From: GAURAV MADAN (gauravmadan1177@gmail.com)
Date: Tue Dec 09 2008 - 12:45:52 ARST
make sense
Thnx for providing clearification
On Tue, Dec 9, 2008 at 6:05 PM, Pavel Bykov <slidersv@gmail.com> wrote:
> Local span session means it is local to the switch, not local to the VLAN.
> The only thing switch looks at is switchport mode, if it's ACCESS or TRUNK.
> If It's access, the encapsulation of mirrored packets is stripped, unless
> "encapsulation replicate" keyword is used. If the mode is TRUNK, then the
> encapsulation is preserved.
>
> Now, for the experience part, here is a common example. Let's say you need
> to look if custommers are placed in correct QinQ tunnels and COS/EXP/DSCP
> are correct.
> You have one vlan (trunk) inside of another vlan (trunk) labeled with MPLS
> header.
> This is a local span session. What VLAN are you going to set your port to?
> What if you are mirroring many such ports, many p-vlans and even more
> c-vlans?
>
>
> On Mon, Dec 8, 2008 at 3:17 PM, GAURAV MADAN <gauravmadan1177@gmail.com>wrote:
>
>> Hi
>>
>> Thnx for the link
>> What I understand from :
>>
>> Source ports can be in the same or different VLANs.
>>
>> is that when one is creating SPAN session ; there can be multiple source
>> ports and these multiple source ports can be in diff vlan as well.
>>
>> With all respect to ur experience ; I seriously dont know why we allow
>> one vlan traffic to be mirrored out to a port which is in different vlan .
>> I am asking only for Local SPAN session .
>>
>> Gaurav Madan
>> On Mon, Dec 8, 2008 at 6:50 PM, Pavel Bykov <slidersv@gmail.com> wrote:
>>
>>> It's either an old book, or author made a mistake.
>>> I know from practical experience, that this is not a requirement.
>>>
>>> Also, please check out the following documents:
>>>
>>> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swspan.html#wp1036686
>>>
>>> Especially "Destination Port" and "Source port" requirements.
>>> E.g. there it states:
>>> Source ports can be in the same or different VLANs.
>>> etc.
>>> you can even sniff trunks with encapsulation.
>>>
>>>
>>> On Mon, Dec 8, 2008 at 2:10 PM, GAURAV MADAN <gauravmadan1177@gmail.com>wrote:
>>>
>>>> Hi
>>>>
>>>> I am really not sure .. where i read this (couldnt rrecollect)
>>>> just gava a random search in google and found :
>>>>
>>>>
>>>> http://books.google.com/books?id=-rnt_ik0mSYC&pg=PA482&lpg=PA482&dq=span+source+and+dest+in+same+vlan&source=web&ots=LDb-x54w0e&sig=1JJ9VIJEHHQOkugjl6QCVQ_nmyQ&hl=en&sa=X&oi=book_result&resnum=1&ct=result
>>>>
>>>> It states :
>>>>
>>>> SPAN dest port and SPAN source port need to be in same vlan.
>>>>
>>>> PLease do correct me in case i am wrong
>>>>
>>>> Gaurav Madan.
>>>> On Mon, Dec 8, 2008 at 4:42 PM, Pavel Bykov <slidersv@gmail.com>wrote:
>>>>
>>>>> Where did you read that they need to be in the same VLAN?
>>>>> That is not true.
>>>>> Right now you are receiving anything that flows through Fa 1/0/9.
>>>>> Are data really flowing through Fa 1/0/9?
>>>>>
>>>>> On Mon, Dec 8, 2008 at 12:07 PM, GAURAV MADAN <
>>>>> gauravmadan1177@gmail.com> wrote:
>>>>>
>>>>>> Hi Frnds
>>>>>>
>>>>>> Just to understand something better on SPAN ; I tested sniffing on a
>>>>>> port on
>>>>>> diff vlan (but landed in more confusion)
>>>>>>
>>>>>> i.e
>>>>>>
>>>>>> Rack1SW3(config)#do sh monitor sess 1
>>>>>> Session 1
>>>>>> ---------
>>>>>> Type : Local Session
>>>>>> Source Ports :
>>>>>> Both : Fa1/0/9
>>>>>> Destination Ports : Fa1/0/10
>>>>>> Encapsulation : Native
>>>>>> Ingress : Disabled
>>>>>>
>>>>>> Rack1SW3(config)#do sh run int f1/0/9
>>>>>> Building configuration...
>>>>>> Current configuration : 62 bytes
>>>>>> !
>>>>>> interface FastEthernet1/0/9
>>>>>> switchport access vlan 10
>>>>>> end
>>>>>> Rack1SW3(config)#do sh run int f1/0/10
>>>>>> Building configuration...
>>>>>> Current configuration : 62 bytes
>>>>>> !
>>>>>> interface FastEthernet1/0/10
>>>>>> switchport access vlan 2
>>>>>> end
>>>>>>
>>>>>> Rack1SW3(config)#do sh run int vlan 10
>>>>>> Building configuration...
>>>>>> Current configuration : 55 bytes
>>>>>> !
>>>>>> interface Vlan10
>>>>>> ip address 10.0.0.1 255.0.0.0
>>>>>> end
>>>>>>
>>>>>> I am just send some pkts from external source to 10.0.0.1 (src
>>>>>> 10.0.0.4 say
>>>>>> )
>>>>>> PC with etherial is connected to f1/0/10
>>>>>>
>>>>>> I am able to SNIFF .. Am i doing something wrong ..
>>>>>> As i understand SPAN source and dest need to be in same vlan .
>>>>>>
>>>>>> Gaurav Madan
>>>>>>
>>>>>>
>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>
>>>>>>
>>>>>> _______________________________________________________________________
>>>>>> Subscription information may be found at:
>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Pavel Bykov
>>>>> ----------------
>>>>> Don't forget to help stopping the braindumps, use of which reduces
>>>>> value of your certifications. Sign the petition at
>>>>> http://www.stopbraindumps.com/
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Pavel Bykov
>>> ----------------
>>> Don't forget to help stopping the braindumps, use of which reduces value
>>> of your certifications. Sign the petition at
>>> http://www.stopbraindumps.com/
>>>
>>
>>
>
>
> --
> Pavel Bykov
> ----------------
> Don't forget to help stopping the braindumps, use of which reduces value of
> your certifications. Sign the petition at http://www.stopbraindumps.com/
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:08 ARST