05-14-2010 04:35 AM - edited 03-06-2019 11:05 AM
Hi,
I'm doing rspan between two 3750G connected by trunk on etherchannel running version 12.2(44)SE5.
I only get receive traffic from the remote span vlan. I have create the remote span vlans and allowed it on the trunk interface on both sides.
Switch 1
Session 1
---------
Type : Remote Source Session
Source Ports :
Both : Gi1/0/17
Dest RSPAN VLAN : 4094
monitor session 1 source interface Gi1/0/17
monitor session 1 destination remote vlan 4094
Switch 2
Session 1
---------
Type : Remote Source Session
Source Ports :
Both : Gi1/0/17
Dest RSPAN VLAN : 4094
Session 2
---------
Type : Remote Destination Session
Source RSPAN VLAN : 4094
Destination Ports : Gi1/0/27
Encapsulation : Native
Ingress : Disabled
monitor session 1 source interface Gi1/0/17
monitor session 1 destination remote vlan 4094
monitor session 2 destination interface Gi1/0/27
monitor session 2 source remote vlan 4094
If I do local span then I get all the transmit/receive traffic from the source interface.
Thanks.
05-18-2010 08:03 AM
Pretty much what you are trying to do is RSPAN the same switch´s traffic tying to fool the switch to send it´s own interface traffic to the rspan vlan and then capture it again with another monitor session. Unfortunately this is not possible.
I have seen it working a couple of times but you will get unexpected results.
It looks like you´ll need a third switch for this task.
- Jorge
08-14-2010 02:53 AM
Hi,
I have added a third switch 3750-24P running 12.2(46)SE and trunked to my switch1 allowing RSPAN VLAN 4094 on the trunk. Now my issue is the destination port on switch3 does not receive any traffic, I see taffic coming in on the trunk interface.
switch3#sh monitor
Session 1
---------
Type : Remote Destination Session
Source RSPAN VLAN : 4094
Destination Ports : Fa1/0/1
Encapsulation : Native
Ingress : Disabled
Trunk:
switchs3#sh int fa1/0/24
FastEthernet1/0/24 is up, line protocol is up (connected)
30 second input rate 3019000 bits/sec, 614 packets/sec
30 second output rate 3000 bits/sec, 4 packets/sec
Destination port:
switch3#sh int fa1/0/1
FastEthernet1/0/1 is down, line protocol is down (monitoring)
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
monitor session 1 destination interface Fa1/0/1
monitor session 1 source remote vlan 4094
Any ideas what am I missing here?
Thanks
08-14-2010 08:40 AM
Hello,
Can you please post the output of "show vlan" from both switches?
Regards,
NT
08-14-2010 06:53 PM
Hi,
Output from both switches below:
switch1#sh vlan remote-span
Remote SPAN VLANs
------------------------------------------------------------------------------
4094
switch3#sh vlan remote
Remote SPAN VLANs
------------------------------------------------------------------------------
4094
Thanks.
08-14-2010 07:06 PM
Hello,
Can you try removing the local span session that sends traffic to remote
VLAN and see if that helps?
Regards,
NT
08-14-2010 07:38 PM
Hi,
Since the addition of switch3, switch 1 and 2 only have the following configured:
monitor session 1 source interface Gi1/0/17
monitor session 1 destination remote vlan 4094
cheers
08-14-2010 07:41 PM
Hello,
Does the third switch also have VLAN 4094 configured as RSPAN VLAN?
Regards,
NT
08-14-2010 07:58 PM
Hi,
Yes it has, as in one of replies above:
switch3#sh vlan remote
Remote SPAN VLANs
------------------------------------------------------------------------------
4094
Thanks,
11-08-2010 01:58 PM
Hello Satendark,
What you are seeing is expected behavior with the folllowing configurations, this is a limitation on 3750
monitor session 1 source interface Gi1/0/17
monitor session 1 destination remote vlan 4094
monitor session 2 destination interface Gi1/0/27
monitor session 2 source remote vlan 4094
You cannot copy local source gig 1/0/17 traffic to rpsan vlan and again create a another monitor session copying that traffic to destination on the same source switch. This can be done on 6500 series switches.
But there is a hack, here is waht you need to do.
monitor session 1 source interface Gi1/0/17
monitor session 1 destination remote vlan 4094
( you dont need the second monitor session )
Rspan traffic is flooded on trunks , so you can configure the sniffer port ( destination port Gi1/0/27 as following.)
interface Gi1/0/27
switchport trunk encapsulation dot1q
switchport trunk native vlan 4096
switchport mode trunk
switchport trunk allowed vlan 4096
spanning-tree portfast trunk
You will see all your trafffic.
Thanks and let me know how it goes.
Ruvin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide