Remote mirroring inbound and outbound fail when mac-address learning on RSPAN vlan was enabled

Publication Date:  2013-03-18 Views:  470 Downloads:  0
Issue Description
Customer was enable to configure remote mirroring inbound and outbound on the same time.
Topology :
Firewall – eth2/0/1||S7700||eth2/0/4 -----------------gi0/0/2||S5700||gi0/0/3 ----------------host.

S7700 V100R006C00SPC300
S5700 V100R006C00SPC300
Alarm Information
S7700
observe-port 3 interface Ethernet2/0/4 vlan 999
interface Ethernet2/0/1
description connect to FW5-Eudemon1000E
port link-type access
port default vlan 58
port-mirroring to observe-port 3 inbound
port-mirroring to observe-port 3 outbound

interface Ethernet2/0/4
description connect to SW10-S5728C
port hybrid untagged vlan 999


S5700
interface GigabitEthernet0/0/2
description connect to SW8-S7703
port link-type trunk
port trunk allow-pass vlan 999
ntdp enable
ndp enable

interface Ethernet2/0/3
description connect to SW7-S7703
shutdown
port link-type trunk
port trunk pvid vlan 999
port trunk allow-pass vlan 127 333
Handling Process
need to do  mac-address learning disable  on rspan vlan  otherwise traffic will be returned when you are implementing both way mirroring

vlan 999

mac-address learning disable   

undo mac-address dynamic vlan 999   \\ mac-adress need to be aged out instantly
Root Cause
When  both ways mirrored traffic arrives on gi0/0/3 is returned back to gi0/0/2 because of mac-address table entries associated with RSPAN vlan. 
Suggestions
Result:
RESULT:

<SW8-S7703>display interface Ethernet2/0/1

Ethernet2/0/1 current state : UP

Line protocol current state : UP

Description:connect to FW5-Eudemon1000E

Switch Port, PVID :   58, TPID : 8100(Hex), The Maximum Frame Length is 9216

IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 4cb1-6c29-2c65

Last physical up time   : 2013-03-14 04:49:02

Last physical down time : 2013-03-14 04:48:36

Port Mode: COMMON COPPER

Speed :  100,  Loopback: NONE

Duplex: FULL,  Negotiation: ENABLE

Mdi   : AUTO

Last 10 seconds input rate 194832 bits/sec, 16 packets/sec

Last 10 seconds output rate 75568 bits/sec, 6 packets/sec

 

<SW8-S7703>display interface Ethernet2/0/4

Ethernet2/0/4 current state : UP

Line protocol current state : UP

Description:connect to SW10-S5728C

Switch Port, PVID :    1, TPID : 8100(Hex), The Maximum Frame Length is 9216

IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 4cb1-6c29-2c65

Last physical up time   : 2013-03-06 21:24:57

Last physical down time : 2013-03-06 21:24:51

Port Mode: COMMON COPPER

Speed :  100,  Loopback: NONE

Duplex: FULL,  Negotiation: ENABLE

Mdi   : AUTO

Last 10 seconds input rate 176 bits/sec, 0 packets/sec

Last 10 seconds output rate 261600 bits/sec, 22 packets/sec

Input peak rate 77510584 bits/sec, Record time: 2013-02-27 15:38:05

Output peak rate 77510584 bits/sec, Record time: 2013-02-27 15:38:05

 

[SW10-S5728C]display interface GigabitEthernet 0/0/2

GigabitEthernet0/0/2 current state : UP

Line protocol current state : UP

Description:connect to SW8-S7703

Switch Port,PVID :    1,The Maximum Frame Length is 1600

IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 707b-e8c7-e821

Port Mode: COMMON COPPER

Speed :  100,  Loopback: NONE

Duplex: FULL,  Negotiation: ENABLE

Mdi   : AUTO

Last 10 seconds input rate 265936 bits/sec, 23 packets/sec

Last 10 seconds output rate 0 bits/sec, 0 packets/sec

 


[SW10-S5728C]display interface GigabitEthernet 0/0/3

GigabitEthernet0/0/3 current state : UP

Line protocol current state : UP

Description:connect to HQ-PC

Switch Port,PVID :    1,The Maximum Frame Length is 1600

IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 707b-e8c7-e821

Port Mode: COMMON COPPER

Speed : 1000,  Loopback: NONE

Duplex: FULL,  Negotiation: ENABLE

Mdi   : AUTO

Last 10 seconds input rate 0 bits/sec, 0 packets/sec

Last 10 seconds output rate 287216 bits/sec, 24 packets/sec

Captured packets from  S7700 eth2/0/1 arrive to destination port S5700 gi0/0/3

END