don't see any ICMP request on the sniffer host?

It seems that the answer from R-10-01 doesn't go into the correct vlan 3326 but somewhere else. Sometimes I can see on the sniffer host the ICMP answer from the R-10-01, but I think it comes only when MAC or ARP table doesn't have the entry and the packet will be flooded   over all ports.

It's very very strange, I'd be appriciate if somebody could at least give an idea what can be wronfg there.

I'd say the initial problem, when I lost the connection complete could be somehow related to that bug, but the versions I use on  the switchs are different what the bug and topic are discussed

c3550 (SW-10-01) Version 12.2(44)SE6

c3560 (SW-01-01, SW-01-02) 12.2(44)SE

and why I get 50% packet loss in a second scenario? if the STP blocks the port I  would lost 100% of packets.

One another thing is the "cloud" which conncets both sites - is a Provider network with QinQ tag, but I don't think  it produce such a problem.

Hi Peter!

I've just stated a new thread https://supportforums.cisco.com/thread/2102954

it seems to be a known problem  - QinQ doesn't really work with RSPAN session.

It looks like that the "remote-span" VLAN (555 in our case) makes the PE switch think that there is a loop in a topology because "remote-span" vlan doesn't use STP.