Re: RSPAN forward traffic on native vlan

cristian-speranza · ‎03-04-2025

Hello,

I have an architecture so indicated:
DATAROOMCS -> core switch
N7_OTS to DATAROOMCS with Port-Channel 1
N7_ST1,N7_ST2, N7_ST3 to DATAROOMCS with REP segment

I configured RSPAN session on switch N7_OTS:

monitor session 1 source interface Gi1/0/1 - 23
monitor session 1 destination remote vlan 993

Switch N7_OTS is connected to core switch through Port-Channel 1 with trunk configured:

switchport trunk allowed vlan add 993

On rep segment I not enabled vlan 993 in trunk and in N7_ST1, N7_ST2 that vlan is not declared, while N7_ST3 has that vlan because there is vtp enabled

The strange thing has when I enable vlan 993 in trunk on N7_OTS, I see on N7_ST1 the forward of all RSPAN traffic from core on native vlan 1.

I can't understand because core switch forward this traffic and I can't blocked.

Torbjørn · ‎03-04-2025

Have you configured your VLAN as such?

vlan 993
 name RSPAN-VLAN
 remote-span

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

cristian-speranza · ‎03-04-2025

Yes, on DATAROOMCS and N7_OTS but I can't see that on running-config (it's normal?), I see that vlan only with sh vlan

sh vlan

Torbjørn · ‎03-04-2025

Yes that is normal as it is stored in the VLAN database in some VTP versions/modes.

Sounds like VLAN 993 and VLAN 1 might be bridged somewhere. Can you manually prune VLAN 993 to only be allowed on the intended links and re-check if you still see the same?

What VTP version(s) are you running?

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

cristian-speranza · ‎03-04-2025

Vlan 993 is allowed only on Po7 (N7_OTS), Te1/0/6 and Te2/0/6 are the interface for N7_ST1 and N7_ST3

I forgotten to tell which I saw the traffic on N7_ST1 trunk port with wireshark.

VTP version is 2.