Saturday, January 31, 2009

RSPAN between 3550 and 3560 - Multiple Sources

Topology is as follows:

R5----SW1----SW2----SW4----R4/R6

R4 and R6 are on VLAN 300, 192.168.250.0/24 subnet
R5 is on VLAN 100, connected to port f0/5 of SW1
Inter-switch links are dot1q trunks
I will set up RSPAN between the switches and use debug ip packet with an ACL to verify.

3550 is the source:

SW4(config)#vlan 999
SW4(config-vlan)#remote-span
SW4(config)#monitor session 1 source vlan 300 rx
SW4(config)#monitor session 1 destination remote vlan 999 reflector-port f0/12


3560 is connected to the monitor:

SW1(config)#monitor session 1 source remote vlan 999
SW1(config)#monitor session 1 destination interface f0/12


On R5 We can verify like this:

R5(config)#access-list 1 permit 192.168.250.4 0.0.0.0
R5(config)#access-list 1 permit 192.168.250.6 0.0.0.0
R5(config)#no service timestamps debug
R5#debug ip packet 1 detail
IP packet debugging is on (detailed) for access list 1
IP: s=192.168.250.4 (Ethernet0/0), d=224.0.0.5, len 80, rcvd 0, proto=89
IP: s=192.168.250.6 (Ethernet0/0), d=224.0.0.5, len 80, rcvd 0, proto=89
IP: s=192.168.250.4 (Ethernet0/0), d=224.0.0.5, len 80, rcvd 0, proto=89
IP: s=192.168.250.6 (Ethernet0/0), d=224.0.0.5, len 80, rcvd 0, proto=89


Here we can see EIGRP packets from VLAN 300, which verifies our monitoring is working. The only place I specified "remote-span" under a VLAN was the source 3550. However, I have read that that this required on all switches that carry the remote-span VLAN.

Let's add a source on SW2, where R2 is plugged into f0/2. We will put it on a different VLAN just to prove it is working:

SW2(config)#int f0/2
SW2(config-if)#sw a v 150

SW2(config)#vlan 999
SW2(config-vlan)#remote-span

SW2(config)#monitor session 1 source interface f0/2
SW2(config)#monitor session 1 destination remot vlan 999

If we jump to R5, we won't see any packets from R2...hmm...oh yeah, the ACL!

R5(config)#access-list 1 permit 192.168.0.2 0.0.0.0

There we go:

IP: s=192.168.0.2 (Ethernet0/0), d=224.0.0.2, len 48, rcvd 0
UDP src=1985, dst=1985
IP: s=192.168.0.2 (Ethernet0/0), d=224.0.0.5, len 88, rcvd 0, proto=89
IP: s=192.168.250.4 (Ethernet0/0), d=224.0.0.5, len 80, rcvd 0, proto=89
IP: s=192.168.0.2 (Ethernet0/0), d=224.0.0.2, len 48, rcvd 0
UDP src=1985, dst=1985
IP: s=192.168.250.6 (Ethernet0/0), d=224.0.0.5, len 80, rcvd 0, proto=89


Looks like we got HSRP packets from R2 and OSPF packets from R4 and R6.

Key things to remember:

-Reflector port needed on 3550
-remote-span command used under the RSPAN VLAN. In this example, I only did it on the source, but I would verify that you need it on all devices with this VLAN.
-To allow destination port to connect back to the network use "ingress" keyword on session destination command

3 comments:

  1. the config starts of with SW4 but in the topology there is no SW4

    ReplyDelete
  2. Thank you Ajaz, it should be SW4 instead of SW3. I updated the post.

    ReplyDelete
  3. Thank you so much for sharing the topology plus the configurations. But I already forgot how I could connect a switch to a router? In which slot should I put the wiring?

    Ivy
    Click here to visit my website.

    ReplyDelete

Note: Only a member of this blog may post a comment.