NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Re-creating an RSPAN VLAN on an M4100-50G switch
Hello everyone, I would like assitance in re-creating an RSPAN VLAN on an M4100-50G switch. Background information: We have a firewall that we are monitoring network traffic on. On a previo...
Hi jg75996,
Could you disable STP mode for port 0/45~0/48 on M4100 and try again?
Web GUI go to 'Switching'-->'Ports'-->'Configuration', then select port 0/45~0/48, set STP Mode to 'Disable'.
Hi jg75996,
Welcome to the community! 
For RSPAN feature, there is three switch role, working as 'source Switch', 'intermediate Switch' and 'destination Switch'. And there is different configuration for different role switch.
So what is the role for M4100 and M4300?
Below is the example for RSPAN configuration:
RSPAN
Mirroring is very useful to monitor traffic to/from the port by copying the traffic to the probe port for analysis. But usually mirroring is limited to be working on one switch, RSPAN(remote switched port analyzer) extends it by enabling RSPAN. The mirrored packets are carried over all of participating switches.
The Figure above illustrates an example RSPAN. The switch 1 is the source switch 1, switch 2 and switch 3 are intermediate switch. The switch4 is the destination switch.
The ports connected towards the destination switch (switch 4) must be configured with tagging (with the vlan id as RSPAN VLAN). These ports are configured with the RSPAN VLAN participation as well. Only one RSPAN VLAN is supported.
On the source switch 1, the traffic received/transmitted on source ports (1/0/1) is tagged with the RSPAN VLAN and transmitted on the configured reflector port. The reflector port(1/0/2) is the physical interface that carries the mirrored traffic towards the destination switch (switch 4).
The intermediate switch (switch 2 and switch3) forwards the incoming tagged traffic towards the destination switch (switch4). RSPAN VLAN should be created on the intermediate switch; the ports connected towards Source and Destination switch should have the RSPAN VLAN participation. RSPAN VLAN egress tagging should be enabled on interface on intermediate switch connected towards Destination switch.
The destination switch (switch4) accepts all the tagged (with RSPAN VLAN) packets and mirrors them on the destination port (to which the traffic analyzer is connected).
The original tag is retained at the destination switch, the mirrored traffic is seen with double tagging (inner tag is the original VLAN ID and the outer tag is RSPAN VLAN ID).
CLI: enable RSPAN on the switch
- On the source switch(switch1) the below parameters are configured:
- Source ports (i.e. the traffic on this port is mirrored)
- RSPAN VLAN (as destination)
- Reflector port
- Tx/Rx
|
(Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 5 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#vlan 5 (Netgear Switch) (Config)(Vlan 5)#remote-span (Netgear Switch) (Config)(Vlan 5)#exit (Netgear Switch) (Config)#monitor session 1 mode (Netgear Switch) (Config)#monitor session 1 source interface 1/0/1 (Netgear Switch) (Config)#monitor session 1 destination remote vlan 5 reflector-port 1/0/2 (Netgear Switch) (Config)#exit (Netgear Switch) #show monitor session 1 Session Admin Probe Src Mirrored Ref. Src Dst Type IP MAC ID Mode Port VLAN Port Port RVLAN RVLAN ACL ACL ------- ------- ------ ---- -------- ------ ----- ----- ----- ------- ------- 1 Enable 1/0/1 1/0/2 5 Rx,Tx
|
2. On the intermediate switch(switch2 or switch3) the below parameters are configured:
- Add the ports to vlan with tagging
|
(Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 5 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/23 (Netgear Switch) (Interface 1/0/23)#vlan participation include 5 (Netgear Switch) (Interface 1/0/23)#vlan tagging 5 (Netgear Switch) (Interface 1/0/23)#exit (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#vlan participation include 5 (Netgear Switch) (Interface 1/0/24)#vlan tagging 5 (Netgear Switch) (Interface 1/0/24)#exit |
3. On the destination switch (switch4) the below parameters are configured:
- RSPAN VLAN (as source)
- Probe port
|
(Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 5 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#vlan 5 (Netgear Switch) (Config)(Vlan 5)#remote-span (Netgear Switch) (Config)(Vlan 5)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#vlan participation include 5 (Netgear Switch) (Interface 1/0/3)#vlan tagging 5 (Netgear Switch) (Interface 1/0/3)#exit (Netgear Switch) (Config)#monitor session 1 mode (Netgear Switch) (Config)#monitor session 1 source remote vlan 5 (Netgear Switch) (Config)#monitor session 1 destination interface 1/0/4 (Netgear Switch) #show monitor session 1 Session Admin Probe Src Mirrored Ref. Src Dst Type IP MAC ID Mode Port VLAN Port Port RVLAN RVLAN ACL ACL ------- ------- ------ ---- -------- ------ ----- ----- ----- ------- ------- 1 Enable 1/0/4 5
|
Hope it helps!
Regards,
EricZ
NETGEAR employee
Hello EricZ,
Thank you for the information on how RSPAN is utilized in a three switch role.
The switch models that I have mentioned have the following roles:
For the M4300-52G-PoE+, there are 7 switches configured in a stack and they are housed in a standalone rack. They act as our core switch, with connections going to workstations, VoIP phones, NAS boxes, routers and other network appliances.
The M4100-50G is our "server" switch and is located in a server rack that is on the other side of the network room. This switch is uplinked to the M4300 switchstack via a trunk line.
Hi jg75996,
Thanks for your immediately response. Now we clear your two switch working role.
Could you kindly answer more questions as below:
1. In your network topology, which switch is working as source switch for RSPAN? Which port traffic you want to mirror?
2. In your network topology, which switch is working as destination switch for RSPAN? Which port you want to receive the mirror traffic?
And if these two problem is clear, we can check the configuration further more.
Thanks.
Regards,
EricZ
NETGEAR employee
Hello EricZ,
I don't plan on having one switch as source and one as destination. Just trying to replicate what I had on the M4300 originally on to the M4100.
Here is the current layout of the devices involved:
What seems to be happening is that port 0/45 on the M4100 switch is discarding the packets coming from the network tap mirror port.
I think it may be that Spanning Tree is blocking the port. Most likely it is because the link coming from the tap is being detected as a loop in the network.
... and here is the old layout that was working before...
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
