cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
303
Views
0
Helpful
1
Replies

RSPAN on IE2000, IE3300, and C9300: Collect all traffic to one point

rkhenderson
Level 1
Level 1

I have a network of 21 switches.  The core is a C9300, I have IE3300s at the distribution layer, and IE2000s at the access layer.  The distribution and core also have devices attached.  Most of the switch-to-switch links are PAgP links with two members.

I want to use RSPAN to collect all traffic on all device ports to a single location for monitoring purposes.

The IE2000s give a notice "Note: ingoring the reflector port configuration" when I configure a monitor destination as my target RSAPN vlan.  Is this something I need to worry about?

The IE3300s give the error "Platform cannot support remote-span mirroring on VLAN with more than one member ports." when the local destination RSPAN vlan is present on multiple trunks.  When I remove that RSPAN vlan from the trunks down to the access layer, that error.  I then get the error "Platform cannot support remote-span mirroring on VLAN having Port-channel with more than one member port.  I remove the RSPAN vlan from one port channel member to clear this error.  These limitations seem to suggest I have to have a separate RSPAN vlan for every switch in the network.

If I create a separate RSPAN vlan for every switch, craft my trunk/vlan exclusions correctly, define the RSAPN vlans on each switch for all the switches lower in the hierarchy, it appears that I then have 21 functional RSPAN vlans on my core.  I can't find a way to build a session that takes all these RSPAN vlans and sends the traffic to a single port.  Certainly there must be a solution that does not require a physical port for every RSPAN vlan!

I would appreciate any help or insight you can give.

 

 

1 Reply 1

ituske
Level 1
Level 1

1 remove monitor vlan from port-channel, configure monitor destination remote vlan..., add vlan to the trunk on port-channel.

2 define the monitor vlans in the core switch, add vlans to trunk ports where neeed.

add all monitor vlans to the destination trunk interface... it should forward monitor traffic as unknown unicast?

You may need to define the monitor vlans with type remote-span....???

Review Cisco Networking for a $25 gift card