Vlan tag preservation span monitoring

Similar Messages

• Span & wireshark to see p-bits and vlan tags

  Problem:
  I do not see 802.1Q tags nor do I see p-bits (COS) in my wireshark captures. My setup is not working and I have no way to verify (sniff) that the 6509 is setting the p-bits to 3. I need to see them to troubleshoot effectively. Help!
  Setup:
  I am port mirroring off of my 6509. Port 1/16 should be tagging and setting the p-bits to a value of 3. How can I confirm?
  interface GigabitEthernet1/16
  description DonkX
  no ip address
  load-interval 30
  mls qos cos 3       ! I've tried my tests with and without this command
  mls qos cos trust      ! I've tried my tests with and without this command
  switchport
  switchport access vlan 941
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 941
  switchport mode trunk
  no cdp enable
  end
  sho mon
  Session 1
  Type                   : Local Session
  Source Ports           :
      Both               : Gi1/16
  Destination Ports      : Gi8/47
  Port G1/16 is the GE uplink to DonkX
  Port G8/47 is the Windows 2003 Server with wireshark.
  Port G8/9 is my RH4 Linux box with TCPdump.
  Steps taken to resolve the problem:
  I have followed this document to set this up correctly on my windows box with a Intel Proset 1000MT. I have updated the drivers and made the registry changes with no captures showing tagging/cos information.
  http://www.intel.com/support/network/sb/CS-005897.htm
  Regardless of my settings, this document says I shouldn't have to worry about drivers:
  http://wiki.wireshark.org/CaptureSetup/VLAN
  "You'll definitely see the VLAN tags, regardless of what OS the independent system is running or what type of network adapter you're using."
  Details:
  I am testing a new GPON access product (DonkX) that uplinks via GigE using trunking and setting p-bits. To prioritize my video the new DonkX sets the p-bits to 3 and it instantly ceases that traffic. I have only unidirectional traffic at this point so I can no longer arp, icmp, ftp, tftp, noth'n. The 6509 sends back a response to DonkX but I believe it is dropped because the p-bit is not set to 3. If I remove the priority from 3 to 0 on the DonkX system then it works correctly but without QoS of course.
  -JGR

  Alright, the saga continues. I saw tagged frames last week but began troubleshooting again this morning and can't see tagged frames!
  If I remove the span then I can see tagged traffic on g8/47 (Windows 2003 Server 802.1q not configured on NIC). If I turn on monitoring I see no tagged traffic. I also tried this on a laptop running Fedora 12 (on g8/47) and had the same results. Any ideas?
  I've mirrored another trunk port that is in production passing tagged traffic to an 3560 trunked and going to an ASA. The port to the 3560 and ASA (g3/7) requires tagging and works properly; however, I cannot see tags on this port either. Do you see anything obvious here or is this looking like a tac case?
  interface GigabitEthernet1/16
  description DonkX
  no ip address
  load-interval 30
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 941
  switchport mode trunk
  no cdp enable
  end
  interface GigabitEthernet8/47
  no ip address
  switchport
  switchport trunk encapsulation dot1q
  switchport mode trunk
  no cdp enable
  end
  conf t
  no mon sess 1
  mon sess 1 sourc int g1/16
  mon sess 1 dest int g8/47
  sho mon
  Session 1
  Type                   : Local Session
  Source Ports           :
      Both               : Gi1/16
  Destination Ports      : Gi8/47
  Unit details:
  WS-C6509 Version 12.2(18)SXD4
  NAME: "1", DESCR: "WS-X6516A-GBIC SFM-capable 16 port 1000mb GBIC Rev. 4.2"
  PID: WS-X6516A-GBIC
  NAME: "8", DESCR: "WS-X6748-GE-TX CEF720 48 port 10/100/1000mb Ethernet Rev. 2.3"
  PID: WS-X6748-GE-TX
  NAME: "6", DESCR: "WS-SUP720-BASE 2 ports Supervisor Engine 720 Rev. 3.1"
  PID: WS-SUP720-BASE
  NAME: "msfc sub-module of 6", DESCR: "WS-SUP720 MSFC3 Daughterboard Rev. 2.3"
  PID: WS-SUP720
  NAME: "switching engine sub-module of 6", DESCR: "WS-F6K-PFC3A Policy Feature Card 3 Rev. 2.4"
  PID: WS-F6K-PFC3A

• Vlan tag issue with Nexus 4001 in IBM Blade Centre

  Hi
  I have a DC architecture with a pair of Nexus 7010's running 3 VDC's (Core/Aggregation/Enterprise). I have at the edge Nexus 5548's which connect to back to the Aggregation VDC. Also connecting back to the Aggregation VDC is an IBM Blade Chassis which has a Nexus 4001i in slots 7 and slot 9. These blade servers are running ESXi 4.0 and are mapped to the Nexus 4001 blade switch.
  I had set up the Native VLAN as VLAN 999 which connects up to the ESXi host and I am trunking up multiple VLANS for the Virtual Machines.
  The problem I have is that VM's in all VLANS except the ESXi host VLAN (VLAN 10) cannot see their default gateway, and I suspect that there is an issue with the VLAN tag going up to the ESXi host. I have read enough documentation to suggest that this is where the issue is.
  My Nexus 4001 interface configuration is below
  interface Ethernet1/1
    switchport mode trunk
    switchport trunk native vlan 999
    switchport trunk allowed vlan 10,30,40-41,60-62,90,96,999
    spanning-tree port type edge trunk
    speed auto
  The Aggregation VDC on the Nexus 7010 is the default gateway for all these VLANS.
  I also noted that the Nexus 5000 and Nexus 7000 supports the command vlan dot1q tag native command yet the Nexus 4000 doesn't seem to support this. Any assistance would be useful
  Thanks
  Greg

  Your configuration on the N4K looks correct. You shouldn't use vlan dot1q tag native commands on your N7Ks and N5Ks. Native VLAN tagging is really for QinQ (dot1q tunneling).
  My only suggestion is check your configuration of the vSwitch in the ESXi host and the host network profile.
  Regards,
  jerry

• Mesh Ethernet Bridging with VLAN Tagging Issue

  Hi all.
  I'm a little stuck with a 4400 7.0.220.0 + RAP 1550 + MAP 1260 Ethernet bridging issue. I'm using the VLAN tagging functionality and I'm finding that periodically a VLAN that I've tagged on the MAP will deregister from the backhaul and stop passing traffic. If I go into the Mesh tab on the MAP, select the wired interface, remove the VLAN from the list of tagged VLAN IDs and then add it right back to the list, its starts passing traffic again.
  Has anyone else seen this? I can't find any relevant bugs.
  Justin

  Hi Saravanan,
  It is one RAP and three MAPs. After a TAC call and 30 hours of monitoring, my VLANs have remained registered. I think the issue was mismatched VLANs to bridge groups an it looks like the mesh bridge may be stable for now. Here is what I was seeing on the RAP and MAPs when the VLANs were deregistering unexpectedly. Notice how VLANs 2 and 10 are mapped to opposite bridge groups on the RAP and MAP:
  After I removed all the VLAN IDs from the Trunk configuration on the MAPs (through each AP's Mesh tab -- Ethernet Bridging config) and then rebuilt the VLAN IDs, I ran the same commands and now see this:
  My very unscientific theory here is that the mismatching was causing consistency checks to fail, so the RAP was just tearing down the registrations after getting bogus or non- responses from the MAPs during the periodic VLAN registration maintenance checks (debug mesh ethernet registration).
  If I have continued issues, I'll post back with updates.
  Thanks for the response!
  Justin

• SPAN / Monitor Ports - packet switched on Line Card

  Hi Forum,
  I got a quick SPAN / Monitor question. I need to create a monitor session where the source is a VLAN. The question is if the L2 source and destination are switched internally on a different linecard to the the monitor destination, then does the SPAN port know about it.
  I was wondering as in theory, the packet does not go on the backplane, then how does the switch monitor session know about it ??
  Graham

  Hi,
  In the Catalyst 6500 Series, it is important to note that egress SPAN is done on the supervisor. This allows all traffic subject to egress SPAN to be sent across the fabric to the supervisor and then to the SPAN destination port, which can use significant system resources and affect user traffic. Ingress SPAN will be done on ingress modules so SPAN performance would be the sum of all participating replication engines. The performance of the SPAN feature depends on the packet size and the type of ASIC available in the replication engine.
  See this link below that contains details about the SPAN on different platforms.
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml#topic6
  Regards,

• Vlan tag capturing

  I've been trying to capture the vlan tags on a trunk link using the wireshark and port mirroring with no success. Any ideas on what I'm doing wrong or what I'm missing .

  You should be looking for packets with ethertype 8100. Check the link for a wiki on this:
  http://en.wikipedia.org/wiki/IEEE_802.1Q#Frame_format
  Setting the monitor port to trunk mode is an experiment that's certainly worth trying. However, even if you are doing everything correctly, your PC adapter may not recognize the packets and ignore them.
  regards,
  Leo

• VLAN tags over Pseudowire

  I have an existing MPLS Pseudowire connection that I need to rework to be able to carry vlan tags instead of just plain L2 frames.
  Existing setup:
  ME3400 <-> 7206VXR <-> 7206VXR <-> ME3400
  The ME3400's customer facing int tags incoming frames, which go over a trunk interface to a 7206VXR subint. The subint is conf'd for pseudowire p2p to the remote 7206VXR which has an identical setup. Subint on a trunk int to a ME3400, cust facing int tied to a matching vlan.
  My thought is use QinQ on the switches, with the question being will the 7206s correctly strip off one vlan tag layer, encapsulate the remaining vlan tagged L2 frame for psuedowire, and on the remote end take the pesuedowire packet, decapsulate it, add on the QinQ tag, and shove it back out to the switch? I won't know ahead of time what vlan tags the customer will be looking to pass, so I need to be able to support whatever they try to throw across this link.

  Hi,
  You can definitely do that, The pseudowire has 2 labels , the outer label represent the (tunnel label), the inner label represent the (Vc label).
  The egress 7206Vxr performs lookup at Vc label and forward the frames un labeled to the ME3400.
  On the other hand, with QinQ, the customer vlan access port is tunneled across the Service provider Network, this has no affect in your MPLS Forwarding which done at the vxr7206, The outer vlan tag(tagged by the service provider) is stripped out when the frames forwarded firstly unlabeled to the ME3400 at the egress tunnel interface , the inner vlan tag (customer tag) is forwarded untouched (preserved) to the ingress ME3400 interface.
  So, from different point,the MPLS provider is transparent for the Customer Vlan traffic even within the MPLS forwarding LSRs, The Only vlan that is binded to the inner label (Vc label) is the service provider access vlan provided to each customer.
  HTH
  Mohamed

• 7600 second-dot1q & vlan tag manipulation

  Hi,
  Does anyone know what the hardware requirements are for using config such as "sencapsulation dot1Q 660 second-dot1q 1" or any of the "service instance" commands such as below to manipulate dot1q tags?
  Im running 7600 with SIP-400, IOS 12.2(33)SRD and there are no such commands available at the cli. Suspect ES-20 is needed as a minimum but can't see this mentioned in any docs.
  interface FastEthernet1/0.660
  encapsulation dot1Q 660 second-dot1q 1
  OR
  interface GigabitEthernet3/0/0
  description Sample Configs
  service instance 1 ethernet
  encapsulation untagged
  rewrite ingress tag push dot1q 3 symmetric
  xconnect 10.30.30.173 2 encapsulation mpls
  service instance 10 ethernet
  encapsulation dot1q 10
  rewrite ingress tag pop 1 symmetric
  bridge-domain 500 split-horizon
  service instance 20 ethernet
  encapsulation dot1q 20 second-dot1q 200
  rewrite ingress tag pop 1 symmetric
  bridge-domain 500 split-horizon
  service instance 30 ethernet
  encapsulation dot1q 20 second-dot1q any
  rewrite ingress tag pop 1 symmetric
  bridge-domain 500 split-horizon
  I just need to pop the service vlan tag. At the moment I'm using a port per service to peel off the outer tag and this approach isn't going to scale.
  Appreciate any advice on this.
  Cheers
  Kent.

  Hi Jerry,
  I believe - about to test it - that this only works with SPA-v2 interfaces. I was testing with a SPA-v1 interface previously. Is this your understanding? Docs are pretty light on with hardware requirements.
  Show ver:
  Cisco IOS Software, c7600s3223_rp Software (c7600s3223_rp-ADVIPSERVICES-M), Version 12.2(33)SRD, RELEASE SOFTWARE (fc2)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2008 by Cisco Systems, Inc.
  Compiled Thu 23-Oct-08 22:32 by prod_rel_team
  ROM: System Bootstrap, Version 12.2(17r)SX3, RELEASE SOFTWARE (fc1)
  pe1.lab uptime is 19 hours, 5 minutes
  Uptime for this control processor is 19 hours, 5 minutes
  System returned to ROM by power-on (SP by power-on)
  System restarted at 17:09:22 EST Mon Jul 27 2009
  System image file is "bootdisk:c7600s3223-advipservices-mz.122-33.SRD.bin"
  Last reload type: Normal Reload
  cisco CISCO7606-S (R7000) processor (revision 1.0) with 458752K/65536K bytes of memory.
  Processor board ID FOX11310AY3
  R7000 CPU at 300Mhz, Implementation 0x27, Rev 3.3, 256KB L2, 1024KB L3 Cache
  Last reset from power-on
  1 SIP-400 controller (4 GigabitEthernet).
  10 Virtual Ethernet interfaces
  125 Gigabit Ethernet interfaces
  1915K bytes of non-volatile configuration memory.
  65536K bytes of Flash internal SIMM (Sector size 512K).
  Configuration register is 0x2102
  Modules are now:
  7600-SIP-400 and SPA-2X1GE-V2

• Does Cisco7200VXR support feature Q-in-Q VLAN tag termination?

  There is only 10000ESR platform support announced in feature guide and no information in Feature Navigator tool...
  http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps5207/products_feature_guide09186a00801f0f4a.html

  Hi there,
  Well.. it seems this feature has several names:
  "Cisco IOS Software Releases 12.3 T - IEEE 802.1Q-in-Q VLAN Tag Termination"
  http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801f0f4a.html
  "Cisco IOS Software Releases 12.0 S - Stacked VLAN Processing"
  http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a008021b9ee.html
  But I can't find any reference to the 7200 having support for it... though many others has it.. mainly switches.. not too surprising.. :)
  Did it help?

• Installing OVM X86 3.1.1 with Trunk VLAN tag for ovm management network

  Hi Guys
  Can anyone help with network config on the OVM server 3.1.1 basically we need to use vlan tags on trunk port... so i have a subnet from following *(Trunk Allowed VLAN XXX)* from which i need to allocate IP for the OVM server component so that the ovm manager can find the OVM server instance...
  Can you use vlan tags, on trunk port with OVM server 3.1.1???
  Thanks

  Your right there as i later found out the engineers weren't selecting the vlan option when installing the vm server...

• How to get vlan tag programe with mac book air

  how to get vlan tag programe with mac book air,i'm using the usb ethernet adapter

  For prompt help contact TATA.
  For more on this: https://discussions.apple.com/thread/3680625?tstart=270

• VLAN tagging for Desktops

  I have a test VDI 3.1.1 system set up and I have to say, I'm quite impressed. In about a day, I was able to serve Windows 7 desktops, something we can't do with our current VMware View setup. One apparent limitation I have run into, however, is 802.1q VLAN tagging support for Desktop NICs. I have created a 2-way aggregate on nxge0 and nxge1. The portchannel these are connected to is set up for 802.1q tagging, and Solaris is plumbed with aggr13001 to tag its packets with VLAN 13, for example. However, traffic from Desktops is not so tagged, so its packets go nowhere. Is there any way to define a VLAN for a given Desktop Pool? This is important for us, as we tend to keep server systems on campus-only subnets, while desktops get Internet-routed addresses.
  Thanks,
  Charles

  Aggregation shouldn't have any adverse effect here. You need to configure VDI to use the correct VLANs on a per Pools basis. In the VDI Manager first navigate to the Desktop Provider -> Networks tab and 'Refresh' the networks. This will scan all VirtualBox hosts in the provider for currently plumbed interfaces, each of which will be listed by their subnet.
  After all networks are detected navigate to the Pool -> Settings tab and select 'Host Networking' followed by the required subnet(s). The primary subnet listed here is used for RDP connections.

• Transport dot1q vlan tagging over wan link

  Hi,
  I would like to transport 802.1Q vlan tagging over a wan link, is it possible ?
  I heard about l2tp V3...
  Best regards

  Hi,
  You would have to use a technology such as Ethernet over MPLS (EoMPLS) or VPLS. This technology is referred to as Layer 2 VPNs. You can get more info on this at the following locations:
  EoMPLS (part of the Cisco Any Transport over ATM suite):
  http://www.cisco.com/en/US/products/ps6646/products_ios_protocol_option_home.html
  VPLS:
  http://www.cisco.com/en/US/products/ps6648/products_ios_protocol_option_home.html
  Hope that helps - pls rate the post if it does.
  Regards,
  Paresh

• VLAN Tagging

  I am trying to utilize a wireless device in a customer site that extends VLAN to the wireless infrastructure. My device does not support VLAN Tagging, so it will not work. My question is this: Is this the norm, requireing end-point devices to insert VLAN Tags in the normal ethernet frame, or do most environments perform the Tag insertion/stripping at teh acces point level. Since they can use multiplpe SSIDs on their access points, can a new SSID be set up for another wireless VLAN that does not require VLAN Tagging?

  In a Cisco environment you configure your VLANs on your switches and configure the switchport the AP is connected to as a trunk port. On the AP you define the VLANs and SSIDs and tie each SSID to a VLAN. End devices connect to an SSID and when connected to that SSID are automatically connected to it's matching VLAN. The end device (be it a PC, barcode reader or whatever) doesn't need to know anything about VLANs or which VLAN it needs to connect to, as long as it's associated to the correct SSID it will be on the correct VLAN.

• Cisco RV180 VLAN tagging WAN interface

  Is there by any chance in the future firmware update that this product (RV180) will be able to support VLAN tagging on WAN interface like the Cisco's RV315W router? ISP in Singapore (Singtel) and Malaysia(Unifi) (http://klseet.com/index.php/mikrotik/mikrotik-rb750-750g/setup-for-unifi) requires certain type of vlan tagging on the WAN interface for it to work. 
  Is there any workaround to this?

  I tried with only two vlans and set the DHCP active only for the office "vlan2". Computers receive the correct ip but some of them won't register on the network, i tried to set the ip manualy on the computers but that computer will still be isolated.
  Ex: computer A receives ip 192.168.10.25, Subnet 255.255.255.0, Gateway 192.168.10.1, for 2-3 minutes i can access the router on 192.168.10.1 and the internet, after a random time interval the gateway won't even respond to ping.It's not from firewall related issues as i set to accept all both incoming and outgoing. If i set a manual ip corresponding to vlan1 "default" everything works.It's like that computer is isolated so i believe it has to do with the asignment of Tagged, untagged and Excluded settings on the vlans.