Re: Confusion with VLAN traffic - IETL-RS v4 SPAN

From: Ronnie Angello (ronnie.angello@gmail.com)
Date: Wed Jan 24 2007 - 10:54:34 ART

• Next message: Ronnie Angello: "Re: Confusion with VLAN traffic - IETL-RS v4 SPAN"
• Previous message: cstubbs@tampabay.rr.com: "Netmasters and other CCIE bootcamps"
• Maybe in reply to: Fabrice Paz: "Confusion with VLAN traffic - IETL-RS v4 SPAN"
• Next in thread: Ronnie Angello: "Re: Confusion with VLAN traffic - IETL-RS v4 SPAN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Actually it is documented that the 3560 supports monitoring of both tx and
rx traffic for source VLANs. The 3550 does not.

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12225see/scg/swsp
an.htm

 Source VLANs

VLAN-based SPAN (VSPAN) is the monitoring of the network traffic in one or
more VLANs. The SPAN or RSPAN source interface in VSPAN is a VLAN ID, and
traffic is monitored on all the ports for that VLAN.

VSPAN has these characteristics:

All active ports in the source VLAN are included as source ports and can be
monitored in either or both directions.

On a given port, only traffic on the monitored VLAN is sent to the
destination port.

If a destination port belongs to a source VLAN, it is excluded from the
source list and is not monitored.

If ports are added to or removed from the source VLANs, the traffic on the
source VLAN received by those ports is added to or removed from the sources
being monitored.

You cannot use filter VLANs in the same session with VLAN sources.

You can monitor only Ethernet VLANs.

On 1/24/07, Fabrice Paz <fabrice.paz@googlemail.com> wrote:
>
> Thanks all,
>
> It's really clear on the Cisco web site that you can only monitor received
> traffic on a VLAN, by this I understand received traffic on the switchport
> belonging to that particular VLAN.
>
> The only weird thing is that from where I have done the test the switch
> still give me the option to set both, rx and tx.
>
> Switch1Rack1(config)#monitor session 1 source vlan 12 ?
> , Specify another range of VLANs
> - Specify a range of VLANs
> both Monitor received and transmitted traffic
> rx Monitor received traffic only
> tx Monitor transmitted traffic only
> <cr>
>
>
> Not sure if this is because I am running a WS-C3560-48TS with
> c3560-advipservicesk9-mz.122-25.SEE2.
> You have seen already my results showing the three different
> possibilities, since the results are different I guess that this might be a
> new feature that Cisco didn't documented yet and will assume that from this
> version you can also monitor sent traffic on a VLAN.
>
> Thanks,
>
> Fab
>
>
>
>
> On 24/01/07, Ronnie Angello <ronnie.angello@gmail.com> wrote:
> >
> > You can only monitor rx traffic on VLANs.
> >
> >
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225see/scg/swspan
.htm#wp1403438
> >
> >
> > In fact, I'm unable to configure the monitor session source VLAN without
> > specifying rx.
> >
> > CAT1(config)#monitor session 1 source vlan 10 ?
> > , Specify another range of VLANs
> > - Specify a range of VLANs
> > rx Monitor received traffic only
> >
> > CAT1(config)#monitor session 1 source vlan 10
> > % Incomplete command.
> >
> > CAT1(config)#monitor session 1 source vlan 10 rx
> > CAT1(config)#
> > Ronnie
> >
> > On 1/23/07, Fabrice Paz < fabrice.paz@googlemail.com> wrote:
> >
> > > Hi GS,
> > >
> > > I have a problem understanding VLAN traffic, here the question
> > >
> > > R6
> > > |
> > > |
> > > |Fa0/6
> > > R1--------------SW1--------------R2
> > >
> > > R1 and R2 are both in VLAN12 ( 12.0.0.1/8 & 12.0.0.2/8)
> > >
> > > Configure SPAN on SW1 to redirect all traffic from VLAN 12 to R6
> > >
> > >
> > > My answer to that is;
> > > monitor session 1 source vlan 12
> > > monitor session 1 destination interface Fa0/6
> > >
> > > The correct answer is;
> > > monitor session 1 source vlan 12 rx
> > > monitor session 1 destination interface Fa0/6
> > >
> > > 1) Should I understand the question as "Configure SPAN on SW1 to
> > > redirect
> > > all traffic leaving VLAN 12 to R6"?
> > > 2) There is no SVI on the topology, if my poitn 1) is right is that
> > > making
> > > sense to put an rx or tx for this kind of question?
> > >
> > >
> > > To try to understand I have done the folowing test (I have removed
> > > keepalive
> > > from all interface involved)
> > >
> > > from R1 "ping 12.0.0.2 repeat 20" while SW1 is "monitor session 1
> > > source
> > > vlan 12 rx" a "show int Fa0/6" on SW1 show 40 packet output
> > > from R1 "ping 12.0.0.2 repeat 20" while SW1 is "monitor session 1
> > > source
> > > vlan 12 tx" a "show int Fa0/6" on SW1 show 40 packet output
> > > from R1 "ping 12.0.0.2 repeat 20" while SW1 is "monitor session 1
> > > source
> > > vlan 12" a "show int Fa0/6" on SW1 show 80 packet output
> > >
> > > Results are exactly the same when pinging 255.255.255.255 from R1 in
> > > the
> > > three scenarios. It's clear that rx an tx are affecting something
> > >
> > > 3) Any idea of what rx and tx mean in the case VLAN
> > > 4) Considering that "monitor session 1 source vlan 12" include both rx
> > > and
> > > tx would that fail the task at the exam if they are expecting rx to be
> > > set?
> > >
> > > Thanks,
> > >
> > > Fab
> > >
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html

• Next message: Ronnie Angello: "Re: Confusion with VLAN traffic - IETL-RS v4 SPAN"
• Previous message: cstubbs@tampabay.rr.com: "Netmasters and other CCIE bootcamps"
• Maybe in reply to: Fabrice Paz: "Confusion with VLAN traffic - IETL-RS v4 SPAN"
• Next in thread: Ronnie Angello: "Re: Confusion with VLAN traffic - IETL-RS v4 SPAN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:57 ART