Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
304
Views
0
Helpful
1
Replies

SPAN VLAN between the SPAN source and Destination

Mitrixsen
Level 1
Level 1

‎03-10-2025 09:18 AM

Hello, everyone.

Here is my topology (the links between the switches are trunks):

Mitrixsen_0-1741623100617.png

I've configured RSPAN on SW1 and SW3.

 

SW1(config)#vlan 100
SW1(config-vlan)#remote-span
SW1(config-vlan)#exit

SW1(config)#monitor session 1 source interface G0/2
SW1(config)#monitor session 1 source interface G0/0 
SW1(config)#monitor session 1 destination remote vlan 100

SW2(config)#vlan 100
SW2(config-vlan)#remote-span
SW2(config-vlan)#exit

SW3(config)#vlan 100
SW3(config-vlan)#remote-span
SW3(config-vlan)#exit

SW3(config)#monitor session 1 source remote vlan 100
SW3(config)#monitor session 1 destination INT G0/1

 

Everything works perfectly this way. My question is, why is it that when I remove the remote-span on SW2's VLAN 100

 

SW2(config)#vlan 100
SW2(config-vlan)#no remote-span
SW2(config-vlan)#exit

 

Any packets that SW1 monitors and mirrors over to SW2 are suddenly not sent to SW3. Why does every switch in the path need to have this configured as remote-span? What even is blocking SW2 from sending it to SW3? For all it knows, it receives a frame tagged with VL100 and since it doesn't know the destination MAC, it should unknown-unicast it out.

Thank you.

David

0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎03-10-2025 01:11 PM

here is good explanation :

RSPAN VLAN

The RSPAN VLAN carries SPAN traffic between RSPAN source and destination sessions. RSPAN VLAN has these special characteristics:

  • All traffic in the RSPAN VLAN is always flooded.
  • No MAC address learning occurs on the RSPAN VLAN.
  • RSPAN VLAN traffic only flows on trunk ports.
  • RSPAN VLANs must be configured in VLAN configuration mode by using the remote-span VLAN configuration mode command.
  • STP can run on RSPAN VLAN trunks but not on SPAN destination ports.
  • An RSPAN VLAN cannot be a private-VLAN primary or secondary VLAN.

For VLANs 1 to 1005 that are visible to VLAN Trunking Protocol (VTP), the VLAN ID and its associated RSPAN characteristic are propagated by VTP. If you assign an RSPAN VLAN ID in the extended VLAN range (1006 to 4094), you must manually configure all intermediate switches.

It is normal to have multiple RSPAN VLANs in a network at the same time with each RSPAN VLAN defining a network-wide RSPAN session. That is, multiple RSPAN source sessions anywhere in the network can contribute packets to the RSPAN session. It is also possible to have multiple RSPAN destination sessions throughout the network, monitoring the same RSPAN VLAN and presenting traffic to the user. The RSPAN VLAN ID separates the sessions.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Top