From: Hobbs (deadheadblues@gmail.com)
Date: Sun Feb 01 2009 - 01:01:44 ARST
Hi Shawn,
"Encapsulation replicate" would be put on the eventual destination
command on SW1. In this case, the issue is happening before that step.
I have wiped out and cleaned the config up a couple times starting
with creating the vlan first. Still had no luck. I did read about
RSPAN not being able to support l2 protocols - however, I am not
trying to, monitor l2 protocols. Perhaps because CDP is enabled, this
is what they mean and I should in fact turn it off...but lab tasks
often have you set up monitoring a port connected to a router...
It appears that something is broken here. SW1 must be removing the
vlan999 tag, then looking at the packet natively. If SW2 was removing
the tag, then my monitor would not end with the traffic, which it is -
monitoring is working, source from the RSPAN vlan.
I do appreciate all the suggestions, I'm kind of curious if anyone
else has labbed this or could lab this up. It just takes two 3560's
and a router...
On 1/31/09, Shawn Zandi <szmetal@gmail.com> wrote:
>
>
> Did you use "encapsulation replicate"? cause there's a hardware limitation
> on 3560s as mentioned in documentation if you have high-traffic load, and
> RSPAN does not support BPDU packet monitoring or other Layer 2 switch
> protocols.
>
> also it's recommended that you configure an RSPAN VLAN before you configure
> an RSPAN source or a destination session,
>
> Make sure RSPAN VLAN is configured only on trunk ports and not on access
> ports.
>
>
> --
> Sincerely,
> Shawn Zandi
>
>
> On Sun, Feb 1, 2009 at 12:10 AM, Hobbs <deadheadblues@gmail.com> wrote:
>
> > Yep, the output is below. I am worried because this could screw up
> > things on a lab if cdp neighboring was required to be a certain way. I
> > could turn it off on R2 but if cdp was required...not good.
> >
> > SW1#sho vlan remote-span
> > Remote SPAN VLANs
> > --------------------------
> > 999
> >
> > SW2#sho vlan rem
> > Remote SPAN VLANs
> > --------------------------
> > 999
> >
> > Also, I thought maybe the native vlan could cause problems if it was
> > the rspan vlan, but my native vlan is 1. I just don't see how this is
> > happening, vlan999 is tagged and packets to sw1 should arrive as
> > tagged. It should then strip off the header and send it to the
> > monitoring destination port.
> >
> > Other things I tried:
> > -Tagging the native vlan just for kicks (R2 is on vlan 150 btw)
> > -Monitoring a source vlan, instead of port on sw2.
> > -Changing native vlan to a non-existing vlan.
> >
> > very strange...
> >
> > On Sat, Jan 31, 2009 at 12:52 PM, Jared Scrivener
> >
> >
> >
> > <jscrivener@ipexpert.com> wrote:
> > > That's definitely odd and not something I've encountered before.
> > >
> > > If you do "sh vlan remote-span" on both switches are they both aware it
> is
> > > an RSPAN VLAN?
> > >
> > > Cheers,
> > >
> > > Jared Scrivener CCIE3 #16983 (R&S, Security, SP), CISSP
> > > Technical Instructor - IPexpert, Inc.
> > > Telephone: +1.810.326.1444
> > > Fax: +1.810.454.0130
> > > Mailto: jscrivener@ipexpert.com
> > >
> > >
> > > -----Original Message-----
> > > From: Hobbs [mailto:deadheadblues@gmail.com]
> > > Sent: Saturday, 31 January 2009 2:36 PM
> > > To: jscrivener@ipexpert.com
> > > Cc: Cisco certification
> > > Subject: Re: RSPAN causing an l2protocol tunnel-like effect
> > >
> > > Ok, just to remove any doubt. I got my laptop connected to SW1 now and
> > > removed R5 :)
> > >
> > > So now R2 packets are being sent to remote-span VLAN999, to sw1 and
> > > then along to my laptop, monitoring is working...but sw1 still sees R2
> > > as cdp neighbor.
> > >
> > > I would think that SW1 is supposed to know that vlan 999 is an
> > > rspan-vlan not take everything literal....
> > >
> > > On Sat, Jan 31, 2009 at 12:30 PM, Hobbs <deadheadblues@gmail.com> wrote:
> > >> Jared,
> > >>
> > >> Thanks for the reply, but the issue isn't with R5, I was using it test
> > >> my monitoring by running debug ip packet. I can remove as needed and
> > >> the issue remains.
> > >>
> > >> The issue is with SW1 seeing R2 as a CDP neighbor - THIS should not be
> > >> happening. Suppose I had a monitoring device on SW1....why does SW1
> > >> see R2 as a neighbor?
> > >>
> > >> thanks,
> > >>
> > >>
> > >> On Sat, Jan 31, 2009 at 12:21 PM, Jared Scrivener
> > >> <jscrivener@ipexpert.com> wrote:
> > >>> Hey Hobbs,
> > >>>
> > >>> It appears that your switch is copying ALL frames (from layer 2)
> received
> > >>> via R2 and outputting them to R5. That includes CDP frames.
> > >>>
> > >>> R5 thinks that R2 is a CDP neighbor as a result of this. CDP
> adjacencies
> > >>> require duplex to be matching (as they assume that CDP adjacencies are
> on
> > >>> the same physical link) but it appears that R2 is half-duplex. This is
> > >>> giving you CDP errors.
> > >>>
> > >>> My first question is "why" are you doing this (spanning a router to
> > > another
> > >>> router), but I'm sure you're doing it to learn something new. :)
> > >>>
> > >>> Just disable CDP on R2's interface and your issue should resolve
> itself
> > >>> (assuming changing the duplex on R2 doesn't help).
> > >>>
> > >>> Cheers,
> > >>>
> > >>> Jared Scrivener CCIE3 #16983 (R&S, Security, SP), CISSP
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:09 ARST