From: Pavel Bykov (slidersv@gmail.com)
Date: Fri Dec 12 2008 - 11:38:33 ARST
I trust SPAN enough, but ok, i'm going to go find a hub, and reply in a
minute
On Fri, Dec 12, 2008 at 2:17 PM, Carlos G Mendioroz <tron@huapi.ba.ar>wrote:
> Pavel,
> 1) I do see tags in the trace (otherwise I could not see the 802.1p,
> right ?)
> I don't follow your logic on the SPAN, but alas, you are using it,
> so may be YOU are for a surprise here. Find a hub, do a real trace,
> and then we see if the issue is SPAN, or different IOS, or what.
>
> 2) I know. In fact, I posted about this issue a couple a week ago.
> And yes, you can use windows. Just with the right hardware/drivers.
> I'm using an Intel pro quad with no problem in seeing tags (wireshark
> 1.1.1)
>
> 3) I'm not using SPAN, cause I confronted this same issues a week ago.
>
> Let's try to find where is the issue, w/o finger pointing, yep ?
>
> -Carlos
>
> Pavel Bykov @ 12/12/2008 11:09 -0200 dixit:
> > 1. Try monitoring some trunk first first, i think you may be surprised,
> > that you won't see tags there as well.
> > For SPAN requirements are that either SPAN destination has to be "mode
> > turnk" or you can force tag propagation using "monitor session 1
> > destination interface fa x/x encapsulation replicate". That
> > encapsulation replicate does the trick. So SPAN does not add tags, only
> > removes them.
> >
> > 2. You need operating system that can receive tags - i.e. Not Windows
> > (you need to alter windows for this).
> >
> > 3. Just as completeness: SW was 2960 with 12.2(44), but i'm pretty sure
> > you'll find what's wrong with #1 or #2
> > SPAN config:
> > monitor session 1 source interface fast 0/13 both
> > monitor session 1 destination interface fa 0/2 encapsulation replicate
> >
> > On Fri, Dec 12, 2008 at 1:53 PM, Carlos G Mendioroz <tron@huapi.ba.ar
> > <mailto:tron@huapi.ba.ar>> wrote:
> >
> > Ouch, that hurts... (I'm a very sensitive person, and
> > that "you are not correct" bounced into my ego shield :)
> >
> > May I ask how did you got the trace ?
> > Cause if you are using SPAN, it might be adding tags.
> >
> > At least for me, monitoring using a hub between phone and switch,
> > with a 2950 running 12.1(22)EA12, frames from switch to phone are
> > not tagged when using voice vlan dot1p.
> >
> > -Carlos
> >
> > Pavel Bykov @ 12/12/2008 10:23 -0200 dixit:
> > > Ok. Because this interested me I sniffed the behaviour.
> > > Carlos, you are not correct - see the sniff output below
> > > The stup was very simple SW---PHONE---PC
> > >
> > > 1. Switch config:
> > > interface FastEthernet0/13
> > > switchport access vlan 600
> > > switchport voice vlan dot1p
> > > spanning-tree portfast
> > > end
> > >
> > > 2. Switch sends CDP packet to the phone with "VoIP VLAN Reply"
> > field set
> > > to 0, and "Native VLAN: 600"
> > >
> > > 3. IPPhone encapsulates all traffic that it sends with 802.1Q with
> > VlanID=0:
> > > 802.1Q Virtual LAN, PRI: 3, CFI: 0, ID: 0
> > > 011. .... .... .... = Priority: 3
> > > ...0 .... .... .... = CFI: 0
> > > .... 0000 0000 0000 = ID: 0
> > > Type: IP (0x0800)
> > >
> > > therefore, it can use 802.1p inside 802.1Q
> > > Switch accepts this traffic.
> > >
> > > 4. All traffic from PC is being forwarded untagged to the switch
> > >
> > > 5. All traffic that is going from switch to the IPPhone, or PC
> behind
> > > that IP Phone is TAGGED WTIH VLAN600 (because in this case it's
> access
> > > vlan 600)
> > > 802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 600
> > > 000. .... .... .... = Priority: 0
> > > ...0 .... .... .... = CFI: 0
> > > .... 0010 0101 1000 = ID: 600
> > > Type: IP (0x0800)
> > >
> > > This is not what I expected at all
> > >
> > > So basically:
> > > IPPhone --> SW = 802.1Q with VLAN ID 0
> > > PC --> IPPhone --> SW = No 802.1Q tag
> > > SW --> IPPhone --> PC = 802.1Q tag with VLAN ID 600
> > > SW --> IPPhone = 802.1Q tag with VLAN ID 600
> > >
> > > wow....
> > >
> > > On Mon, Dec 8, 2008 at 11:08 PM, Hobbs <deadheadblues@gmail.com
> > <mailto:deadheadblues@gmail.com>
> > > <mailto:deadheadblues@gmail.com <mailto:deadheadblues@gmail.com>>>
> > wrote:
> > >
> > > Thanks Carlos. That's what I was looking for.
> > >
> > > On Mon, Dec 8, 2008 at 3:05 PM, Carlos G Mendioroz
> > <tron@huapi.ba.ar <mailto:tron@huapi.ba.ar>
> > > <mailto:tron@huapi.ba.ar <mailto:tron@huapi.ba.ar>>> wrote:
> > >
> > > > Hobbs,
> > > > VLAN 0 is not a VLAN, is just a filler for the VLAN ID that
> > is not
> > > being
> > > > used. The port is an access port, the VLAN is whichever you
> > > assigned to it.
> > > >
> > > > Traffic being sent to the phone is not tagged.
> > > >
> > > > -Carlos
> > > >
> > > > Hobbs @ 8/12/2008 19:41 -0200 dixit:
> > > > > Thank you Alexei.
> > > > >
> > > > > But how does traffic get TO or FROM this port with vlan 0
> > tagged?
> > > > > How does it learn MAC addresses on this vlan? Does it send
> it
> > > out all
> > > > trunk
> > > > > ports?
> > > > > "Show interface trunk" does not show vlan 0 as allowed or
> > active...
> > > > >
> > > > >
> > > > > On Mon, Dec 8, 2008 at 2:17 PM, Alexei Monastyrnyi
> > > <alexeim73@gmail.com <mailto:alexeim73@gmail.com>
> > <mailto:alexeim73@gmail.com <mailto:alexeim73@gmail.com>>
> > > > >wrote:
> > > > >
> > > > >> Hobbs,
> > > > >> as per 3550/3560 configuration guide:
> > > > >>
> > > > >> "Instruct the switch port to use 802.1P priority tagging
> > for voice
> > > > traffic
> > > > >> and to use the default native VLAN (VLAN 0) to carry all
> > > traffic. By
> > > > >> default, the Cisco IP phone forwards the voice traffic
> > with an
> > > 802.1P
> > > > >> priority of 5."
> > > > >>
> > > > >> HTH
> > > > >>
> > > > >> A.
> > > > >>
> > > > >>
> > > > >> Hobbs wrote:
> > > > >>
> > > > >>> Disregard the first question...I had a freakin' ACL on
> > R2. So
> > > the test
> > > > is
> > > > >>> GOOD.
> > > > >>>
> > > > >>> My question number 2 still remains...
> > > > >>>
> > > > >>> thank you,
> > > > >>>
> > > > >>>
> > > > >>> On Mon, Dec 8, 2008 at 2:04 PM, Hobbs
> > <deadheadblues@gmail.com <mailto:deadheadblues@gmail.com>
> > > <mailto:deadheadblues@gmail.com
> > <mailto:deadheadblues@gmail.com>>> wrote:
> > > > >>>
> > > > >>>
> > > > >>>
> > > > >>>> Hello my friends,
> > > > >>>>
> > > > >>>> I have 2 questions regarding voice vlans:
> > > > >>>>
> > > > >>>> 1) Is it possible to test voice vlan by using
> subinterface
> > > and dot1q
> > > > >>>> encapsulation on a router port:
> > > > >>>>
> > > > >>>> R1----SW1----SW2----R2
> > > > >>>>
> > > > >>>> R1 has a subinterface with "encap dot1q 2".
> > > > >>>> SW1 has "voice vlan 2" on port to R1.
> > > > >>>> Link SW1-SW2 is a trunk with all VLANs allowed.
> > > > >>>> R2 is in vlan 2.
> > > > >>>>
> > > > >>>> R1's config:
> > > > >>>>
> > > > >>>> interface Ethernet0/0
> > > > >>>> !
> > > > >>>> interface Ethernet0/0.2
> > > > >>>> encapsulation dot1Q 2
> > > > >>>> ip address 139.1.2.101 <http://139.1.2.101>
> > <http://139.1.2.101> 255.255.255.0 <http://255.255.255.0>
> > > <http://255.255.255.0>
> > > > >>>>
> > > > >>>> SW1:
> > > > >>>>
> > > > >>>> interface FastEthernet0/1
> > > > >>>> switchport access vlan 11
> > > > >>>> switchport mode access
> > > > >>>> switchport voice vlan 2
> > > > >>>> spanning-tree portfast
> > > > >>>>
> > > > >>>> Should R1 be able to ping R2 at 139.1.2.2
> > <http://139.1.2.2> <http://139.1.2.2>
> > > ? As of right now, I am not
> > > > >>>> able
> > > > >>>> to. When I debug icmp, packets from R2 reach R1, but
> > packets
> > > from R1
> > > > >>>> never
> > > > >>>> get to R2. Looks like SW1 is not sending packets from
> the
> > > voice vlan
> > > > over
> > > > >>>> its trunk to SW2.
> > > > >>>>
> > > > >>>> 2) What vlan # is used when you configure "switchport
> > voice vlan
> > > > dot1p"?
> > > > >>>> How does the switch know when to send traffic TO this
> > port on the
> > > > voice
> > > > >>>> vlan.
> > > > >>>>
> > > > >>>> thank you,
> > > > >>>>
> > > > >>>>
> > > > >>>
> > > > >>> Blogs and organic groups at http://www.ccie.net
> > > > >>>
> > > > >>>
> > >
> >
> _______________________________________________________________________
> > > > >>> Subscription information may be found at:
> > > > >>> http://www.groupstudy.com/list/CCIELab.html
> > > > >
> > > > >
> > > > > Blogs and organic groups at http://www.ccie.net
> > > > >
> > > > >
> > >
> >
> _______________________________________________________________________
> > > > > Subscription information may be found at:
> > > > > http://www.groupstudy.com/list/CCIELab.html
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > > --
> > > > Carlos G Mendioroz <tron@huapi.ba.ar
> > <mailto:tron@huapi.ba.ar> <mailto:tron@huapi.ba.ar
> > <mailto:tron@huapi.ba.ar>>>
> > > LW7 EQI Argentina
> > >
> > >
> > > Blogs and organic groups at http://www.ccie.net
> > >
> > >
> >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > --
> > > Pavel Bykov
> > > ----------------
> > > Don't forget to help stopping the braindumps, use of which reduces
> > value
> > > of your certifications. Sign the petition at
> > http://www.stopbraindumps.com/
> >
> > --
> > Carlos G Mendioroz <tron@huapi.ba.ar <mailto:tron@huapi.ba.ar>>
> > LW7 EQI Argentina
> >
> >
> >
> >
> > --
> > Pavel Bykov
> > ----------------
> > Don't forget to help stopping the braindumps, use of which reduces value
> > of your certifications. Sign the petition at
> http://www.stopbraindumps.com/
>
> --
> Carlos G Mendioroz <tron@huapi.ba.ar> LW7 EQI Argentina
>
-- Pavel Bykov ---------------- Don't forget to help stopping the braindumps, use of which reduces value of your certifications. Sign the petition at http://www.stopbraindumps.com/Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:08 ARST