From: Pavel Bykov (slidersv@gmail.com)
Date: Tue Dec 09 2008 - 10:35:49 ARST
Local span session means it is local to the switch, not local to the VLAN.
The only thing switch looks at is switchport mode, if it's ACCESS or TRUNK.
If It's access, the encapsulation of mirrored packets is stripped, unless
"encapsulation replicate" keyword is used. If the mode is TRUNK, then the
encapsulation is preserved.
Now, for the experience part, here is a common example. Let's say you need
to look if custommers are placed in correct QinQ tunnels and COS/EXP/DSCP
are correct.
You have one vlan (trunk) inside of another vlan (trunk) labeled with MPLS
header.
This is a local span session. What VLAN are you going to set your port to?
What if you are mirroring many such ports, many p-vlans and even more
c-vlans?
On Mon, Dec 8, 2008 at 3:17 PM, GAURAV MADAN <gauravmadan1177@gmail.com>wrote:
> Hi
>
> Thnx for the link
> What I understand from :
>
> Source ports can be in the same or different VLANs.
>
> is that when one is creating SPAN session ; there can be multiple source
> ports and these multiple source ports can be in diff vlan as well.
>
> With all respect to ur experience ; I seriously dont know why we allow one
> vlan traffic to be mirrored out to a port which is in different vlan .
> I am asking only for Local SPAN session .
>
> Gaurav Madan
> On Mon, Dec 8, 2008 at 6:50 PM, Pavel Bykov <slidersv@gmail.com> wrote:
>
>> It's either an old book, or author made a mistake.
>> I know from practical experience, that this is not a requirement.
>>
>> Also, please check out the following documents:
>>
>> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swspan.html#wp1036686
>>
>> Especially "Destination Port" and "Source port" requirements.
>> E.g. there it states:
>> Source ports can be in the same or different VLANs.
>> etc.
>> you can even sniff trunks with encapsulation.
>>
>>
>> On Mon, Dec 8, 2008 at 2:10 PM, GAURAV MADAN <gauravmadan1177@gmail.com>wrote:
>>
>>> Hi
>>>
>>> I am really not sure .. where i read this (couldnt rrecollect)
>>> just gava a random search in google and found :
>>>
>>>
>>> http://books.google.com/books?id=-rnt_ik0mSYC&pg=PA482&lpg=PA482&dq=span+source+and+dest+in+same+vlan&source=web&ots=LDb-x54w0e&sig=1JJ9VIJEHHQOkugjl6QCVQ_nmyQ&hl=en&sa=X&oi=book_result&resnum=1&ct=result
>>>
>>> It states :
>>>
>>> SPAN dest port and SPAN source port need to be in same vlan.
>>>
>>> PLease do correct me in case i am wrong
>>>
>>> Gaurav Madan.
>>> On Mon, Dec 8, 2008 at 4:42 PM, Pavel Bykov <slidersv@gmail.com>wrote:
>>>
>>>> Where did you read that they need to be in the same VLAN?
>>>> That is not true.
>>>> Right now you are receiving anything that flows through Fa 1/0/9.
>>>> Are data really flowing through Fa 1/0/9?
>>>>
>>>> On Mon, Dec 8, 2008 at 12:07 PM, GAURAV MADAN <
>>>> gauravmadan1177@gmail.com> wrote:
>>>>
>>>>> Hi Frnds
>>>>>
>>>>> Just to understand something better on SPAN ; I tested sniffing on a
>>>>> port on
>>>>> diff vlan (but landed in more confusion)
>>>>>
>>>>> i.e
>>>>>
>>>>> Rack1SW3(config)#do sh monitor sess 1
>>>>> Session 1
>>>>> ---------
>>>>> Type : Local Session
>>>>> Source Ports :
>>>>> Both : Fa1/0/9
>>>>> Destination Ports : Fa1/0/10
>>>>> Encapsulation : Native
>>>>> Ingress : Disabled
>>>>>
>>>>> Rack1SW3(config)#do sh run int f1/0/9
>>>>> Building configuration...
>>>>> Current configuration : 62 bytes
>>>>> !
>>>>> interface FastEthernet1/0/9
>>>>> switchport access vlan 10
>>>>> end
>>>>> Rack1SW3(config)#do sh run int f1/0/10
>>>>> Building configuration...
>>>>> Current configuration : 62 bytes
>>>>> !
>>>>> interface FastEthernet1/0/10
>>>>> switchport access vlan 2
>>>>> end
>>>>>
>>>>> Rack1SW3(config)#do sh run int vlan 10
>>>>> Building configuration...
>>>>> Current configuration : 55 bytes
>>>>> !
>>>>> interface Vlan10
>>>>> ip address 10.0.0.1 255.0.0.0
>>>>> end
>>>>>
>>>>> I am just send some pkts from external source to 10.0.0.1 (src
>>>>> 10.0.0.4 say
>>>>> )
>>>>> PC with etherial is connected to f1/0/10
>>>>>
>>>>> I am able to SNIFF .. Am i doing something wrong ..
>>>>> As i understand SPAN source and dest need to be in same vlan .
>>>>>
>>>>> Gaurav Madan
>>>>>
>>>>>
>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>
>>>>> _______________________________________________________________________
>>>>> Subscription information may be found at:
>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Pavel Bykov
>>>> ----------------
>>>> Don't forget to help stopping the braindumps, use of which reduces value
>>>> of your certifications. Sign the petition at
>>>> http://www.stopbraindumps.com/
>>>>
>>>
>>>
>>
>>
>> --
>> Pavel Bykov
>> ----------------
>> Don't forget to help stopping the braindumps, use of which reduces value
>> of your certifications. Sign the petition at
>> http://www.stopbraindumps.com/
>>
>
>
-- Pavel Bykov ---------------- Don't forget to help stopping the braindumps, use of which reduces value of your certifications. Sign the petition at http://www.stopbraindumps.com/Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:08 ARST