From: Antonio Soares (amsoares@netcabo.pt)
Date: Sat Nov 17 2007 - 14:30:07 ART
The traffic is actually sent to R6 but you don't see anything because R6
silently drops it:
+++++++++++++++++++++++++++
Ping from R1 to R2
+++++++++++++++++++++++++++
R1#ping 12.12.12.2 re 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 12.12.12.2, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (1000/1000), round-trip min/avg/max = 1/1/4 ms
R1#
+++++++++++++++++++++++++++
SW1#sh runn | inc monitor
monitor session 1 source vlan 12 rx
monitor session 1 destination interface Gi0/6
SW1#
+++++++++++++++++++++++++++
SW1#sh int g0/6
GigabitEthernet0/6 is up, line protocol is down (monitoring)
Hardware is Gigabit Ethernet, address is 0019.e87c.d306 (bia
0019.e87c.d306)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:05:35, output 00:04:49, output hang never
Last clearing of "show interface" counters 00:00:11
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 7000 bits/sec, 8 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
2002 packets output, 236128 bytes, 0 underruns <------------ 1000 echos
from R1 + 1000 echo-replies from R2
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
SW1#
+++++++++++++++++++++++++++
If you replace R6 with a sniffer, you will see the traffic.
Regards,
Antonio Soares
CCIE #18473 (R&S),CCNP,CCIP,JNCIA-ER
http://pwp.netcabo.pt/amsoares/
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Ernst Pelser
Sent: sabado, 17 de Novembro de 2007 16:51
To: ccielab@groupstudy.com
Subject: Monitor Ports
Hi
I have a question about monitoring ports (monitor session). I'm doing the
SPAN section where you have routers 1 and 2 connecting to switch 1 on port
f0/1 and f0/2 respectively. Then R6 connects to f0/6. The monitor session is
set up to with the source being VLAN12 which both R1 and R2 are part of. The
destination is F0/6 on SW (R6).
To verify we enable debugging on R6. Then we ping 255.255.255.255 from R1
and see traffic on R6. No problem there.
The question I have is, why don't you see traffic on R6 when you ping to
R2's IP from R1? Surely R6 should see that traffic as well?
Thanks, EP
This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:30 ART