Hi.  I wonder if somebody could help with the following problem I'm having relating to RSPAN configuration.

Thanks in advance!

I’ve been tasked with SPANing traffic across our Cisco switch  infrastructure in an office so we can mirror a subset of traffic to a  single port.

The reason this is required is so we can present all voice traffic to a port connected to a voice recording server.

The network infrastructure I am currently using to test this set up is as follows:

-    Primary 6509 distribution switch running IOS version:  s72033-ipservices_wan-mz.122-33.SXH4.bin" (hostname -  RS03-6509E-DIST-ML-01)

-    Secondary 6509 distribution switch running IOS version:  s72033-ipservices_wan-mz.122-33.SXH4.bin" (hostname -  RS03-6509E-DIST-ML-02)

- the two switches are connected together via a statically configured VLAN trunk.

The configuration I have put in place to implement RSPAN is as shown here:

1    RS03-6509E-DIST-ML-01#     

2         

3    vlan 950     

4    name RSPAN_VLAN_950     

5    remote-span     

6         

7         

8    interface Port-channel1     

9    description **** L2 PORTCHANNEL TO DC2-6509-DIST-ML02 PORTS 3/47-48 4/47-48 ****     

10    switchport     

11    switchport trunk encapsulation dot1q     

12    switchport trunk allowed vlan 32-36,38-42,44-47,140,144,950     

13    switchport mode trunk     

14         

15    spanning-tree vlan 32,34,36,38-40,42,44,46,140,144,950 priority 16384     

16         

17    !     

18    monitor session 1 type rspan-source     

19    description ** RSPAN_SRC_SESSION **     

20    source vlan 32 , 34 , 36     

21    destination remote vlan 950     

22    !     

23    !     

24    monitor session 11 type rspan-destination     

25    description ** RSPAN_DST_SESSION **     

26    source remote vlan 950     

27    destination interface Gi7/10     

28    !     

29         

30         

31    RS03-6509E-DIST-ML-02#     

32         

33    !     

34    vlan 950     

35    name RSPAN_VLAN_950     

36    remote-span     

37    !     

38    spanning-tree vlan 32,34,36,38-40,42,44,46,140,144,950 priority 8192     

39         

40    interface Port-channel1     

41    description **** L2 PORTCHANNEL TO DC2-6509-DIST-ML012 PORTS 3/47-48 4/47-48 ****     

42    switchport     

43    switchport trunk encapsulation dot1q     

44    switchport trunk allowed vlan 32-36,38-42,44-47,140,144,950     

45    switchport mode trunk     

46         

47    !     

48    monitor session 1 type rspan-source     

49    description ** RSPAN_SRC_SESSION **     

50    source vlan 32 , 34 , 36     

51    destination remote vlan 950     

52    !     

53    !     

54    monitor session 11 type rspan-destination     

55    description ** RSPAN_DST_SESSION **     

56    source remote vlan 950     

57    destination interface Gi7/10     

58    !     

59    !               

ISSUE –

The problem I have been experiencing is that the traffic which gets  presented at the destination port on either distribution switch (Gig  7/10 on both) is not limited to the 3 x VLANs that I specified in the  source lists (see lines 20 and 50).  When sniffing either port (on  either distribution 01 or 02) using Wireshark I’m seeing traffic for all  VLANs present on the switches?

Any help understanding what’s wrong with this configuration would be  much appreciated i.e. any advice as to how I can limit the traffic  presented to port Gi7/10 to VLANs 32, 34 and 36 only?

Hope someone can help and thank you for reading my post,

Andy