Re: RSPAN for 4500X as Core with Multiple Access Switches with 1 Session

azhar_eaggle1 · ‎04-16-2019

we have 4500X as core and trying to run RSPAN for all access Ports on Access Switches(3850 Stacked). access Switches to the core is on L2 and we are trunking all VLANs. when we send Captured packets to Core, it also sends to other access Switches. wants to Limit RSPAN traffic. so that Core should only be Ingress not Egress. any idea, how we can do that

joseph.h.nguyen · ‎04-16-2019

It sounds like you configure RSPAN correctly based on that it is working but not the desired result. Here is a configuration guide anyway, https://community.cisco.com/t5/networking-documents/understanding-span-rspan-and-erspan/ta-p/3144951.

No idea of your configuration. If you can post it, we may be able to help. Have you configured your trunk port to prune VLANs? Pruning restricts VLAN outbound to other switch. See sample config, https://learningnetwork.cisco.com/thread/119664. First thing popped in my head is that the RSPAN VLAN is extended from core switch to other access switches or core sw's monitor session destination may be misconfigured.

azhar_eaggle1 · ‎04-16-2019

See Below Configs. we want to stop inter Switch Communication for access Switches for VLAN-999

!Core Switch

VLAN 999

name span

remote-span

!

monitor session 1 destination interface Te1/1/10

monitor session 1 source remote VLAN 999

monitor session 1 filter packet-type good rx

!

!Switch 01

VLAN 999

name span

remote-span

!

monitor session 1 source VLAN 100,300

monitor session 1 destination remote VLAN 999

!

joseph.h.nguyen · ‎04-16-2019

Have you checked your trunk ports? Do "show interface trunk", if you see VLAN 999 specified or within the range, than it is inter switching. To prune vlans on trunk port, you have to add "switchport trunk allowed vlan except 999" on the desired trunk port(s).