Re: RSPAN only showing Broadcast / Multicast

rtjensen4 · ‎04-19-2012

Ok, I'm stumpped. I'm trying to get RSPAN going between my 4500s. I used to have it working, replaced my 4500 cores with Nexus 5500, which don't support RSPAN.

I have a "Backup" type of a network to a secondary server room in my building, the core of that is a 4507R. So basicaly, I have 5 floors, each connected to my two Nexus cores via a L2 trunk. Also, each of the 5 floors is connecting to a 4507 via L2 links as well.

I've created RSPAN vlan 900 on the 4507R, which it propogated via VTP to my floor switches as well as my nexus switches. I have blocked vlan 900 on the uplinks to my Nexus switches, and made the 4507R the Spanning-tree root for vlan 900. I also verified that VTP Pruning is disabled, Nexus 5500 dont support it and 4500s show it as disabled. So really, RSPAN should only work across the backup links.

On my RSPAN destination port, I am only seeing broadcast and multicast traffic that would be on the remote port. My PC is connected to port gi6/46 on 4th floor switch. It's really strange. I don't see any unicast traffic. I've tried this from both 2nd and 3rd floor switches and i'm seeing traffic from the respective VLANs. Same results. I'm wondering if the Nexus switches, not supporting RSPAN, could be causing this behaviour? Here's some outputs that would hopefully shed some light on my setup.

My floor switches are 4506 (Sup-II+), IP Base.

(cat4500-IPBASEK9-M), Version 12.2(53)SG1

4507R (Sup-IV) switch IOS:

(cat4500-ENTSERVICESK9-M)

I've configured an RSPAN session from 3rd floor to 4th floor:

3rd floor:

HQ_3rdFlr_4506#sh vlan remote-span

Remote SPAN VLANs

------------------------------------------------------------------------------

900

HQ_3rdFlr_4506#sh monitor

Session 1

---------

Type : Remote Source Session

Source Ports :

Both : Fa2/15

Filter Pkt Type :

RX Only : Good

Dest RSPAN VLAN : 900

4th floor:

HQ_4thFlr_4506#sh vlan remote-span

Remote SPAN VLANs

------------------------------------------------------------------------------

900

HQ_4thFlr_4506(config-if)#do sh monitor

Session 1

---------

Type : Remote Destination Session

Source RSPAN VLAN : 900

Destination Ports : Gi6/46

Encapsulation : Native

Ingress : Disabled

Learning : Disabled

Filter Pkt Type :

RX Only : Good

4507R:

HQ_1st_SrvRm_4507#sh vlan remote-span

Remote SPAN VLANs

------------------------------------------------------------------------------

900

HQ_1st_SrvRm_4507#sh spann

HQ_1st_SrvRm_4507#sh spanning-tree vlan 900

VLAN0900

Spanning tree enabled protocol rstp

Root ID Priority 25476

Address 0013.c317.0940

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 25476 (priority 24576 sys-id-ext 900)

Address 0013.c317.0940

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Gi3/48 Desg FWD 4 128.304 P2p

Gi5/4 Desg FWD 4 128.516 P2p Peer(STP)

Gi5/5 Desg FWD 4 128.517 P2p Peer(STP)

Gi5/6 Desg FWD 4 128.518 P2p

Gi6/2 Desg FWD 19 128.642 P2p Peer(STP)

Gi6/3 Desg FWD 19 128.643 P2p Peer(STP)

I guess next step would be to put like my 4507R and my floor switches into VTP transparent and create a different RSPAN vlan and see if it works.

rtjensen4 · ‎04-21-2012

So I put my my switches into Vito transparent mode, except for the two nexus cores. Those are really the only two devices on my environment that need the same vlan info.

Anyway, put then all into transparent. I blew away the vlan on all the switches and recreated as rspan on the impacted switches. Still no go. I thought maybe port-security on my destination port was causing something, I defaulted the port but still no go. Here's a thought. I do some L2 filtering at the access layer. Could there be an ether type I would need to permit? I don't have anything applied to vlan 900 though.

Sent from Cisco Technical Support iPhone App