Skip to main content
Start a Conversation

Unsolved

R

rcervantez

3 Posts

442

February 13th, 2023 14:00

RSPAN with 2 core switches and several access switches

I'm looking for configuration guidance when attempting to monitor multiple access switch VLANs and sending the captured traffic to the core switches via an RSPAN VLAN.

I'm using s4048t-on as 2x core and 4x access switches.  I'm also using N3248P-on as 2x access switches.  

I understand how to run RSPAN from a single access switch to the core switch, however, I'm wondering how to allow RSPAN traffic, at the same time, from the other access switches.  More specifically, on the core switch, since I can only create a single monitor session when using RSPAN, if I add the RSPAN VLAN to the other access switches, will I cause problems by having that capture traffic replicate to all switches that are using the RSPAN VLAN?

 

I haven't found a real-world configuration with this topology - all the documentation, youtube videos, etc., only describe a single source, a transit switch, and a destination switch.  Nothing about capturing from multiple access switches!

 

Thank you,

Rob.

DELL-Young E

Moderator

 • 

5.1K Posts

February 13th, 2023 20:00

rcervantez

3 Posts

February 14th, 2023 09:00

Thank you, however, I have already read this guide.  I do not see anything in that documentation that addresses my question about the RSPAN VLAN across multiple access switches. 

If, for example, I'm using VLAN 1000 as the RSPAN VLAN, and that vlan is configured as a RSPAN VLAN on the core AND access switches, will traffic sent to RSPAN VLAN 1000 on access1 switch be flooded to other access2/3/4/5/6 switches VLAN 1000 (via the core)?

 

Thank you.

 

DELL-Chris H

Moderator

 • 

9.4K Posts

February 14th, 2023 11:00

Rcervantez,

 

You can find information on RSPAN, as well as an example configuration, on page 1664 here

 

Let me know if this helps.

 

 

DELL-Chris H

Moderator

 • 

9.4K Posts

February 14th, 2023 12:00

Sorry about that, i wasn't sure on what OS you were sing, as both listed switches support both. As far as what you are trying to do, we can continue researching it, but from what i am seeing it isn't supported to do it from multiple sources. 

Let me see if I can find anything to confirm that. 

 

rcervantez

3 Posts

February 14th, 2023 12:00

Chris H,

Thank you for the response.  I had not seen that OS10 documenation since I'm running OS9. There are some slight syntax differences, however, the example in that guide still does not address my concern.   That example shows a single RSPAN source and destination but not multiple source switches to a single destination switch.

Also, it seems that either there are typos/misconfigurations or the mirroring process has changed in OS10.  For example, on pages 1664-1666, only the vlan on source "switch 1" is of type R (remote-mirroring).  The output on switches2-4 don't show that designation of R.

 

Thank you,

Rob.

 

 

Dave191

1 Rookie

 • 

8 Posts

October 23rd, 2023 22:47

@rcervantez​ Did you ever get this sorted?? I am looking at a similar setup on our network as we have engaged a security/monitoring solution whose architects want me to enable RSPAN across our network (about 50 switches and several stacks plus our Core Stack) to monitor/classify data moving across the network and this concerns me greatly as well.

Cheers!

DELL-Young E

Moderator

 • 

5.1K Posts

24-10-2023 02:07 AM

Hello,
Since you would like to configure multiple switches to access RSPAN traffic,

(please see the attached image below)

 

Following are the port numbers referred in the above illustration:

  • 1 is tengigabitethernet 1/1/1
  • 2 is tengigabitethernet 1/2/1
  • 4 is tengigabitethernet 1/4/1
  • 5 is tengigabitethernet 1/5/1
  • 7 is tengigabitethernet 1/7/1
  • 8 is tengigabitethernet 1/8/1

Configuring Remote Port Mirroring on a source switch

The below configuration example shows that the source is a source port and the destination is the reserved VLAN (for example, remote-vlan 10).

DellEMC(conf)# interface tengigabitethernet 1/2/1
DellEMC(conf-if-gi-1/2)# switchport
DellEMC(conf-if-gi-1/2)# no shutdown
DellEMC(conf-if-gi-1/2)# exit
DellEMC(conf)#interface vlan 10
DellEMC(conf-if-vl-10)#mode remote-port-mirroring
DellEMC(conf-if-vl-10)#tagged tengigabitethernet 1/2/1
DellEMC(conf-if-vl-10)#exit
DellEMC(conf)#
DellEMC(conf)#monitor session 1 type rpm
DellEMC(conf-mon-sess-1)#source tengigabitethernet 1/1/1 destination remote-vlan 10 dir rx
DellEMC(conf-mon-sess-1)#no disable
DellEMC(conf-mon-sess-1)#exit

Configuring Remote Port Mirroring on an intermediate switch

Following is a sample configuration of RPM on an intermediate switch.

DellEMC(conf)#interface vlan 10
DellEMC(conf-if-vl-10)#mode remote-port-mirroring
DellEMC(conf-if-vl-10)#tagged tengigabitethernet 1/4/1
DellEMC(conf-if-vl-10)#tagged tengigabitethernet 1/5/1
DellEMC(conf-if-vl-10)#exit

Configuring Remote Port Mirroring on a destination switch

Following is a sample configuration of RPM on an a destination switch.

DellEMC(conf)#interface tengigabitethernet 1/7/1
DellEMC(conf-if-gi-1/9)#switchport
DellEMC(conf-if-gi-1/9)#no shutdown
DellEMC(conf-if-gi-1/9)#exit
DellEMC(conf)#interface vlan 10
DellEMC(conf-if-vl-10)#mode remote-port-mirroring
DellEMC(conf-if-vl-10)#tagged tengigabitethernet 1/7/1
DellEMC(conf-if-vl-10)#exit
DellEMC(conf)#monitor session 1 type rpm
DellEMC(conf-mon-sess-1)#source remote-vlan 10 destination tengigabitethernet 1/8/1
DellEMC(conf-mon-sess-1)#exit

 

https://dell.to/48XQ1D0

 

Alll the switches need to be configured accordingly also please bring the firmware up to date on the switch.

 

(For Example : if you are using 7 switches, then 7 switches need to be configured to access monitor device 

otherwise RSPAN will not travel from one switch to another switch.)

Image

 

 

 

Social Media and Communities Professional

Dell Technologies | Enterprise Support Services

#IWork4Dell

Did I answer your query? Please click on ‘Mark as Accepted Answer’. ‘Thumbs up’ the posts you like!

Was this post helpful?

View All

No Events found!

Top