VLAN filtering in SPAN Configuration

nomrana9166 · ‎05-20-2024

Hi all,
I’m working on SPAN configuration on the device Cisco C1000-48T-4G-L
and i am trying to filtering unnecessary VLANS/traffics in my destination monitoring interface.

I looked through the data sheet and configuration commands, the switch does not support RSPAN so that is not an option for me.

I researched and found couple of commands that this device does not seem to support either.

monitor session 1 source vlan 10, 20-30
monitor session 1 destination interface GigabitEthernet1/0/1
monitor session 1 filter vlan 10, 20-30

The command above does not support. I looked through the ACL method in SPAN commands, that too does not support.
Hence my current configuration is

monitor session 1 source interface Gi1/0/24
monitor session 1 destination interface Gi1/0/29

This will view all traffics which i do not want.
There is another command such as

monitor session 1 destination interface Gi1/0/29 ingress vlan 10

But this command only allow one VLAN.
I am unable to add multiple select VLANS through this command.

balaji.bandi · ‎05-20-2024

that is the limitation of the product. if that requirement you may need to use more session -

You can set a maximum of four SPAN sessions.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst1000/software/releases/15_2_7_e/command_reference/b_1527e_1000_cr/network_management_commands.html#wp3749441861

other option - send all traffic to destination and filter on sniffer side.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

nomrana9166 · ‎05-21-2024

Thank you for the response.
By saying use more session does that mean i need add multiple session in the same interface?

monitor session 1 source interface Gi1/0/24
monitor session 2 source interface Gi1/0/24
monitor session 1 destination interface Gi1/0/29 ingress vlan 10
monitor session 2 destination interface Gi1/0/29 ingress vlan 20

Is this correct? in a scene that i want traffic from vlan 10 and 20. Sorry im new to cisco commands.

balaji.bandi · ‎05-21-2024

as per the guide lines expected to work - again check is that commands accepted by the device.

have you tried vlan 10 (command or space 20) ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

nomrana9166 · ‎05-23-2024

Hi thank you for responding,

yes this is the only command that supports in this device.
i will try this and let you know the updates.

nomrana9166 · ‎05-26-2024

@balaji.bandi wrote:
as per the guide lines expected to work - again check is that commands accepted by the device.
have you tried vlan 10 (command or space 20) ?

No this does not work.

i even tried
monitor session 1 source interface Gi1/0/24
monitor session 2 source interface Gi1/0/24
monitor session 1 destination interface Gi1/0/29 ingress vlan 10
monitor session 2 destination interface Gi1/0/29 ingress vlan 20

however the i get an error saying i cannot have more than 1 session on a single interface.
Is there a work around for this?

nomrana9166 · ‎05-26-2024

i even tried
monitor session 1 source interface Gi1/0/24
monitor session 2 source interface Gi1/0/24
monitor session 1 destination interface Gi1/0/29 ingress vlan 10
monitor session 2 destination interface Gi1/0/29 ingress vlan 20

however the i get an error saying i cannot have more than 1 session on a single interface.
Is there a work around for this?

balaji.bandi · ‎05-27-2024

as i mentioned that could be limitation of platform you using.

Try source as VLAN 10 and destination to gig1/0/29 and same vlan 20 as source and designation gig 1/0/29 if that meet your requirement.

you need to consider limitation max 4.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

nomrana9166 · ‎05-28-2024

hi thanks for response.

theres no command for source vlan... only source interface.