Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
525
Views
0
Helpful
5
Replies

RSPAN? Having alot of issues

Go to solution
jonesrob84
Level 1
Level 1

‎09-02-2010 11:09 AM - edited ‎03-06-2019 12:47 PM

Hi all,

I having major issues trying to get RSPAN to work

As a run down, i have an avaya phone system which needs call recording - all switches are cisco - see diagram.

Basic, the call recording side needs a port mirror port to listen to all the traffic, to which i can get working fine, on one switch useing the below

monitor session 50 source vlan 5

monitor session 50 destination int fa 1/0/48

All the phones are on vlan 5.

I have set up a second vlan of 10, and configured this are a remote-span

All the of the alterations i have done are also in the diagram.

However, once i start to added the monitor sessions, switches stop talking to each other (ir, cant ping each others vlan address) but commication carrys on fine?

Any tips? Or do i need to provide more configs?

Really stuck guys/ladies, need help!!!!!!

Labels:
Preview file
73 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎09-02-2010 12:20 PM

Hi Robert,

A couple of comments:

  1. The VLAN 10 must be created on all switches and it must be configured as remote-span VLAN on all switches, not just on a single switch. I am not sure if that is the case, according to the exhibit you have provided us with.
  2. The destination session that takes the data out from the RSPAN VLAN 10 and sends it out the interface Fa1/0/48 on the second switch is not configured correctly, according to your exhibit. The second switch should be configured as follows:

monitor session 50 source vlan 5
monitor session 50 destination remote vlan 10
monitor session 51 source remote vlan 10
monitor session 51 destination interface Fa1/0/48

Also, it would probably be better not to capture the entire VLAN 5 on all switches (broadcasts, multicasts and unknown unicasts will be recorded multiple times because of multiple switches receiving and sending these frames in VLAN 5) but rather individual interfaces - access ports in the VLAN 5.

Best regards,

Peter

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎09-02-2010 12:20 PM

Hi Robert,

A couple of comments:

  1. The VLAN 10 must be created on all switches and it must be configured as remote-span VLAN on all switches, not just on a single switch. I am not sure if that is the case, according to the exhibit you have provided us with.
  2. The destination session that takes the data out from the RSPAN VLAN 10 and sends it out the interface Fa1/0/48 on the second switch is not configured correctly, according to your exhibit. The second switch should be configured as follows:

monitor session 50 source vlan 5
monitor session 50 destination remote vlan 10
monitor session 51 source remote vlan 10
monitor session 51 destination interface Fa1/0/48

Also, it would probably be better not to capture the entire VLAN 5 on all switches (broadcasts, multicasts and unknown unicasts will be recorded multiple times because of multiple switches receiving and sending these frames in VLAN 5) but rather individual interfaces - access ports in the VLAN 5.

Best regards,

Peter

0 Helpful

Go to solution
jonesrob84
Level 1
Level 1
In response to Peter Paluch

‎09-02-2010 12:30 PM

Thank you peter,

VLAN 10 has been created on all the switches (isnt this to do with the VTP?) however i dont know if the remote-span will replicate over?

I see your notes on the second monitor session, so i will give this ago tommrow,

although it doesnt explain why we loose connection to the switches when we try and connect to the vlan interfaces ip address via telnet?

I was hopeing the call recording software could handle multiple nics - this way i could of designated one port per switch to reduce the broadcast

Can you see a better one of archiving the above but only useing a single nic connection

Again, i huge thank you for your help, its really appreciated.

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to jonesrob84

‎09-02-2010 01:09 PM

Hello Robert,

The VLAN 10 will propagate over all switches if your VTP is properly configured on all switches. Also, the "remote-span" setting will be also advertised by the VTP.

I am not quite sure why the reachability to switches went down when you configured the SPAN session. Regarding the single NIC - if you get this RSPAN working with one destination port, that will be absolutely sufficient in my opinion.

Let us know if it started working for you tomorrow!

Best regards,

Peter

0 Helpful

Go to solution
jonesrob84
Level 1
Level 1
In response to Peter Paluch

‎09-03-2010 06:29 AM

Peter

A huge thank you

First off, the switches were not talking to each other as soon as the trunk ports came online, and not the monitoring.

I found this to be that the config was missing  conf# ip routing

As soon as this came in, i could manage all the switches again.

From where i made the changes to the sessions as you suggested, and its now all up and running.

Again, a massive thank you for pointing me in the right direction.

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to jonesrob84

‎09-03-2010 10:27 AM

Hello Robert,

I am glad to have had the opportunity to assist you. Feel yourself welcome to come back anytime to NetPro with any networking issues you might have.

Best regards,

Peter

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card