VLAN-Based SPAN

hello everybody,
why can i only monitoring received (rx) traffic on a VLAN ?
thanks for an answer...

Hi again:
Ingress/Egress SPAN
In the example in the section Monitor VLANs with SPAN, traffic that enters and leaves the specified ports is monitored. The field Direction: transmit/receive shows this. The Catalyst 4500/4000, 5500/5000, and 6500/6000 series switches allow you to collect only egress (outbound) or only ingress (inbound) traffic on a particular port. Add the keyword rx (receive) or tx (transmit) to the end of the command. The default value is both (tx and rx).
set span source_port destination_port [rx | tx | both]
Have you defined only rx keyword?
I hope this help. Please rate if it does.
Best regards
Alberto Giorgi from spain.

Similar Messages

  • Rule based span on Nexus 7000

    Hi all,
    I'm trying to configure rule based span on my Nexus 7000.
    I want to monitor some vlans, but limit the traffic going to my monitor station by using frame-type ipv4 filter.
    The link below explains how to configure it, but my nexus doesn't recognise the command "mode extended".
    http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/6_x/nx-os/system_management/configuration/guide/sm_nx_os_cg/sm_14span.html#wp1286697
    Am I missing something? I'm running version 6.1.3.
    Thanks,
    Joris
    NEXUS(config)# monitor session 1
    NEXUS(config-monitor)# mode extended
                                       ^
    % Invalid command at '^' marker.
    NEXUS(config-monitor)# mode ?
    *** No matching command found in current mode, matching in (exec) mode ***
      connect  Notify system on modem connection
      restart  Reenabling modem port

    Hi Joris,
    The rule based SPAN filtering was not introduced until NX-OS 6.2 so will not be available to you with NX-OS 6.1(3).
    See the section SPAN in the NX-OS 6.2 release notes.
    Regards

  • Tcl script to change access vlan based on MAC address

    Hello all.  I'm looking for some input on how best to handle this situation. I have a large nework with a lot of remote offices where we have limited control over users moving around patch cables. We're using vlan-based QoS in these office to mark voice, video, data. etc. The problem I'm having is that our users are moving video conferencing equipment to different interfaces on our swithes, which puts the VTC unit in a different vlan, fouling our QoS policy.  They then call and complain about poor video quality.
    I'm trying to come up with a way to automate putting the interface in the video vlan if a VTC unit is connected. All of our video conferencing units are from the same vendor, so they have same OUI in the MAC address. The script I've been working on looks for a line protocol up event, then checks to see what access vlan is configured on the interface. If the interface is already in the video vlan, the script exits.  if the interface is not in the video vlan, the script looks at the MAC address table for the interface and if the OUI matches a VTC unit, the script changes interface configuration. My question is, is there a better event to trigger script execution? Maybe a MAC notification trap, or something else? Line protocol transitions when the access vlan is changed, so the current script runs twice: once when the interface first comes up with a new connection, and again when the vlan is changed. 
    Script is attached.  Any help or advice is appreciated!

    Does your video equipment use CDP?  If so, then you can use the neighbor-discovery event detector to only react when you see a media endpoint being connected to a port.  Yes, MAC address notifications (the mat ED) can also work if you know the MACs of your media endpoints.

  • VLAN-based policer on Cat6500

    Hi,
    I'm trying to implement policer on Cat 6500 running CatOS 8.4.
    The configuration is as such:
    set qos enable
    set port qos 1/7 vlan-based
    set qos policer aggregate 2Mbps rate 2000 policed-dscp erate 2000 drop burst 26 eburst 26
    set qos acl mac vlan10 dscp 0 aggregate 2Mbps any any
    commit qos acl all
    set qos acl map vlan10 10
    Port 1/7 is in trunking mode that's why I'm using MAC ACL.
    But nothing is working. The output of the command 'show qos statistics aggregate-policer 2Mbps' is:
    QoS aggregate-policer statistics:
    Aggregate policer Allowed byte Bytes exceed
    count excess rate
    2Mbps 0 0
    I tried to use port-based QoS with no success.
    Am I doing something wrong? Any help will be appreciated.

    Ooops, thanks for the reminder.
    I configured IP ACL but again the output was the same.
    I changed the policer to port-based and it worked.
    Is this something to do with the fact that the port is in trunking mode?

  • EoMPLS : QinQ, Vlan-based

    Hi I'm on a EoMPLS project. I succed to connect Customer site accross EoMPLS tunnel.
    This is my architecture :
       LAN1 -- CE1 --- PE1 (7200)---- MPLS backbone --- PE2 (7200) -- CE2 -- LAN2
    Now I know how to transport vlan between CE but my problem is to understand the difference.
    In my mind, "Vlan-based" use one VLAN operator (So 1 pseudowire) to transmit all frame tagged or not to CE2. And, "QinQ" allow to do the difference between different Customer VLANs and forward accross MPLS backbone frame on different VLAN operator.
    2 questions :
    1. Have I correctly understand ??
    2. If I'm right, Why we need QinQ ?? What QinQ bring it more than VLAN-BASED ??
    3. My goal is to create on Site 1 any vlans and with VTP transport them to Site 2. What kind of these two technology based on VLAN use ??
    Thanks for answer !

    Ok thanks for answer.
    I understand the principle but PE in my case is a 7200 emulated router. I work with dynagen/dynamips server and only 7200 can be emulated no 7600 !!
    I have looked these following links :
    http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_9_ea1/configuration/guide/swtunnel.html#wp1010370
    http://www.cisco.com/en/US/docs/ios/ios_xe/mpls/configuration/guide/mp_qnq_tunneling_atom_xe.html#wp1001506
    In the first link we can see the dot1q tunnel mode with some layer 2 protocol transport CDP, STP, and VTP.
    Ideally this is my first goal --> transport VTP on site 2 by EoMPLS  but it was only on switch multilayer (like 7600) or with specially cards, I don't know. But what I know it's with my 7200 I  don't have command switchport to activate switchport mode dot1q-tunnel and l2protocol-tunnel vtp for example.
    Is it true ??
    Secondly, in the second link I read I should to be able to transport vlan frame of site 1 to site 2 but simply carry and not propagate different vlan that I created !!!
    Again, Have I correctly understand ??
    Thanks for help

  • GE cards supported for port- vlan based EoMPLS on 7600/sup720

    Hi,
    Can anyone explain/point where I can find de proper documentation where I can find the support for port- vlan based EoMPLS support cards on a 7600 with a sup720 engine on the CCO site ?
    WHich GE port cards are supporting EoMPLS and which GE cards will support it not.

    try
    www.cisco.com/go/fn
    -Waris

  • 7609 RSP vlan based internet bandwidth rate limit

    Hi,
    I have a requirements to restrict the bandwidth for CORP internet users in our metro network, Could you check this template is good to go for to restrict the download and upload speed in Users WAN interface which is VLAN, my bandwidth limitations is 5  Mbps downlink and 5 Mbps uplink.
    class-map match-all corp_traffic1
      match access-group name corp_traffic
    policy-map CORP_ingress
      class corp_traffic1
        police 5000000 500000 conform-action transmit exceed-action drop
    ip access-list extended corp_traffic
    permit ip 172.25.5.0 0.0.0.255 any
    permit ip any 172.25.5.0 0.0.0.255
    Interface vl 351
    service-policy input CORP_ingress
    service-policy output CORP_ingress
    Thanks&Regards
    -Saji

    Riccardo,
    Thank you for your response..
    I have RSP as SUP and ES20 as uplink card..
    but I have clarfication...Is service policy input is realy required...
    It seems input position is not working from this below logs..It is not matching the same
    ABR#sh policy-map interface vlan 3xx
      Service-policy input: CORP_ingress
        class-map: corp_traffic1 (match-all)
          Match: access-group name corp_traffic
          police :
            5000000 bps 156000 limit 156000 extended limit
          Earl in slot 1 :
            0 bytes
            5 minute offered rate 0 bps
            aggregate-forwarded 0 bytes action: transmit
            exceeded 0 bytes action: drop
            aggregate-forward 0 bps exceed 0 bps
          Earl in slot 2 :
            0 bytes
            5 minute offered rate 0 bps
            aggregate-forwarded 0 bytes action: transmit
            exceeded 0 bytes action: drop
            aggregate-forward 0 bps exceed 0 bps
          Earl in slot 3 :
            0 bytes
            5 minute offered rate 0 bps
            aggregate-forwarded 0 bytes action: transmit
            exceeded 0 bytes action: drop
            aggregate-forward 0 bps exceed 0 bps
          Earl in slot 5 :
            0 bytes
            5 minute offered rate 0 bps
            aggregate-forwarded 0 bytes action: transmit
            exceeded 0 bytes action: drop
            aggregate-forward 0 bps exceed 0 bps
        Class-map: class-default (match-any)
          0 packets, 0 bytes
          5 minute offered rate 0000 bps, drop rate 0000 bps
          Match: any
            0 packets, 0 bytes
            5 minute rate 0 bps
      Service-policy output: CORP_ingress
        class-map: corp_traffic1 (match-all)
          Match: access-group name corp_traffic
          police :
            5000000 bps 156000 limit 156000 extended limit
          Earl in slot 1 :
            3739884 bytes
            5 minute offered rate 20576 bps
            aggregate-forwarded 3739884 bytes action: transmit
            exceeded 0 bytes action: drop
            aggregate-forward 17464 bps exceed 0 bps
          Earl in slot 2 :
            0 bytes
            5 minute offered rate 0 bps
            aggregate-forwarded 0 bytes action: transmit
            exceeded 0 bytes action: drop
            aggregate-forward 0 bps exceed 0 bps
          Earl in slot 3 :
            105048931 bytes
            5 minute offered rate 539032 bps
            aggregate-forwarded 105048931 bytes action: transmit
            exceeded 0 bytes action: drop
            aggregate-forward 545760 bps exceed 0 bps
          Earl in slot 5 :
            0 bytes
            5 minute offered rate 0 bps
            aggregate-forwarded 0 bytes action: transmit
            exceeded 0 bytes action: drop
            aggregate-forward 0 bps exceed 0 bps
    I will post more update on this...as I am waiting for the clients to test the same..

  • Vlan based default gateway

    Alteon Web OS allows you to assign different default gateways for each VLAN. You can effectively map multiple customers to specific gateways on a single switch.
    do cisco load balancers support different default gateway for each vlan?

    one way of doing it today would be to define a serverfarm for each gateway, and have a vserver match_all for every vlan.
    For example,
    serverfarm gateway_1
    no nat client
    no nat server
    real
    x.x.x.x
    serverfarm gateway_2
    <...>
    vserver gateway_vlan1
    virtual 0.0.0.0 /0 any
    serverfarm gateway_1
    vlan
    vserver gateway_vlan2
    virtual 0.0.0.0 /0 any
    serverfarm gateway_2
    vlan

  • AP 1262 don´t negotiate with Gig Interface

    Hi !!
    I have new 1262 APs, this have Gig Interface, when I connect the AP in my 6500 with PoE Gig Interface, the AP turn on, but the interface never get up.
    I need to change the speed to 100 in the 6500 switch port, when I do this, the interface become UP.
    This is the model of the card  WS-X6148A-GE-45AF
    This is the Switch IOS  s3223-ipservicesk9_wan-mz.122-18.SXF11.bin
    The controller is 5500 version 7.2
    This is the interface config:
    interface GigabitEthernet4/36
    switchport
    switchport access vlan 308
    switchport mode access
    switchport port-security
    switchport port-security maximum 5
    switchport port-security aging time 2
    switchport port-security violation restrict
    switchport port-security aging type inactivity
    no ip address
    speed 100
    duplex full
    wrr-queue bandwidth 30 40 30
    wrr-queue queue-limit 40 30 15
    wrr-queue threshold 2 60 80 100 100 100 100 100 100
    wrr-queue threshold 3 60 80 100 100 100 100 100 100
    wrr-queue random-detect min-threshold 1 40 60 80 80 80 80 80 80
    wrr-queue random-detect max-threshold 1 70 80 100 100 100 100 100 100
    no wrr-queue random-detect 2
    no wrr-queue random-detect 3
    wrr-queue cos-map 1 1 1
    wrr-queue cos-map 1 3 0
    wrr-queue cos-map 2 2 2
    wrr-queue cos-map 2 3 4
    wrr-queue cos-map 3 2 3
    wrr-queue cos-map 3 3 6 7
    mls qos vlan-based
    spanning-tree portfast
    spanning-tree bpduguard enable
    spanning-tree guard root
    end
    switch#sh power inline | i Gi4/36
    Gi4/36    auto   on         17.3       15.4       cisco AIR-LAP1262N- 3
    Have you seen this before?

    I need to change the speed to 100 in the 6500 switch port, when I do this, the interface become UP.Have you seen this before?
    Yes I do.  ALL the time.
    This is caused by a fault in your cable.  Pair D of your cable controls GigabitEthernet and it could be the fault.  There's one way of testing and it would mean running a TDR from the 6500.    Here are the process:
    1.  Command:  test cable tdr int Gi4/36;
    2.  Wait for 61 seconds (Yes, it takes THAT long when dealing with 4500/6500 line cards);
    3.  Command:  sh  cable tdr int Gi4/36;
    4.  Please post the output.

  • Policy-map based rate-limiting per vlan

    Hi
    I was thinking if someone could help me to come up with solution to a problem. Scenario as follow:
    I have a trunk interface with multiple vlans on:
    interface GigabitEthernet2/0/3
    description TRUNK-to-*********
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 415,416,610,1191-1193,1195
    switchport mode trunk
    duplex full
    storm-control broadcast level pps 1k
    storm-control multicast level pps 3k
    storm-control unicast level pps 250k
    storm-control action trap
    spanning-tree portfast trunk
    spanning-tree bpdufilter enable
    I'm trying to rate limit two of the vlans that are present on this trunk interface - vlan 415 and vlan 1192.
    So I'm putting the class-map (to be later applied under the policy-map which is not significant here):
    (config)#class-map match-any 120-mbps-class
    (config-cmap)#match input-interface vlan 415
    (config-cmap)#match input-interface vlan 1192
    Now, when you show the class-map I created, I can see this:
    sh class-map 120-mbps-class
    Class Map match-any 120-mbps-class (id 1)
       Match input-interface  Vlan415
       Match input-interface  FastEthernet0
    For some bizzare reason class-map is matching the Fa0. I have researched this, and this is most probably because you can only match 1 vlan instance under the class-map.
    And here's my problem - I can't police whole interface as the other vlans should not be policed - how can I police those two vlans ?
    Any thoughts ? All help appreciated as always.
    Rob.

    Hi Daniel,
    I have labed it and unfortuantely it does not work as expected. I have put 1x 3750 and 1x 2960 trunk between them, each box had an access port for laptop to create some traffic across. All vlan-based qos has been applied on 3750G.
    3750G config
    Interface g1/0/20
    descriprion trunk
    swicthport trunk encapsulation dot1q
    switchport mode trunk
    switchport trunk allowed vlan 100,120
    Interface g1/0/1
    description access
    switchport mode access
    switchport access vlan 100
    Interface vlan 100
    ip address 192.168.100.254
    service-policy input PARENT-POLICER
    Interface vlan 120
    ip address 10.10.10.1
    Policy-map PARENT-POLICER
    class PERMIT-ANY-CLASS
    trust COS
    service-policy CHILD-POLICER
    class-map match-any PERMIT-ANY-CLASS
    match access-group name POLICY-LIST
    Extended IP access list POLICY-LIST
        10 permit ip any any
    Policy-map CHILD-POLICER
    class INTERFACE-POLICE-CLASS
      police 100000 8000 exceed-action drop
    Class Map match-any INTERFACE-POLICE-CLASS
    Match input-interface  GigabitEthernet1/0/20
    2960 config:
    interface g0/20
    switchport mode trunk
    switchport trunk allowed vlan 100,120
    interface g0/1
    switchport mode access
    switchport access vlan 100
    interface vlan 100
    ip address 192.168.100.253
    interface vlan 120
    ip address 10.10.10.2
    So as you can see vlan 100 is the one it need to be rate limited (I have only rate limited to 100kbps just to see if it's working) and vlan 120 is only on the trunk ports to confirm if the traffic  for this one is not affected.
    Unfortunately when the policing is applied on 3750 vlan 100 (and policing is working fine) then I can see the packet loss while pinging between switches on vlan 120 suggesting that the policy is affecting the other vlan as well. When I take the policy out of the vlan 100 I cannot observe the packet loss on vlan 120 meaning is no longer affected.
    Not sure if I have explained this clear enough so far, if not let me know.
    Do you have any suggestions ?
    Thanks!

  • How to span vlans across core layer in core/distribution/access campus design?

    Hi,
    I studied Cisco Borderless Campus Design Guide 1.0 (http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Campus/Borderless_Campus_Network_1-0/Borderless_Campus_1-0_Design_Guide.html) last week because we plan to redesign our campus backbone to a three tier Core/Distribution/Access Design.
    Today we use a collapsed backbone where a lot of vlans are spanned across the backbone because they are needed in different buildings.
    Could anybody give me a hint how Cisco recommends to deal with that kind of vlans in the multi-tier design?
    In my eyes between core and distribution layer there is only routing functionality and no l2 transport of vlans.
    So using the same vlan in different buildings seems not to be supported?
    Best Regards,
    Thorsten

    Thorsten
    Just to add to Joseph's post.
    It is quite common for a vlan to be spanned when it doesn't actually need to be ie. the network has evolved that way.
    Most things do not need L2 adjacency, they can happily use L3. Servers sometimes do but in the campus design your servers are usually located in one site so you don't need to extend vlans to other sites in your campus.
    Not suggesting this is the case for you but it may be worth checking whether you really do. (apologies if you already have)
    As Joseph mentioned you really want to avoid it if at all possible ie. ideally all connections to the core switches are L3 ie. no need for vlans at all in the core.
    If you need to extend a few vlans then you can do this but still route for all other vlans ie. you would configure your distribution to core connections as trunks and then allow the vlans you need to extend plus one other vlan, unique per distribution pair, to route all other vlans. So per site your distribution switches route all vlans except the extended vlans and of they need to route to a vlan in another site they use that unique vlan.
    But this is not ideal because you then need to extend certain vlans across the core and because you are using L2 connections STP could come into it although that does depend on your core switch selection eg. 4500/6500 VSS etc. would alleviate this.
    There are ways to extend vlans across a L3 network but the solutions available are very much dependant on the kit you use and their capabilities so if you do need multiple vlans in multiple sites but still want to keep a L3 core you may want to investigate some of those before purchasing kit (unless of course you have already purchased it).
    What you do really depends on just how many vlans you actually need to extend between sites.
    Jon

  • 802.1x dynamic vlan assignment based on MAC?

    Hello,
    I am using Catalyst3750 and Widows AD Authentication.
    Our customers' pc is runnnig Windows (isn't 802.1x capable) that is connected to the catalyst switch.
    Is it possible to dynamic assign a Vlan based on MAC?
    When possible, we want to make it without using VMPS.
    and, is there any document relating to the above.
    Thanks a lot for you help.
    Tomoyuki

    Hello Tomoyuki,
    which Radius Server are you using to authenticate your Clients?
    For the Secure ACS you can configure a feature called "MAC-Authentication-Bypass" which fullfils your requirements.
    This Feature must be configured on the Switch and on the Radius Server (which does the vlan assigment based on the MAC-Address of the Client)
    An Overwiew of this feature can be found here:
    http://www.cisco.com/univercd/cc/td/doc/solution/macauthb.pdf
    I hope this helps,
    Kind regards,
    Chris

  • SPAN for vlan across Nexus vPC

    Dear Team,
    Anyone have the experience for monitor the vlan traffic across 2 Nexus 6k switches? My scenario are 1 of the monitor server are direct attached to the 1st unit of N6k intend to monitor 2 vlans, but this 2 vlans are span across vPC where it can be transit across both units of N6K according to the vPC traffic flow methodology. I can easily span the local N6K from the 2 vlan to the destination (monitor server) ports, but how I could monitor the traffic (for that 2 vlans) arrived on 2nd unit of N6K?
    I try searching for N6K doc there is no RSPAN feature but now introduce ERSPAN, but ERSPAN got limitation stated •A destination port can only be configured in one SPAN session at a time.
    Meaning I can't configured both local SPAN and ERSPAN at N6K unit 1 to the same destination port to monitoring server?!!!
    Just wish to know is any experts came across this scenario and have experience on alternative solution, would like to hear from your expert advice, thanks in advance.
    Regards
    Chong

    Hi chuck_113th,
    Did you manage to fix the problem?

  • Spanning vlans across access switches in distribution block.... please help

    Hi All
    Can someone please explain why Cisco states that in a Campus Hierarchical modle if Vlans are spanned across Access switches in a distribution block, then the Distrubution to distribution link should be Layer 2. Is this really necesary or just a recommendation, and if so why? Can't this link be a L3 link when spanning vlans across Access switches in distribution block, as I understand the benefit of having a L3 distribution to distribution link so that SPT is avoided.
    Please help

    Hello,
    The cisco recommended design is L3 links, but these is only possible if you have no vlans you need to span over the hole network.
    It depends on your topology or what you want achieve.
    If you need for one or more vlan's spanned the LAN, you need to use a layer 2 connection between all switches and between distribution too.
    In my company we have for example a few vlans for restricted areas, like device management or else, so we can't use L3 Links in the distribution area because these vlan's are terminated at the firewall. I think these is good thing.
    I would recommend you if you don't have to span one or more vlan's across the network to use L3 Links, specially in the case of redundancy way's. So you need no spanning-tree, but need to use other protocols like GLBP or else. The works faster and are not so confusing (for some people) as STP.
    best regards,
    Sebastian

  • Vlan vs port based qos

    Hi,
    I have a question about vlan based qos. I am happy with qos configuration as applied to ports. However, vlan based qos confuses me somewhat.
    Is vlan based qos intended for situations where packets are to cross vlans? In that case, am I correct in assuming that vlan based qos has no effect on packet flows within that vlan? In that case the idea of vlan based qos would be to police/mark traffic leaving/joing that vlan?
    Or, does vlan based qos extend queuing (priority queue etc) down to ports that are members of that vlan are configured with vlan based qos? I think not but I'm not absolutely sure.
    I can't seem to get to the bottom of this on cco.
    Thanks, Steve

    Hi Steve,
    Packets do not have to cross VLANs for you to need VLAN-based QoS.
    VLAN-based QoS gives you an additional layer of queueing hierarchy. With port-based Qos, there is a set of software queues per physical port. As packets are scheduled from these queues, they are emitted from the port.
    With VLAN-based QoS, there is another layer. Each VLAN configured for VLAN-based QoS will have a set of queues associated with it, instead of having a set of queues for the physical port. This comes in useful for providers of Metro Ethernet service who offer multiple classes of service. Such ethernet services are usually sold with a fixed bandwidth per-VLAN. At egress switch ports, the provider will use vlan-based QoS to police/shape traffic in order to conform to the sold rate. Within this shaped rate, queueing will be used to ensure that the higher classes of service get preference.
    In answer to your questio, vlan-based qos does have an effect on packet flows within that vlan.
    Hope that helps - pls rate the post if it does.
    Regards,
    Paresh.

Maybe you are looking for

  • HT2455 how do I change the order of the songs on my playlist?

    I have 68 songs on my playlist.  Somehow the songs are all in alphabetical order, making my duplicates all play in a row.  How do I change the play order?

  • Error message with upgrading pacman

    Hi, I get the following on every attempt to upgrade: core is up to date extra is up to date community is up to date :: The following packages should be upgraded first :     pacman  :: Do you want to cancel the current operation :: and upgrade these p

  • What is the latest version of oracle forms?

    I need to migrate oracle forms from 6i version to the latest version. What is the latest verison for forms?. Also when we say oracle 11i forms does that mean we compile 6i/9i forms with 11i database?

  • Satellite A500 - Slower with Videos on Windows 7

    Hi, I am desperately in need of advice, I am 78 years old and going up the wall. My Satellite A500/03P was purchased with Vista preinstalled and worked well. My particular interest is the running and creation of video training clips for other Senior

  • Need to use more than 32 parameters in the workbench

    When using the workbench, we have reached the maximum number of parameters (32) but my database Iu2019m inserting into has more than 32 fields.  Is there a way to work with more than 32 parameters?  Currently I have to insert the first 32 parameters