[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1107
  • Last Modified:

Cisco SPAN between two trunks

Hello All. I am trying to setup a SPAN session or RSPAN to capture VOIP traffic for call recording. Basically in this example I have two catalyst 3750 switch stacks that are connected via a fiber optic trunk. I have ip phones on both stack1 and stack2 that need to be recorded. The destination for the SPAN-RSPAN sessions will end up on stack1 interface gig 5/0/24 which has my recording software. I have created a vlan 300 in this example that is setup for remote span to capture the traffice in my voice vlan and make it destination the remote vlan 300. My question is how can I bring both of the monitiored stacks into one interface on the first stacks 5/0/24 interface. Thanks!
0
phil435
Asked:
phil435
  • 8
  • 7
1 Solution
 
SouljaCommented:
If you have already designated vlan 300 as the rspan vlan then do this:

conf t
vlan 300
description Remote Vlan
remote span


monitor session 1 source vlan x   (x being voice vlan id)
monitor session 1 destination remote vlan 300


Put above on both stacks.

This will dump the voice traffic to the rspan vlan. I assume you already have this configured.

Now create another session to dump the contents of the remote vlan to your interface:

monitor session 2 source remote vlan 300
monitor session 2 destination interface gi5/0/24


Put above just on stack where recorder is located.
0
 
phil435Author Commented:
Ok I just tried the above config but I do not see any of the voice traffic on the gig 5/0/24 interface. However if I create a local span session I can see the traffic through wireshark on that interface. Do I need to setup something specific on the interface? I have it set to an access port.
0
 
SouljaCommented:
Can you post your config?
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
SouljaCommented:
Is the RSPAN vlan on both switch stacks and being trunked between them?
0
 
phil435Author Commented:
Here is the output of the sho monitor detail:

cisco3750_1#sho monitor detail
Session 1
---------
Type                   : Remote Source Session
Description            : -
Source Ports           :
    RX Only            : None
    TX Only            : None
    Both               : None
Source VLANs           :
    RX Only            : None
    TX Only            : None
    Both               : 64
Source RSPAN VLAN      : None
Destination Ports      : None
Filter VLANs           : None
Dest RSPAN VLAN        : 300


Session 2
---------
Type                   : Remote Destination Session
Description            : -
Source Ports           :
    RX Only            : None
    TX Only            : None
    Both               : None
Source VLANs           :
    RX Only            : None
    TX Only            : None
    Both               : None
Source RSPAN VLAN      : 300
Destination Ports      : Gi5/0/24
    Encapsulation      : Native
          Ingress      : Disabled
Filter VLANs           : None
Dest RSPAN VLAN        : None

I have not set the trunk up to pass the remote vlan yet from the remote stack. However should I not see the voice vlan traffic on the the local stack? Here is the config that deals with the span:

interface GigabitEthernet5/0/24
 switchport access vlan 300
 switchport mode access

monitor session 1 source vlan 64
monitor session 1 destination remote vlan 300
monitor session 2 destination interface Gi5/0/24
monitor session 2 source remote vlan 300
0
 
SouljaCommented:
Do:

no monitor sessions all

Then renter the configs I posted. Let me know if that changed anything.
0
 
SouljaCommented:
Additionally, the reason it is working with just local span is because that is what you are doing by only listening on one switch. Until you trunk the  rspan vlan from the other stack the rspan won't work.
0
 
phil435Author Commented:
I did add the remote rspan vlan and  I do see the voip traffic for the remote switch stack on the gig 5/0/24 interface however I still do not see the local switch stacks voice vlan traffic. Should I not see the traffic on both stacks at 5/0/24? I intentionally did not setup the trunk between the switches at first because I only wanted to see the local stack voip traffic.
0
 
phil435Author Commented:
its like session 1 does not get passed to session 2 on the local stack.
0
 
phil435Author Commented:
I found this on Cisco's website. I hope I am looking over something but could this be the reason that it is not working on the local stack?

Can a RSPAN Source Session and the Destination Session Exist on the Same Catalyst Switch?

No. RSPAN does not work when the RSPAN source session and the RSPAN destination session are on the same switch.

If an RSPAN source session is configured with a particular RSPAN VLAN and an RSPAN destination session for that RSPAN VLAN is configured on the same switch, then the RSPAN destination session's destination port will not transmit the captured packets from the RSPAN source session due to hardware limitations. This is not supported on the 4500 Series and 3750 Series Switches. This issue is documented in Cisco bug ID CSCeg08870 (registered customers only) .

This is an example:

monitor session 1 source interface Gi6/44
monitor session 1 destination remote vlan 666monitor session 2 destination interface Gi6/2
monitor session 2 source remote vlan 666
The workaround for this issue is to use the regular SPAN.
0
 
SouljaCommented:
Ha! Good catch. That is why it's not working. Hmmm, I've done this on 6500 with not problem, but as it states I guess this is an issue on those two platforms.
0
 
phil435Author Commented:
I was afraid of that! I guess I do have the option to setup network recording using the bulit in bridge on the cisco phones but the SPAN would have been much easier. I do not have enough NIC's in my UCS box to acomplish a local and RSPAN method. I guess I could break out the old hub technology :).
0
 
SouljaCommented:
Is it possible for you to plug your destination port into a different switch that is not part of the stacks yet trunked to them?

On another note, how do you like the UCS boxes, we are getting some UCS C210's, for a Cisco ISE deployment.
0
 
phil435Author Commented:
Good Point. I could seperate a switch in my stack and accomplish this but I would be losing the 37 gbps backplance connection, lol. Not that this would be a huge issue. I will go ahead and get the points awarded to you.

So far the UCS box has been great. We have the C200 unit that I am virtualizing UCCX, presence, and the UCCX compliance recording server on. The only complaint I have with the 200 unit is that is only has two nics and a management nic. Most servers that I get from other vendors come with a standard 4 interfaces. This wouldnt really be a problem for me if it wasnt for the compliance recording piece though. Oh well at least there are workarounds for this. Thanks for the help!
0
 
SouljaCommented:
No Problem. The two interfaces will be plenty for our deployment.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

  • 8
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now