Remote Span NX-OS
Hi,
I need to configure RSPAN between 2 nexus 7000 but i do not understand how to do it on catalyst you configure destination remote vlan
but on nexus that options is not available.
Could anybody show me with an example please?
Best regards.
Thanks in advance!!!
it should help but the code does not work according to what we are being told.. where does it actually work now?
There is current a severity 2 bug on ERSPAN running 5.1.X code. ERSPAN is broken. Most likely you are running into a variant of this bug.
CSCto31791
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCto31791
This bug will be fixed in 5.2 code which should be released later this year.
Similar Messages
-
Do CSS 11500 series allow remote SPAN?
Hi,
I found SPAN (Switch port analyzer) is available on CSS 11500 series, but could only found destination must be local. Is it possible to do remote SPAN and make the destination be in another remote switch?
And how many local span sessions are allowed?
Thanks,
Rgds
JorgeCisco WebNS Software Version 7.20 delivers support for a new Cisco CSS 11501 model and Cisco WebNS Software 7.20 supports SPAN the features.
Switched Port Analyzer (SPAN) or port mirroring is useful for network analysis?a copy of the packets received or transmitted by a source port is sent to a designated destination port.
Kindly go through these links to get detailed information:
http://www.provantage.com/cisco-systems-css11503-ac~7CSCO288.htm
http://www.cisco.com/en/US/products/hw/contnetw/ps792/prod_release_note09186a008077c440 -
Remote span between Extreme and Cisco switches
Hello,
I need to configure remote span between Extreme Networks X460-24p and Cisco Cataylst 2960X switches. 2 IP phones are connected to ports 15 and 17 on Extreme switch, and should be monitored to port 1/0/47 on Cisco switch. Extreme and Cisco switches are interconnected with trunk (port 28 on Extreme with port 1/0/51 on Cisco).
I configured the following:
On Extreme switch:
configure mirror mode enhanced
enable mirroring to port 28 remote-tag 1000
configure mirroring add port 17 ingress-and-egress
configure mirroring add port 15 ingress-and-egress
On Cisco switch:
vlan 1000
name RemoteSPAN
remote-span
monitor session 1 destination interface Gi1/0/47
monitor session 1 source remote vlan 1000
But this is not working :(
Does enyone have experience with this? I really need help to make this work.
Thanks.OK, this configuration is actually working :)
-
How can I use Local SPAN with RSPAN ??
How can I use Local SPAN with RSPAN ??
I want to mirror traffics from ISP-A and ISP-B to Anomaly-detector module.
so I had configured like this...
C6500-A
vlan 1000
name RSPAN
remote-span
monitor session 10 source interface Gi5/1 - 2 rx
monitor session 10 destination remote vlan 1000
monitor session 20 destination anomaly-detector-module 3 data-port 1
monitor session 20 source remote vlan 1000
interface GigabitEthernet1/13
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1000
switchport mode trunk
no ip address
C6500-B
vlan 1000
name RSPAN
remote-span
monitor session 10 source interface Gi5/1 - 2 rx
monitor session 10 destination remote vlan 1000
interface GigabitEthernet1/13
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1000
switchport mode trunk
no ip address
end
but it was not working..
it wasn't any change of input packet hit count when
I'd enter a command 'show anomaly-detector module 3 data-port 1 traffic'
was upper configuration wrong..?
Can I use VACL configuration ?try to change "monitor session 10 destination remote vlan 1000 " to "monitor session 10 destination anomaly-detector-module 3 data-port 1 " on C6500-A
-
Hi All,
I'm looking in to a problem regarding slow response to a file server, post implementation of RSPAN source changes.
SCENARIO
The LAN is a stack of 2/3 3750's on each floor, with a data Vlan per floor and a network wide voice Vlan 300. These access switches are gig fibre connected to two core switches, 6506's. Nortel IP handsets have been deployed and the voice Vlan 300 is being SPAN'ed to record to an IP voice recorder server. No problems there.
However, now there are Softphones deployed on various PC's and in order to facilitate staff relocation throughout the building, WITHOUT having to reconfigure any switch ports each time, the Data Vlan on each floor has also been specified as a source.
Having put additional config in to capture the data Vlan, there appears to be slow response when accessing a file server on a different Vlan. A ping -t that runs while copying a file to the Win 2003 file server actually drops and the copy hangs. If you try this again having either suspended the access switch RSPAN or shifting the file server to the other core switch, it seems to be OK and the difference in the ping response is very apparent
QUESTION
Has anyone come across any performance problems such as this and if so could you shed some light please?
Here's the config from only one of the floors:
DATA Vlan 112
VOICE Vlan 300
Remote SPAN dest Vlan 30
monitor session 1 source vlan 112 , 300
monitor session 1 destination remote vlan 30
Here's the config from the core switch where the voice recorder sits;
interface GigabitEthernet4/2
description *** SPAN destination for Witness CSS01 NIC 1 ***
no ip address
speed 100
duplex full
switchport
spanning-tree portfast
monitor session 1 destination interface Gi4/2
monitor session 1 source remote vlan 30
Kind Regards
AliHello Ali,
I expirienced trouble with 3750 using 1000-BASE-SX and 1000-BASE-LH lasers that gave poor peformance with file transfers.
This was the case on switches that had MLS QoS enabled for IP phones.
The symptoms are described in bug toolkit CSCeg29704. There is a workaround. Upgrading to 12.2(25)SED or higher resolves the problem.
Release Notes
After enabling QOS on 3750 and 3560 switches, certain application (mostly bursty
and TCP based) experience significant performance degradation due to unexpected
packet drops on some of the egress queues.
This is due to initial default egress queue threshold settings
(when qos enabled) not optimized for this type of traffic pattern.
This initial default queue threshold settings (when qos enabled)
thus need to be changed to accommodate these traffic.
Workaround:
Tune the egress queue thresholds parameters to
allocate more to the affected queues.
Specifically, egress queue 2 thresholds need to have the following settings:
Thresholds1 = 200
Thresholds2 = 200
Reserved = 50
Maximum = 400
e.g.
mls qos queue-set output 1 threshold 2 200 200 50 400
mls qos queue-set output 2 threshold 2 200 200 50 400
HTH
Leon
* Please rate useful posts. -
Hi All,
I have a similar setup to the attached. I want to make sure that I mirror all traffic going through vlan 1. The Server is my device that I will be mirroring all traffic to. How do I ensure that traffic from all switches on VLAN 1 is mirrored to the port the server is plugged into?
On the Core switch I currently have the following -
monitor session 1 source vlan 1
monitor session 1 destination interface Gi4/0/22 (This is where my server is plugged into)
But I don't think I'm actually monitoring traffic from the other switches. Is there something else I need to add / configure on my access switching to ensure I'm spanning all VLAN 1 traffic from all switches to my server?
ThanksAre you monitoring on an egress switch like the switch that the default gateway is for all of your users? If so, you should be capturing everything. If not, you'll possibly need to move your capture. This type of capture is local to a switch. The only other way that I know if is to create an RSPAN session on every switch that you want to capture from. You create a special remote span vlan. On the edge switch, monitor for vlan 1 as the source, and the destination is that special vlan. Do that for every switch. On your capture switch, monitor the source of the special vlan and then your destination would be your port. You would capture all traffic at that point..
HTH,
John -
Need a little help with this since I am not too familiar with RSPAN. Here is the situation in a nutshell. We have a Voice and Data network over multiple 3560 switches configured with several VLANs as follows:
VLAN 2 - Voice
VLAN 3 - Data
VLAN 10 - Voice
We use an IPCC recording server attached to the second switch to record calls on VLAN 10 (hence the two voice VLAN's). The phones that are on VLAN 10 are spread out between all 5 switches. The port on the second switch is tagged to VLAN 20 and is the only port on VLAN 20. Currently I have the monitor setup on Switch 1 as follows:
#show monitor
Session 1
Type : Remote Source Session
Source VLANs :
Both : 10
Dest RSPAN VLAN : 20
monitor session 1 source vlan 10
monitor session 1 destination remote vlan 20
The problem is two fold. Not all of the phones on VLAN 10 are able to be recorded on the server. We are also able to record some of the phones from VLAN 2 even though they should not be able to.
Its been suggested that doing this via RSPAN would fix the problem. If thats the case then what should the RSPAN config look like?When you say VLAN 100 do you mean VLAN 99?
From what I am gathering the basic config for all the switches where the destination port/vlan is not on would be as follows:
create vlan 99 with:
vlan 99
remote-span
then setup the monitor:
monitor session 1 source vlan 10
monitor session 1 destination vlan 99
On the switch where the destination would be is:
create vlan 99 with:
vlan 99
remote-span
then setup the monitor:
monitor session 1 source vlan 10
monitor session 1 destination vlan 99
then setup the second monitor:
monitor session 2 source vlan 99
monitor session 2 desination interface fa0/20
By doing it that way I basically get ride of vlan 20 that I was using before in favor of a specific port. -
Cisco Noob - Layer 3 Routing / VLAN / Spanning Tree
Hi All ...
I need some pointers on which commands / settings and where, I know what I want to achieve but the things I am trying seem to be 'mutually exclusive' - either that or i'm missing something - I am not a Cisco IOS expert but I know my way around a network.
Take 3 3560 switches in Layer 3 mode, there is a 'local' fibre spanning tree ring serving mulriple switches on each, each ring is it's own IP segment / VLAN. There is then a trunk between each switch on which I want to establish a load sharing / spanning tree circuit i.e.
SW1 hosts VLAN 2 via copper on fa0/1 -12, ip address 10.10.2.254
SW1 hosts VLAN 3 via a fibre spanning tree circuit on G0/1 & G0/2, dhcp 10.10.3.0/24, trunk 1 on G0/3 and trunk 2 on G0/4
SW1 hosts VLAN 10, ip address 10.10.10.1 (trunks 1 and 2 have no IP address but are members of VLAN 10)
SW2 hosts VLAN 4 via a fibre spanning tree circuit on G0/1 & G0/2, dhcp 10.10.4.0/24, trunk 1 on G0/3 and trunk 2 on G0/4
SW2 hosts VLAN 10, ip address 10.10.10.2 (trunks 1 and 2 have no IP address but are members of VLAN 10)
SW3 hosts VLAN 5 via a fibre spanning tree circuit on G0/1 & G0/2, dhcp 10.10.5.0/24, trunk 1 on G0/3 and trunk 2 on G0/4
SW3 hosts VLAN 10, ip address 10.10.10.3 (trunks 1 and 2 have no IP address but are members of VLAN 10)
SW1 G0/3 is a SMF trunk to SW2 G0/3
SW1 G0/4 is a SMF trunk to SW3 G0/3
SW2 G0/4 is a SMF trunk to SW3 G0/4
The trunks are configured as "trunk encapsulation dot1q", ip routing is enabled.
I can get the trunks working OK - but I can't seem to get routing to work across them - if I define an interface on SW1 with an IP set in SW3 the switch complains so it can clearly see it so which command have I missed.
All VLAN's are part of the same domain, each VLAN has it's own DHCP hosted on it's hosting switch. The VLAN ip address is excluded from DHCP and is the default gateway for each VLAN.
All VLAN's must be able to reach VLAN2 (contains SQL servers and DNS, Time etc etc), the VLAN's are working, DHCP etc is all working - but I can't get anything other than VLAN 10 IP's to talk across the trunks - I've tried adding spanning-tree vlan 2,3,4,5,10 but this hasn't worked, the ip route-map shows nothing, if you show spanning-tree the trunk ports do show up as an interface for all VLAN's - and yet no traffic passes across them - show route displays nothing. I tried adding ip route 10.10.*.0 255.255.255.0 10.10.2.254 (where 10.10.2.254 is the ip address of VLAN 2) but that's done nothing.
I have tried various combinations - unsuccessful so far - I need the trunks to be not only fault tolerant but load sharing which kind of negates fixing IP's on them - or does it ?? - what am I missing ?
(switches are all running IP services IOS)Hi John ,, here is the sh ip route and sh ip eigrp from all three.
The ip address I'm trying to reach from SW1, SW2 is 10.10.2.253 - the DNS server - the server is available and connected to a copper port designated and assigned to VLAN 2 (which has the root ip of 10.10.2.254) dhcp is not enabled for VLAN 2.
I can ping the DNS box from VLAN 5 (same switch as VLAN 2).
The copper ports on the SW1 and SW2 boxes refuse to 'come up' - they remain shutdown no matter what. I haven't yet configured VLAN 10 ....
(NOTE - these switches are on the bench right now - I intend to ge tthe config sorted / tested and verified before they go into production)
SWITCH 1 - Host for VLAN 3 and 10
SW1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
D 10.10.2.0/24 [90/3072] via 10.10.10.6, 01:19:29, GigabitEthernet0/2
C 10.10.10.0/30 is directly connected, GigabitEthernet0/1
C 10.10.10.4/30 is directly connected, GigabitEthernet0/2
SW1#sh ip eigrp interfaces
EIGRP-IPv4:(10) interfaces for process 10
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/2 1 0/0 1 0/1 0 0
Vl3 0 0/0 0 0/1 0 0
SW1#
SWITCH 2 - Host for VLAN 4 and 10
SW2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/30 is subnetted, 2 subnets
C 10.10.10.8 is directly connected, GigabitEthernet0/1
C 10.10.10.0 is directly connected, GigabitEthernet0/2
SW2#sh ip eigrp interfaces
EIGRP-IPv4:(10) interfaces for process 10
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/2 0 0/0 0 0/1 0 0
Gi0/1 0 0/0 0 0/1 0 0
Vl4 0 0/0 0 0/1 0 0
SW2#
SWITCH 3 - Host for VLAN 2, 5 and 10
SW3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 10.10.10.8/30 is directly connected, GigabitEthernet0/1
C 10.10.2.0/24 is directly connected, Vlan2
C 10.10.10.4/30 is directly connected, GigabitEthernet0/2
SW3#sh ip eigrp interfaces
EIGRP-IPv4:(5) interfaces for process 5
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Vl2 0 0/0 0 0/1 0 0
Vl5 0 0/0 0 0/1 0 0
EIGRP-IPv4(0)(0) interfaces for process 0
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
EIGRP-IPv4:(10) interfaces for process 10
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/2 1 0/0 1 0/1 50 0
Vl5 0 0/0 0 0/1 0 0
Vl2 0 0/0 0 0/1 0 0
SW3#
SW3#show vlan
VLAN Name Status Ports
1 default active
2 SERVERS active Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
4 DB5-LAN active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Gi0/1, Gi/2
10 MANAGER active Fa0/21, Fa0/22, Fa0/23, Fa0/24
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
5 enet 100005 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
Primary Secondary Type Ports
PPS : I'm using ports Gi0/1 and Gi0/2 for now - I removed these from DB5-LAN and can now 'ping' from SW1 but not from SW2 - but the local copper is still dead on SW1 and SW2
Copper channels not dead - faulty patch lead ... the simplest things .... -
Interface Vlan is not installed in routing table
Dear All,
Today I faced a strange problem and I want to share it with you to find what is the problem ?
we have a VRF for one customer and we use interface vlan to define customer's branch.
The customer interface is VLAN 422 and it is defined under customer VRF probably .
PE#sh running-config vrf V3056:RIYADHBANK
Building configuration...
Current configuration : 1321 bytes
ip vrf V3056:RIYADHBANK
rd 65000:3887
maximum routes 1400 80
route-target export 65000:5405
route-target import 65000:5405
route-target import 65000:5406
interface Vlan422
description By *****
ip vrf forwarding V3056:RIYADHBANK
ip address 172.29.12.97 255.255.255.252
service-policy input 2M_IN
PE#sh vlan id 422
VLAN Name Status Ports
422 422 active Gi3/0/11 efp_id 422
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
422 enet 100422 1500 - - - - - 0 0
Remote SPAN VLAN
Disabled
Primary Secondary Type Ports
PE#
we can see the interface vlan is up
PE-L3Agg-Khu-107-2#sh int vlan 422 description
Interface Status Protocol Description
Vl422 up up ****
PE#
and we can see the vlan 422 belongs to the correct VRF
PE#sh vrf V3056:RIYADHBANK
Name Default RD Protocols Interfaces
V3056:RIYADHBANK 65000:3887 ipv4 Vl627
Vl775
Vl422
PE#
when we tried to troubleshoot the customer routing we found :
PE-L3Agg-Khu-107-2#ping vrf V3056:RIYADHBANK 172.29.12.97
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.29.12.97, timeout is 2 seconds:
Success rate is 0 percent (0/5)
PE-#
we could not ping the ip address of interface vlan 422.
PE#sh ip route vrf V3056:RIYADHBANK 172.29.12.97
Routing Table: V3056:RIYADHBANK
% Subnet not in table
PE#
PE#show ip route vrf V3056:RIYADHBANK connected
Routing Table: V3056:RIYADHBANK
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 192.168.111.16 to network 0.0.0.0
172.29.0.0/16 is variably subnetted, 338 subnets, 2 masks
C 172.29.12.44/30 is directly connected, Vlan627
L 172.29.12.45/32 is directly connected, Vlan627
PE-L3Agg-Khu-107-2#
PE-L3Agg-Khu-107-2#
My question is: Why the interface vlan 422 is not installed in VRF Table as it is UP ??
thanks in advance!
Rashed Wardi.what platform is this? can you please paste the output of show version and show run?
Also when you tested this was int Gi3/0/11 up/up?
Best Regards,
Bheem -
RSPAN does not put IPv6 multicast traffic into port
Hi.
There is two switches in the equation:
WS-C2960-24TT-L 12.2(55)SE5 C2960-LANBASEK9-M
and stack of
Switch Ports Model SW Version SW Image
1 12 WS-C3750G-12S 12.2(55)SE8 C3750-IPSERVICESK9-M
2 12 WS-C3750G-12S 12.2(55)SE8 C3750-IPSERVICESK9-M
* 3 24 WS-C3750G-24T 12.2(55)SE8 C3750-IPSERVICESK9-M
3 is a master
There is VTP domain with pruning off and RSPAN VLAN 1001
core#sho vlan remote-span
Remote SPAN VLANs
1001
there is RSPAN session on first:
#sho monitor session 1
Session 1
Type : Remote Source Session
Source Ports :
Both : Fa0/11
Dest RSPAN VLAN : 1001
Port Fa0/11 is in access mode, VLAN 303
and on second:
core#sho monitor session 1
Session 1
Type : Remote Destination Session
Source RSPAN VLAN : 1001
Destination Ports : Gi3/0/2
Encapsulation : Native
Ingress : Disabled
Problem is that i can't see any IPv6 multicast traffic (like ICMPv6 RA or such) on Gi3/0/2 which is absolutely sure there, because if i remove monitoring session on core switch and put Gi3/0/2 into trunk mode, i can see packets i need in vlan 1001:
# tcpdump -s0 -nnvei eth1 vlan 1001 and ip6
tcpdump: WARNING: eth1: no IPv4 address assigned
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
14:17:37.059045 50:57:a8:f0:72:1b > 33:33:ff:00:00:01, ethertype 802.1Q (0x8100), length 90: vlan 1001, p 0, ethertype IPv6, (class 0xe0, hlim 255, next-header ICMPv6 (58) payload length: 32) 2abc:abc:1:600b::2 > ff02::1:ff00:1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has 2abc:abc:1:600b::1
source link-address option (1), length 8 (1): 50:57:a8:f0:72:1b
14:17:38.083266 50:57:a8:f0:72:1b > 33:33:ff:00:00:01, ethertype 802.1Q (0x8100), length 90: vlan 1001, p 0, ethertype IPv6, (class 0xe0, hlim 255, next-header ICMPv6 (58) payload length: 32) 2abc:abc:1:600b::2 > ff02::1:ff00:1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has 2abc:abc:1:600b::1
source link-address option (1), length 8 (1): 50:57:a8:f0:72:1b
14:17:39.107068 50:57:a8:f0:72:1b > 33:33:ff:00:00:01, ethertype 802.1Q (0x8100), length 90: vlan 1001, p 0, ethertype IPv6, (class 0xe0, hlim 255, next-header ICMPv6 (58) payload length: 32) 2abc:abc:1:600b::2 > ff02::1:ff00:1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has 2abc:abc:1:600b::1
source link-address option (1), length 8 (1): 50:57:a8:f0:72:1b
There is no such problem with usual unicast and broadcast traffic.
Any suggestions?Interestingly, i've found bug CSCsr64007 which i stubmbled upon on one of my switches during troubleshooting. The effect of this bug was that RSPAN took IPv6 multicast packets from unrelated VLANs and forwarded them into monitor port.
Looks like they have "fixed" it filtering IPv6 multicast completely. -
I have a single trunk on a 3560 connected to a Juniper EX4500 running PVST and the switch is also the root bridge as another 3560 on another port is also connected via a single trunk, both ports are fibre connected, one MM and one SM.
The port to the Juniper, g0/26, has 8 VLANs running through it of which 2 of them are in a P2p self-looped state. All physical links out of this switch are single links. There is two ESX hosts but no port-channels only individual trunk links, there are two port-channels to a NetApp SAN with two ports per channel.
On the Juniper I run MSTP but block it at the port level that connects to the Cisco. I've checked all physical cabling to ensure no loops, also checked the other 3560 just in case. I have rebooted the switch as well. The fibre link used has also been changed as there is a 12core fibre between the two locations linking the 3560's. I haven't moved the SFP to a spare port yet to see if it is a port issue however.
The port to the other 3560 is g0/25.
This is the output of show spanning-tree interface g0/26:
VLAN0001 Desg FWD 4 128.26 P2p
VLAN0006 Desg FWD 4 128.26 P2p
VLAN0010 Desg BLK 4 128.26 P2p self-looped
VLAN0032 Desg FWD 4 128.26 P2p
VLAN0034 Desg BLK 4 128.26 P2p self-looped
VLAN0036 Desg FWD 4 128.26 P2p
VLAN0043 Desg FWD 4 128.26 P2p
VLAN0192 Desg FWD 4 128.26 P2p
I've also looked for other possible devices that may cause this but haven't disconnected either the ESX hosts or NetApp SAN ports, even individual links in case they are the cause.
It started 2 months ago, luckily there is other networks available and the networks having the issue only service one individual however the voice network is affected, vlan0010.Cisco 3560(not explicitly defined in config)
VLAN Name Status Ports
10 voice active Gi0/7, Gi0/8, Gi0/9, Gi0/10
Gi0/11, Gi0/19, Gi0/20, Gi0/21
Gi0/22, Gi0/25, Gi0/26
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
10 enet 100010 1500 - - - - - 0 0
Remote SPAN VLAN
Disabled
Primary Secondary Type Ports
VLAN Name Status Ports
34 Clients active Gi0/8, Gi0/9, Gi0/10, Gi0/11
Gi0/19, Gi0/20, Gi0/21, Gi0/22
Gi0/25, Gi0/26
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
34 enet 100034 1500 - - - - - 0 0
Remote SPAN VLAN
Disabled
Primary Secondary Type Ports
VLAN Name Status Ports
1 default active Gi0/1, Gi0/2, Gi0/3, Gi0/4
Gi0/12, Gi0/13, Gi0/14, Gi0/17
Gi0/18, Gi0/24, Gi0/27, Gi0/28
6 <name removed> active
10 voice active Gi0/7
32 <name removed> active Gi0/7, Gi0/23
34 Clients active
36 <name removed> active
43 <name removed> active
192 <name removed> active
Port config(g0/26) to Juniper:
interface GigabitEthernet0/26
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
Port config to other 3560:
interface GigabitEthernet0/25
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
Juniper:
clients {
vlan-id 34;
l3-interface vlan.34;
family inet {
address x.x.x.x/23;
voice {
vlan-id 10;
l3-interface vlan.10;
family inet {
address y.y.y.y/22;
MSTP config:
set protocols mstp msti 1 bridge-priority 16k
set protocols mstp msti 1 vlan [voice clients ...]
Interface MSTP protocol config to 3560(mstp disabled):
interface ge-1/0/30.0 {
disable;
Port configuration link to 3560:
mtu 9216;
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ clients voice ... ];
native-vlan-id 36;
Is there any specific info you are looking for?
I've filtered it for just the two vlans that are in the self-looped mode. -
Hi all,
I'm having some difficulties setting up an RSPAN to work from a specific remote office.
I have the config working for our main head office and another remote office which tells me that its probably something in the remote switch configuration, but any pointed in the right direction would be great.
Remote Office Remote VLAN:
nlh_mar1_f20_cs1#show vlan remote-span
Remote SPAN VLANs
99
Remote Office RSPAN:
nlh_mar1_f20_cs1#show monitor
Session 1
Type : Remote Source Session
Source VLANs :
Both : 216
Dest RSPAN VLAN : 99
Remote office RSPAN config:
monitor session 1 source vlan 216
monitor session 1 destination remote vlan 99
Remote office trunk to Head Office:
interface FastEthernet0/8
switchport trunk encapsulation dot1q
switchport trunk native vlan 66
switchport trunk allowed vlan 10,16,66,99,900,998,1000
switchport mode trunk
speed 100
duplex full
priority-queue out
mls qos trust dscp
end
Head office trunk to remote office:
interface GigabitEthernet3/0/14
switchport trunk encapsulation dot1q
switchport trunk native vlan 66
switchport trunk allowed vlan 10,16,66,99,900,998,1000
switchport mode trunk
speed 100
duplex full
priority-queue out
end
Head Office RSPAN:
HO-Core#show monitor
Session 2
Type : Remote Destination Session
Source RSPAN VLAN : 99
Destination Ports : Gi2/0/9
Encapsulation : Native
Ingress : Disabled
Head Office RSPAN config:
monitor session 2 destination interface Gi2/0/9
monitor session 2 source remote vlan 99
Head Office RSPAN VLAN:
HO-Core#show vlan remote-span
Remote SPAN VLANs
99
RyanHi - has anyone seen something similar to this happen before?
-
hi all,
i'm trying to configure a few 3650s for PVLAN but it seems it doesn't support it.
it's already configured for VTP transparent mode.
i thought 'newer' switches should already have this feature.
anyone can advise if i need to upgrade IOS or is it a platform restriction?
or is there some command that i need to enable on this kind of switch?
SW#sh vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : <SNIP>
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 74a2.e665.2200
Configuration last modified by 192.168.1.1 at 0-0-00 00:00:00
Feature VLAN:
VTP Operating Mode : Transparent <<<
Maximum VLANs supported locally : 1005
Number of existing VLANs : 14
Configuration Revision : 0
MD5 digest : 0xBC 0x96 0x7F 0xE1 0xA8 0x8A 0x1C 0x82
0x1F 0x1C 0x90 0x9A 0x82 0xA7 0xB7 0x9F
SW(config-vlan)(config)#vlan 81
SW(config-vlan)(config-vlan)#?
VLAN configuration commands:
are Maximum number of All Route Explorer hops for this VLAN (or zero
if none specified)
backupcrf Backup CRF mode of the VLAN
bridge Bridging characteristics of the VLAN
exit Apply changes, bump revision number, and exit mode
media Media type of the VLAN
name Ascii name of the VLAN
no Negate a command or set its defaults
parent ID number of the Parent VLAN of FDDI or Token Ring type VLANs
remote-span Configure as Remote SPAN VLAN
ring Ring number of FDDI or Token Ring type VLANs
said IEEE 802.10 SAID
shutdown Shutdown VLAN switching
state Operational state of the VLAN
ste Maximum number of Spanning Tree Explorer hops for this VLAN (or
zero if none specified)
stp Spanning tree characteristics of the VLAN
tb-vlan1 ID number of the first translational VLAN for this VLAN (or zero
if none)
tb-vlan2 ID number of the second translational VLAN for this VLAN (or
zero if none)
SW(config-vlan)#p?
parent
SW(config-vlan)# private-vlan community
^
% Invalid input detected at '^' marker.
SW#sh ve
Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.03.04SE RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Fri 29-Aug-14 22:22 by prod_rel_team
Cisco IOS-XE software, Copyright (c) 2005-2014 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.
(http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: IOS-XE ROMMON
BOOTLDR: CAT3K_CAA Boot Loader (CAT3K_CAA-HBOOT-M) Version 1.2, RELEASE SOFTWARE (P)
--More--
*Feb 3 04:50:55.883: %SYS-5-CONFIG_I: Configured from console b e
ends10sw06 uptime is 26 minutes
Uptime for this control processor is 28 minutes
System returned to ROM by reload
System image file is "flash:packages.conf"
Last reload reason: reload
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
License Level: Ipbase
License Type: Permanent
Next reload license Level: Ipbase
cisco WS-C3650-48PS (MIPS) processor with 4194304K bytes of physical memory.
Processor board ID FDO1852Exxx
1 Virtual Ethernet interface
52 Gigabit Ethernet interfaces
2048K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
250456K bytes of Crash Files at crashinfo:.
1609272K bytes of Flash at flash:.
0K bytes of Dummy USB Flash at usbflash0:.
0K bytes of at webui:.
Base Ethernet MAC Address : 74:a2:e6:65:22:00
Motherboard Assembly Number : 73-15131-05
Motherboard Serial Number : FDO18530xxx
Model Revision Number : D0
Motherboard Revision Number : A0
Model Number : WS-C3650-48PS
System Serial Number : FDO1852Exxx
Switch Ports Model SW Version SW Image Mode
* 1 52 WS-C3650-48PS 03.03.04SE cat3k_caa-universalk9 INSTALL
Configuration register is 0x102Hello
fyi - Looks like IOS-XE doesn't support it
http://https://tools.cisco.com/Support/CLILookup/cltSearchAction.do
res
Paul -
We are deploying ISE and everything seems to be working just fine.
We have a series of servers accessing the network using etherchannels.
We are complete aware that 802.1X is not recommended for Servers but we would like to activate it for a proof of concept.
Is there a way (or work around) to activate 802.1X in a port-channel?
Thanks for your help!Hello vbuendia, I wonder if we know each other?
802.1x is not supported on port-channels. You can potentially look into SGA for securing servers in your environment.
Here is a snip-it from the 15.x configuration guide:
The 802.1x protocol is supported on Layer 2 static-access ports, voice VLAN ports, and Layer 3
routed ports, but it is not supported on these port types:
– Trunk port—If you try to enable 802.1x authentication on a trunk port, an error message
appears, and 802.1x authentication is not enabled. If you try to change the mode of an
802.1x-enabled port to trunk, an error message appears, and the port mode is not changed.
– Dynamic ports—A port in dynamic mode can negotiate with its neighbor to become a trunk
port. If you try to enable 802.1x authentication on a dynamic port, an error message appears,
and 802.1x authentication is not enabled. If you try to change the mode of an 802.1x-enabled
port to dynamic, an error message appears, and the port mode is not changed.
– Dynamic-access ports—If you try to enable 802.1x authentication on a dynamic-access (VLAN
Query Protocol [VQP]) port, an error message appears, and 802.1x authentication is not
enabled. If you try to change an 802.1x-enabled port to dynamic VLAN assignment, an error
message appears, and the VLAN configuration is not changed.
– EtherChannel port—Do not configure a port that is an active or a not-yet-active member of an
EtherChannel as an 802.1x port. If you try to enable 802.1x authentication on an EtherChannel
port, an error message appears, and 802.1x authentication is not enabled.
– Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) destination ports—You can
enable 802.1x authentication on a port that is a SPAN or RSPAN destination port. However,
802.1x authentication is disabled until the port is removed as a SPAN or RSPAN destination
port. You can enable 802.1x authentication on a SPAN or RSPAN source port.
Thank you for rating! -
Hello All,
I'm looking for features of NAM 3.0 which may help on daily operational basis, below are few questions regarding the same:
1. Can NAM give real time data showing which IP addresses are connected to a particular server?
2. Can it provide details of which protocol is abruptly disconnecting between two end-points?
3. If I deploy Cisco NAM at my data centre in HQ, how would it help me monitor my traffic at remote sites, or does it help at all in this regards?
4. Can it differentiate between traffic coming from load balancers, WAN optimizers, SSL devices, etc apart from regular endpoints like servers, desktops?
5. I'm guessing it already does, but just wanted to know if NAM gives complete details of all ports active on a server and which protocols, clients connected to it?
6. Does it show real time traffic between two endpoints like two hosts on different remote sites?
Thank you.
Regards,
AdnanNAM, NAM1, NAM2, NAM SoftAppliance, NAM WAAS Blade or NAM Appliances are hardware denominators. Each new hardware release brings new chipsets, designs and hardware capabilities to NAM.
But majorly, all features depends on the software version you are using, either NAM Software 4.x or 5.x.
As an example, it is like using a Windows Software on a old single processor or a new Quad-core processor, features may remain same. However, some of the selective features does depend on Hardware as well, but mostly the robust hardware adds performence.
The latest NAM3 has following architecture:
•Two high-performance CPUs with hardware-based packet acceleration offering greater than 10 Gigabit Ethernet monitoring performance, 24 GB RAM, 600 GB SATA hard disk drive, mini SAS, and 10 Gigabit Ethernet external storage interface, and 1 Gigabit Ethernet management interface
• 20 gigabit interface to backplane for Switched Port Analyzer (SPAN)/VLAN access control list (VACL) capture data sources, NetFlow, encapsulated remote SPAN (ERSPAN), Cisco WAAS, and Cisco Performance Agent (PA) data sources
For more details on NAM3 please visit this link:
http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps11659/data_sheet_c78-655374.html
-Thanks
Maybe you are looking for
-
AS2 Module tab.. Mapping Names for modified Standard Msg types ? ? BIC ??
HI All, Im using AS2 adapter for standard PO message type <b>orders.orders05</b> and i thought of using the seeburger standard mapping name "<b>See_E2X_ORDERS_850</b>" in AS2 Module tab. Now the problem is my client has extended the idoc to <b>orde
-
This is a subject i'm not to familiar with but i do know a little about antenna design. I was wondering what caused apple to switch to a different design (did they?). What research caused this change ? Thanks, David ps: was also wondering what the di
-
One more time...Incorrect Address message
Just joined so messed up my first post. Recently I've been getting an "Incorrect Address" drop down message when I try to buy music from the iTunes Music Store. I haven't changed any of my billing or credit card info at all but continue to get this m
-
TS3297 Make sure your computer's date is set correctly and that it accepts cookies from iTunes? WHa?
Trying to download a digital copy of a movie and get this message, any sudggestions other than the obvious... checking the date and cookies. (Which I have.)
-
PB won't automatically sleep ...
unless I do it manually. Power adapter settings are set to put the computer to sleep automatically in 15 min. and the display in 5 min. The display always sleeps correctly, but not the computer. I checked to see if anything (to my limited knowledge)