Re: RSPAN causing an l2protocol tunnel-like effect

From: Hobbs (deadheadblues@gmail.com)
Date: Sat Jan 31 2009 - 18:10:25 ARST

Yep, the output is below. I am worried because this could screw up
things on a lab if cdp neighboring was required to be a certain way. I
could turn it off on R2 but if cdp was required...not good.

SW1#sho vlan remote-span
Remote SPAN VLANs
--------------------------
999

SW2#sho vlan rem
Remote SPAN VLANs
--------------------------
999

Also, I thought maybe the native vlan could cause problems if it was
the rspan vlan, but my native vlan is 1. I just don't see how this is
happening, vlan999 is tagged and packets to sw1 should arrive as
tagged. It should then strip off the header and send it to the
monitoring destination port.

Other things I tried:
-Tagging the native vlan just for kicks (R2 is on vlan 150 btw)
-Monitoring a source vlan, instead of port on sw2.
-Changing native vlan to a non-existing vlan.

very strange...

On Sat, Jan 31, 2009 at 12:52 PM, Jared Scrivener
<jscrivener@ipexpert.com> wrote:
> That's definitely odd and not something I've encountered before.
>
> If you do "sh vlan remote-span" on both switches are they both aware it is
> an RSPAN VLAN?
>
> Cheers,
>
> Jared Scrivener CCIE3 #16983 (R&S, Security, SP), CISSP
> Technical Instructor - IPexpert, Inc.
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> Mailto: jscrivener@ipexpert.com
>
>
> -----Original Message-----
> From: Hobbs [mailto:deadheadblues@gmail.com]
> Sent: Saturday, 31 January 2009 2:36 PM
> To: jscrivener@ipexpert.com
> Cc: Cisco certification
> Subject: Re: RSPAN causing an l2protocol tunnel-like effect
>
> Ok, just to remove any doubt. I got my laptop connected to SW1 now and
> removed R5 :)
>
> So now R2 packets are being sent to remote-span VLAN999, to sw1 and
> then along to my laptop, monitoring is working...but sw1 still sees R2
> as cdp neighbor.
>
> I would think that SW1 is supposed to know that vlan 999 is an
> rspan-vlan not take everything literal....
>
> On Sat, Jan 31, 2009 at 12:30 PM, Hobbs <deadheadblues@gmail.com> wrote:
>> Jared,
>>
>> Thanks for the reply, but the issue isn't with R5, I was using it test
>> my monitoring by running debug ip packet. I can remove as needed and
>> the issue remains.
>>
>> The issue is with SW1 seeing R2 as a CDP neighbor - THIS should not be
>> happening. Suppose I had a monitoring device on SW1....why does SW1
>> see R2 as a neighbor?
>>
>> thanks,
>>
>>
>> On Sat, Jan 31, 2009 at 12:21 PM, Jared Scrivener
>> <jscrivener@ipexpert.com> wrote:
>>> Hey Hobbs,
>>>
>>> It appears that your switch is copying ALL frames (from layer 2) received
>>> via R2 and outputting them to R5. That includes CDP frames.
>>>
>>> R5 thinks that R2 is a CDP neighbor as a result of this. CDP adjacencies
>>> require duplex to be matching (as they assume that CDP adjacencies are on
>>> the same physical link) but it appears that R2 is half-duplex. This is
>>> giving you CDP errors.
>>>
>>> My first question is "why" are you doing this (spanning a router to
> another
>>> router), but I'm sure you're doing it to learn something new. :)
>>>
>>> Just disable CDP on R2's interface and your issue should resolve itself
>>> (assuming changing the duplex on R2 doesn't help).
>>>
>>> Cheers,
>>>
>>> Jared Scrivener CCIE3 #16983 (R&S, Security, SP), CISSP
>>> Technical Instructor - IPexpert, Inc.
>>> Telephone: +1.810.326.1444
>>> Fax: +1.810.454.0130
>>> Mailto: jscrivener@ipexpert.com
>>>
>>>
>>> -----Original Message-----
>>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>>> Hobbs
>>> Sent: Saturday, 31 January 2009 2:02 PM
>>> To: Cisco certification
>>> Subject: RSPAN causing an l2protocol tunnel-like effect
>>>
>>> Hello,
>>>
>>> I have the following:
>>>
>>> R5---sw1---sw2---R2
>>>
>>> Afetr setting up RSPAN on the switches (3560s), sw1 sees R2 as a CDP
>>> neighbor.
>>>
>>> I have a monitor session on sw2 destined for a remote vlan as follows:
>>>
>>> SW2#sho run | inc mon
>>> monitor session 1 source interface Fa0/2
>>> monitor session 1 destination remote vlan 999
>>>
>>> On sw1 I start getting these messages:
>>>
>>> 00:50:32: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on
>>> FastEthernet0/13 (not half duplex), with R2 Ethernet0/0 (half duplex).
>>> 00:51:32: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on
>>> FastEthernet0/13 (not half duplex), with R2 Ethernet0/0 (half duplex).
>>>
>>> Sure enough, Sw1 now sees R2 as a cdp neighbor on the port connected to
> sw2
>>>
>>> SW1#sho cdp ne | inc 0/13
>>> SW2 Fas 0/13 125 R S I
>>> WS-C3560-2Fas 0/13
>>> R2 Fas 0/13 165 R S I 3640
>>> Eth 0/0
>>>
>>> fyi, sw1 has the following config:
>>>
>>> SW1#sho run | inc mon
>>> monitor session 1 destination interface Fa0/5 ingress untagged vlan 100
>>> monitor session 1 source remote vlan 999
>>>
>>> I have define vlan 999 as a remote-span vlan.
>>>
>>> Any ideas?
>>>
>>> thank you
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:41 ARST