From: Pavel Bykov (slidersv@gmail.com)
Date: Fri Dec 12 2008 - 12:24:39 ARST
wow.... omfg... you were right. SPAN failed me.
Using a HUB the answer is different and much more logical
PC -- > IPPhone --> SW = no 802.1Q
IPPhone --> SW = 802.1Q VLAN ID 0
SW -- > IPPhone = no 802.1Q
SW -- > IPPhone --> PC = no 802.1Q (almost definitely - although not tested)
SPAN was adding a 802.1Q tag to all packets that were outgoing from the
switch port.
On Fri, Dec 12, 2008 at 2:38 PM, Pavel Bykov <slidersv@gmail.com> wrote:
> I trust SPAN enough, but ok, i'm going to go find a hub, and reply in a
> minute
>
>
> On Fri, Dec 12, 2008 at 2:17 PM, Carlos G Mendioroz <tron@huapi.ba.ar>wrote:
>
>> Pavel,
>> 1) I do see tags in the trace (otherwise I could not see the 802.1p,
>> right ?)
>> I don't follow your logic on the SPAN, but alas, you are using it,
>> so may be YOU are for a surprise here. Find a hub, do a real trace,
>> and then we see if the issue is SPAN, or different IOS, or what.
>>
>> 2) I know. In fact, I posted about this issue a couple a week ago.
>> And yes, you can use windows. Just with the right hardware/drivers.
>> I'm using an Intel pro quad with no problem in seeing tags (wireshark
>> 1.1.1)
>>
>> 3) I'm not using SPAN, cause I confronted this same issues a week ago.
>>
>> Let's try to find where is the issue, w/o finger pointing, yep ?
>>
>> -Carlos
>>
>> Pavel Bykov @ 12/12/2008 11:09 -0200 dixit:
>> > 1. Try monitoring some trunk first first, i think you may be surprised,
>> > that you won't see tags there as well.
>> > For SPAN requirements are that either SPAN destination has to be "mode
>> > turnk" or you can force tag propagation using "monitor session 1
>> > destination interface fa x/x encapsulation replicate". That
>> > encapsulation replicate does the trick. So SPAN does not add tags, only
>> > removes them.
>> >
>> > 2. You need operating system that can receive tags - i.e. Not Windows
>> > (you need to alter windows for this).
>> >
>> > 3. Just as completeness: SW was 2960 with 12.2(44), but i'm pretty sure
>> > you'll find what's wrong with #1 or #2
>> > SPAN config:
>> > monitor session 1 source interface fast 0/13 both
>> > monitor session 1 destination interface fa 0/2 encapsulation replicate
>> >
>> > On Fri, Dec 12, 2008 at 1:53 PM, Carlos G Mendioroz <tron@huapi.ba.ar
>> > <mailto:tron@huapi.ba.ar>> wrote:
>> >
>> > Ouch, that hurts... (I'm a very sensitive person, and
>> > that "you are not correct" bounced into my ego shield :)
>> >
>> > May I ask how did you got the trace ?
>> > Cause if you are using SPAN, it might be adding tags.
>> >
>> > At least for me, monitoring using a hub between phone and switch,
>> > with a 2950 running 12.1(22)EA12, frames from switch to phone are
>> > not tagged when using voice vlan dot1p.
>> >
>> > -Carlos
>> >
>> > Pavel Bykov @ 12/12/2008 10:23 -0200 dixit:
>> > > Ok. Because this interested me I sniffed the behaviour.
>> > > Carlos, you are not correct - see the sniff output below
>> > > The stup was very simple SW---PHONE---PC
>> > >
>> > > 1. Switch config:
>> > > interface FastEthernet0/13
>> > > switchport access vlan 600
>> > > switchport voice vlan dot1p
>> > > spanning-tree portfast
>> > > end
>> > >
>> > > 2. Switch sends CDP packet to the phone with "VoIP VLAN Reply"
>> > field set
>> > > to 0, and "Native VLAN: 600"
>> > >
>> > > 3. IPPhone encapsulates all traffic that it sends with 802.1Q with
>> > VlanID=0:
>> > > 802.1Q Virtual LAN, PRI: 3, CFI: 0, ID: 0
>> > > 011. .... .... .... = Priority: 3
>> > > ...0 .... .... .... = CFI: 0
>> > > .... 0000 0000 0000 = ID: 0
>> > > Type: IP (0x0800)
>> > >
>> > > therefore, it can use 802.1p inside 802.1Q
>> > > Switch accepts this traffic.
>> > >
>> > > 4. All traffic from PC is being forwarded untagged to the switch
>> > >
>> > > 5. All traffic that is going from switch to the IPPhone, or PC
>> behind
>> > > that IP Phone is TAGGED WTIH VLAN600 (because in this case it's
>> access
>> > > vlan 600)
>> > > 802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 600
>> > > 000. .... .... .... = Priority: 0
>> > > ...0 .... .... .... = CFI: 0
>> > > .... 0010 0101 1000 = ID: 600
>> > > Type: IP (0x0800)
>> > >
>> > > This is not what I expected at all
>> > >
>> > > So basically:
>> > > IPPhone --> SW = 802.1Q with VLAN ID 0
>> > > PC --> IPPhone --> SW = No 802.1Q tag
>> > > SW --> IPPhone --> PC = 802.1Q tag with VLAN ID 600
>> > > SW --> IPPhone = 802.1Q tag with VLAN ID 600
>> > >
>> > > wow....
>> > >
>> > > On Mon, Dec 8, 2008 at 11:08 PM, Hobbs <deadheadblues@gmail.com
>> > <mailto:deadheadblues@gmail.com>
>> > > <mailto:deadheadblues@gmail.com <mailto:deadheadblues@gmail.com
>> >>>
>> > wrote:
>> > >
>> > > Thanks Carlos. That's what I was looking for.
>> > >
>> > > On Mon, Dec 8, 2008 at 3:05 PM, Carlos G Mendioroz
>> > <tron@huapi.ba.ar <mailto:tron@huapi.ba.ar>
>> > > <mailto:tron@huapi.ba.ar <mailto:tron@huapi.ba.ar>>> wrote:
>> > >
>> > > > Hobbs,
>> > > > VLAN 0 is not a VLAN, is just a filler for the VLAN ID that
>> > is not
>> > > being
>> > > > used. The port is an access port, the VLAN is whichever you
>> > > assigned to it.
>> > > >
>> > > > Traffic being sent to the phone is not tagged.
>> > > >
>> > > > -Carlos
>> > > >
>> > > > Hobbs @ 8/12/2008 19:41 -0200 dixit:
>> > > > > Thank you Alexei.
>> > > > >
>> > > > > But how does traffic get TO or FROM this port with vlan 0
>> > tagged?
>> > > > > How does it learn MAC addresses on this vlan? Does it send
>> it
>> > > out all
>> > > > trunk
>> > > > > ports?
>> > > > > "Show interface trunk" does not show vlan 0 as allowed or
>> > active...
>> > > > >
>> > > > >
>> > > > > On Mon, Dec 8, 2008 at 2:17 PM, Alexei Monastyrnyi
>> > > <alexeim73@gmail.com <mailto:alexeim73@gmail.com>
>> > <mailto:alexeim73@gmail.com <mailto:alexeim73@gmail.com>>
>> > > > >wrote:
>> > > > >
>> > > > >> Hobbs,
>> > > > >> as per 3550/3560 configuration guide:
>> > > > >>
>> > > > >> "Instruct the switch port to use 802.1P priority tagging
>> > for voice
>> > > > traffic
>> > > > >> and to use the default native VLAN (VLAN 0) to carry all
>> > > traffic. By
>> > > > >> default, the Cisco IP phone forwards the voice traffic
>> > with an
>> > > 802.1P
>> > > > >> priority of 5."
>> > > > >>
>> > > > >> HTH
>> > > > >>
>> > > > >> A.
>> > > > >>
>> > > > >>
>> > > > >> Hobbs wrote:
>> > > > >>
>> > > > >>> Disregard the first question...I had a freakin' ACL on
>> > R2. So
>> > > the test
>> > > > is
>> > > > >>> GOOD.
>> > > > >>>
>> > > > >>> My question number 2 still remains...
>> > > > >>>
>> > > > >>> thank you,
>> > > > >>>
>> > > > >>>
>> > > > >>> On Mon, Dec 8, 2008 at 2:04 PM, Hobbs
>> > <deadheadblues@gmail.com <mailto:deadheadblues@gmail.com>
>> > > <mailto:deadheadblues@gmail.com
>> > <mailto:deadheadblues@gmail.com>>> wrote:
>> > > > >>>
>> > > > >>>
>> > > > >>>
>> > > > >>>> Hello my friends,
>> > > > >>>>
>> > > > >>>> I have 2 questions regarding voice vlans:
>> > > > >>>>
>> > > > >>>> 1) Is it possible to test voice vlan by using
>> subinterface
>> > > and dot1q
>> > > > >>>> encapsulation on a router port:
>> > > > >>>>
>> > > > >>>> R1----SW1----SW2----R2
>> > > > >>>>
>> > > > >>>> R1 has a subinterface with "encap dot1q 2".
>> > > > >>>> SW1 has "voice vlan 2" on port to R1.
>> > > > >>>> Link SW1-SW2 is a trunk with all VLANs allowed.
>> > > > >>>> R2 is in vlan 2.
>> > > > >>>>
>> > > > >>>> R1's config:
>> > > > >>>>
>> > > > >>>> interface Ethernet0/0
>> > > > >>>> !
>> > > > >>>> interface Ethernet0/0.2
>> > > > >>>> encapsulation dot1Q 2
>> > > > >>>> ip address 139.1.2.101 <http://139.1.2.101>
>> > <http://139.1.2.101> 255.255.255.0 <http://255.255.255.0>
>> > > <http://255.255.255.0>
>> > > > >>>>
>> > > > >>>> SW1:
>> > > > >>>>
>> > > > >>>> interface FastEthernet0/1
>> > > > >>>> switchport access vlan 11
>> > > > >>>> switchport mode access
>> > > > >>>> switchport voice vlan 2
>> > > > >>>> spanning-tree portfast
>> > > > >>>>
>> > > > >>>> Should R1 be able to ping R2 at 139.1.2.2
>> > <http://139.1.2.2> <http://139.1.2.2>
>> > > ? As of right now, I am not
>> > > > >>>> able
>> > > > >>>> to. When I debug icmp, packets from R2 reach R1, but
>> > packets
>> > > from R1
>> > > > >>>> never
>> > > > >>>> get to R2. Looks like SW1 is not sending packets from
>> the
>> > > voice vlan
>> > > > over
>> > > > >>>> its trunk to SW2.
>> > > > >>>>
>> > > > >>>> 2) What vlan # is used when you configure "switchport
>> > voice vlan
>> > > > dot1p"?
>> > > > >>>> How does the switch know when to send traffic TO this
>> > port on the
>> > > > voice
>> > > > >>>> vlan.
>> > > > >>>>
>> > > > >>>> thank you,
>> > > > >>>>
>> > > > >>>>
>> > > > >>>
>> > > > >>> Blogs and organic groups at http://www.ccie.net
>> > > > >>>
>> > > > >>>
>> > >
>> >
>> _______________________________________________________________________
>> > > > >>> Subscription information may be found at:
>> > > > >>> http://www.groupstudy.com/list/CCIELab.html
>> > > > >
>> > > > >
>> > > > > Blogs and organic groups at http://www.ccie.net
>> > > > >
>> > > > >
>> > >
>> >
>> _______________________________________________________________________
>> > > > > Subscription information may be found at:
>> > > > > http://www.groupstudy.com/list/CCIELab.html
>> > > > >
>> > > > >
>> > > > >
>> > > > >
>> > > > >
>> > > > >
>> > > > >
>> > > > >
>> > > >
>> > > > --
>> > > > Carlos G Mendioroz <tron@huapi.ba.ar
>> > <mailto:tron@huapi.ba.ar> <mailto:tron@huapi.ba.ar
>> > <mailto:tron@huapi.ba.ar>>>
>> > > LW7 EQI Argentina
>> > >
>> > >
>> > > Blogs and organic groups at http://www.ccie.net
>> > >
>> > >
>> >
>> _______________________________________________________________________
>> > > Subscription information may be found at:
>> > > http://www.groupstudy.com/list/CCIELab.html
>> > >
>> > >
>> > >
>> > >
>> > >
>> > >
>> > >
>> > >
>> > >
>> > >
>> > > --
>> > > Pavel Bykov
>> > > ----------------
>> > > Don't forget to help stopping the braindumps, use of which reduces
>> > value
>> > > of your certifications. Sign the petition at
>> > http://www.stopbraindumps.com/
>> >
>> > --
>> > Carlos G Mendioroz <tron@huapi.ba.ar <mailto:tron@huapi.ba.ar>>
>> > LW7 EQI Argentina
>> >
>> >
>> >
>> >
>> > --
>> > Pavel Bykov
>> > ----------------
>> > Don't forget to help stopping the braindumps, use of which reduces value
>> > of your certifications. Sign the petition at
>> http://www.stopbraindumps.com/
>>
>> --
>> Carlos G Mendioroz <tron@huapi.ba.ar> LW7 EQI Argentina
>>
>
>
>
> --
> Pavel Bykov
> ----------------
> Don't forget to help stopping the braindumps, use of which reduces value of
> your certifications. Sign the petition at http://www.stopbraindumps.com/
>
-- Pavel Bykov ---------------- Don't forget to help stopping the braindumps, use of which reduces value of your certifications. Sign the petition at http://www.stopbraindumps.com/Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:08 ARST