07-12-2010 02:46 PM - edited 03-06-2019 12:00 PM
Three Cat3560 switches, I'll call them A,B, and C. We're setting up for voice recording, but are only seeing one side of the RTP stream.
On switch A:
monitor session 1 source vlan 20
monitor session 1 destination remote vlan 100
(Switch B is providing a trunk only)
Switch C
monitor session 1 source remote vlan 100
monitor session 1 destination interface Gi0/18
Any help would be appreciated.
07-12-2010 07:27 PM
Brian,
Can you post "show vlan id 100" from all the switches and "show mon sess 1 detail" from switch A and B and show int fa/gi x/y from the trunk links connecting the switch.
And the version that you are running.
JayaKrishna
07-13-2010 12:17 AM
Hello,
Please, make sure you configure VLAN 100 as remote-span VLAN:
switch(config)#vlan 100
switch(config-vlan)#remote-span
Regards.
07-13-2010 01:07 PM
JayaKrishna,
Thanks for your help ... here's the info:
"SWITCH A"#sh vlan id 100
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
100 RSPAN active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Gi0/1
Gi0/2
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
100 enet 100100 1500 - - - - - 0 0
Remote SPAN VLAN
----------------
Enabled
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
"SWITCH A"#sh mon sess 1 detail
Session 1
---------
Type : Remote Source Session
Source Ports :
RX Only : None
TX Only : None
Both : None
Source VLANs :
RX Only : None
TX Only : None
Both : 20
Source RSPAN VLAN : None
Destination Ports : None
Filter VLANs : None
Dest RSPAN VLAN : 100
"SWITCH B"#sh vlan id 100
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
100 RSPAN active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/17, Fa0/20, Fa0/21
Fa0/23, Fa0/24, Fa0/25, Fa0/26
Fa0/27, Fa0/29, Fa0/31, Fa0/32
Fa0/33, Fa0/34, Fa0/35, Fa0/36
Fa0/37, Fa0/38, Fa0/39, Fa0/41
Fa0/42, Fa0/43, Fa0/44, Gi0/1
Gi0/2, Gi0/3, Gi0/4
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
100 enet 100100 1500 - - - - - 0 0
Remote SPAN VLAN
----------------
Enabled
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
"SWITCH B#sh mon sess 1 detail
No SPAN configuration is present in the system for session [1].
"SWITCH C"#sh vlan id 100
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
100 RSPAN active Gi0/24
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
100 enet 100100 1500 - - - - - 0 0
Remote SPAN VLAN
----------------
Enabled
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
"SWITCH C"#sh mon sess 1 detail
Session 1
---------
Type : Remote Destination Session
Description : -
Source Ports :
RX Only : None
TX Only : None
Both : None
Source VLANs :
RX Only : None
TX Only : None
Both : None
Source RSPAN VLAN : 100
Destination Ports : Gi0/18
Encapsulation : Native
Ingress : Disabled
Filter VLANs : None
Dest RSPAN VLAN : None
07-13-2010 02:15 PM
The configutaiton of RSPAN looks correct but one thing I noticed that you have mapped the RSPAN vlan (100) to some ports on all the switches.
You cannot have ports mapped to RSPAN vlan .
Please look at the second point in the following link:
Remove those interfaces from RSPAN vlan 100 and see if that works or use a different RSPAN vlan.
JayaKrishna
07-13-2010 08:06 AM
Brian:
Noticed that you are using a VLAN as a source on Switch A.
The following excerpt is from the Catalyst 3550 Multilayer Switch Software Configuration Guide (page 24-6).
Although this is not the same platform you are using, the behavioral limits might be the same.
VLAN-Based SPAN
VLAN-based SPAN (VSPAN) is the monitoring of the network traffic in one or more VLANs. You can configure VSPAN to monitor only received (Rx) traffic, which applies to all the ports for that VLAN.
Perhaps you are being hindered by the limits of VLAN-Based SPAN (monitoring of only received (Rx) traffic).
Might want to take a look at the other usage guidelines in that section as well.
Best Regards,
Mike
07-13-2010 12:52 PM
Mike,
Good catch, I'll dig a little deeper on this one. I guess I can switch to source the ports, then trim the data VLAN traffic off. I'm not at the client site, so I can't validate this one right away, but will follow up with the outcome.
Regards,
Brian
07-13-2010 02:04 PM
Brian:
The show command output subsequently provided, implies that your platform supports both RX and TX when using a VLAN as the SPAN source.
SWITCH A"#sh mon sess 1 detail
Source VLANs:
RX Only : None
TX Only : None
Both : 20
I took a quick look at the Catalyst 3560 Multilayer Switch Software Configuration Guide, Release 12.2(52)SE, and found the following statements:
Monitored Traffic
SPAN sessions can monitor these traffic types:
• Receive (Rx) SPAN—The goal of receive (or ingress) SPAN is to monitor as much as possible all the packets received by the source interface or VLAN before any modification or processing is performed by the switch.
• Transmit (Tx) SPAN—The goal of transmit (or egress) SPAN is to monitor as much as possible all the packets sent by the source interface after all modification and processing is performed by the switch.
• Both—In a SPAN session, you can also monitor a port or VLAN for both received and sent packets. This is the default.
Note: I find the absence of a reference to "VLAN" in the Transmit (Tx) SPAN statement suspicious, despite it being mentioned in the Both statement.
Source VLANs
VSPAN has these characteristics:
• All active ports in the source VLAN are included as source ports and can be monitored in either or both directions.
I think I'd still test a local SPAN session on switch A, with a VLAN specified as the source, and prove that the functionality is as claimed in the documentation.
Note: Keep in mind that the documentation referenced is for 12.2(52)SE, and I'm not sure which IOS is in use.
Best Regards,
Mike
07-14-2010 11:58 AM
Issue solved, in short there is no problem. Both streams were spanned to the monitoring port, however Wireshark sniffer didn't seem to show it. While I'm familiar with certain changes that may be needed on the NIC and Wireshark, a test last week with a different customer using SPAN and using the same laptop worked fine. While I'm puzzled as to what's wrong with the PC/Wireshark setup, I'm glad that all is well with the RSPAN setup. The client's voice recording vendor hooked up their system and said they see all the traffic.
Sincere thanks to those who assisted.
Regards,
Brian
07-14-2010 12:30 PM
Brian:
Glad it worked out.
Any chance you were using display filters with Wireshark?
Perhaps filtering on source or destination port only (E.g.: udp.dstport == xx), rather than a port without directional specifity (E.g.: udp.port == xx), which would be relevant (if) the application did not use the same port number on each end of the connection.
Best Regards,
Mike
07-14-2010 12:43 PM
No filters were used.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide