Re-creating an RSPAN VLAN on an M4100-50G switch

Hi EricZ,

I have disabled the ports per your direction...

... and cleared the port statistics.  Went home and checked the stats again this morning, and they now show ...

This looks promising!

I then checked our servers, Ntop-NG, SELKS, and OpenFPC and am now able to see traffic coming in to the systems.  For example, here is a screenshot from the Scirius server that is plugged into port 0/47:

... and here's one from Ntop-NG on port 0/48 (the traffic from the firewall is in orange)...

I think that change has solved my issue.

Now that it seems to be working, I would like to know if enabling RSPAN for VLAN 500 is still a requirement for this particular setup?

Thank you very much!

Hi jg75996,

I'm glad to hear it working now.

I think it's not necesssary to enable RSPAN for VLAN500. 

Hello EricZ,

I'd like to let you know that I disabled RSPAN on VLAN 500, cleared the statistics on ports 0/45-48, and noticed that the number of packets on ports 0/46-48 significantly dropped again. 

Thinking that the change that I made, affected that, I re-enabled RSPAN for VLAN 500, but I don't see the number of packets being duplicated anymore.

Can this issue be re-visited?

Thank you!

Hi jg75996,

Ok, well. Could you please provide detailed information as below:

1. Pls screenshot the port statistics for 0/45~48

2. Pls screenshot the Spanning-tree port status for 0/45~48 by GUI 'Switching'-->'STP'-->'Advanced'-->'CST Port Status'

Hi EricZ,

I am trying to reply back with screenshots, however, I no longer have the ability to insert images.

Let me see if I can describe to you what I see.

For Item #1, after clearing port statistics and then refreshing after a minute:

  Port 0/45: 175235 Total Packets received without Errors

  Port 0/46: currently disconnected

  Port 0/47: 2983 Packets transmitted without Errors

  Port 0/48: 2983 Packets transmitted without Errors

For Item #2:

  Port 0/45: Port Forward State - Manual forwarding

  Port 0/46: currently disconnected

  Port 0/47: Port Forward State - Manual forwarding

  Port 0/48: Port Forward State - Manual forwarding

Hi jg75996,

Looks like port 0/47 and 0/48 not forwarding the packet any more. Could you show running config for M4100?

I want to double check the configurations.

Hello EricZ,

Sorry for taking so long to respond to your last post.

Here is the running confirugration of the switch as requested:

(M4100-50G) #show running-config

!Current Configuration:
!
!System Description "M4100-50G ProSafe 48-port Gigabit L2+ Intelligent Edge Managed Switch, 10.0.2.20, B1.0.1.1"
!System Software Version "10.0.2.20"
!System Up Time          "6 days 16 hrs 15 mins 50 secs"
!Additional Packages     QOS,IPv6 Management,Routing
!Current SNTP Synchronized Time: Jun 22 16:17:08 2017 UTC
!
vlan database
vlan 200,500
vlan name 200 "Firewall-to-LinkBalancer"
vlan name 500 "RSPAN 1"
vlan routing 1 1
exit

configure
sntp server "0.north-america.pool.ntp.org"
sntp server "1.north-america.pool.ntp.org"
sntp server "2.north-america.pool.ntp.org"
clock timezone -4 minutes 0 zone "EST"
time-range
line console
exit

line telnet
exit

line ssh
exit

no storm-control broadcast
!

interface 0/1
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/2
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/3
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/4
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/5
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/6
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/7
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/8
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/9
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/10
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/11
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/12
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/13
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/14
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/15
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/16
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/17
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/18
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/19
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/20
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/21
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/22
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/23
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/24
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/25
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/26
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/27
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/28
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/29
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/30
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/31
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/32
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/33
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/34
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/35
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/36
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/37
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/38
storm-control broadcast level 5
no storm-control broadcast
description 'Uplink to VMware server @ 192.168.10.4'
vlan tagging 1
exit



interface 0/39
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/40
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/41
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/42
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/43
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/44
storm-control broadcast level 5
no storm-control broadcast
exit



interface 0/45
storm-control broadcast level 5
no storm-control broadcast
description 'RSPAN port FROM network tap of the Firewall'
no spanning-tree port mode
vlan pvid 500
vlan participation auto 1
vlan participation include 500
vlan tagging 500
exit



interface 0/46
storm-control broadcast level 5
no storm-control broadcast
description 'RSPAN port for SELKS IDS/IPS'
no spanning-tree port mode
vlan participation auto 1
vlan participation include 500
vlan tagging 500
exit



interface 0/47
storm-control broadcast level 5
no storm-control broadcast
description 'RSPAN port for OpenFPC'
no spanning-tree port mode
vlan participation auto 1
vlan participation include 500
vlan tagging 500
exit



interface 0/48
storm-control broadcast level 5
no storm-control broadcast
description 'RSPAN port for Ntop-NG'
no spanning-tree port mode
vlan pvid 500
vlan participation auto 1
vlan participation include 500
vlan tagging 500
exit



interface 0/49
storm-control broadcast level 5
no storm-control broadcast
description 'Trunk link to Netgear M4300 port 7/0/41'
vlan tagging 1
exit



interface 0/50
storm-control broadcast level 5
no storm-control broadcast
exit



interface vlan 1
routing
ip address dhcp
exit


exit


(M4100-50G) #

=======================================================================

Thank you for continuing to look into this issue!

Hi jg75996,

Looks like for Port 0/46 and 0/47, missed configuration for 'vlan pvid 500'. Please add this command and try again.

If it still not ok, I suggest remove command 'vlan tagging 500' for port 0/45~0/48.

Hi Ericz,

I've added the 'vlan pvid 500' setting back into ports 0/46, 0/47 and 0/48.  Cleared the stats on the ports and checked back later in the day after 5 hours.

Here are the results:

Port 0/45:  Total Packets received without Errors - 37319568; Packets transmitted without Errors - 1365

Port 0/46:  Disconnected.

Port 0/47:  Total Packets received without Errors - 0; Packets transmitted without Errors - 433454

Port 0/48:  Total Packets received without Errors - 0; Packets transmitted without Errors - 433454.

Looks like it did no have the desired effect.

I will remove the 'vlan tagging 500' for those ports tomorrow.

Thanks!

Hi EricZ,

I ended up not taking out the 'vlan tagging 500' command for those ports, thinking it might affect traffic on the default VLAN, VLAN1.

What I did do, was re-enable RSPAN for VLAN 500, then went to Switching -> Ports, re-enabling STP mode for ports 0/45 - 0/48, and then disabling STP mode.  After refreshing the statistics for those ports, I can see that packets are being duplicated again as before.

Not sure why I needed to do this type of procedure, but I am now seeing the traffic as I would like it to be.

Thank you for staying up on this topic until now.

Hi jg75996,

Ok, thanks for response.

It's good news that the function is working now.