From: NET HE (he_net@hotmail.com)
Date: Sun Feb 01 2009 - 02:14:11 ARST
Hobbs,
I don't have 3560, but I used 2 3550 and a router to lab your senario up, and
didn't have the problem you mentioned.
My topology is sw2(3550) -- sw1(3550) -- R5(2500)
Before I labbed up the RSPAN, I checked up the CDP neighbors on R5 and SW2, R5
showed SW1, and SW2 showed sw1.
On sw1,
vtp mode transparent
vlan 999
remote-span
monitor session 1 source interface fa0/5
monitor session 1 destination remote vlan 999 reflector-port fa0/10
on SW2,
vtp mode transparent
vlan 999
remote-span
monitor session 1 source remote vlan 999
monitor session 1 destination int fa0/7 ingress vlan 1
After 10 minutes, then i checked the cdp neigh again, no change. R5 showed
sw1, and sw2 showed SW1.
Hope it helps.Best Regards, Net (Xin) He > Date: Sat, 31 Jan 2009 20:01:44
-0700> Subject: Re: RSPAN causing an l2protocol tunnel-like effect> From:
deadheadblues@gmail.com> To: szmetal@gmail.com> CC: jscrivener@ipexpert.com;
ccielab@groupstudy.com> > Hi Shawn,> > "Encapsulation replicate" would be put
on the eventual destination> command on SW1. In this case, the issue is
happening before that step.> I have wiped out and cleaned the config up a
couple times starting> with creating the vlan first. Still had no luck. I did
read about> RSPAN not being able to support l2 protocols - however, I am not>
trying to, monitor l2 protocols. Perhaps because CDP is enabled, this> is what
they mean and I should in fact turn it off...but lab tasks> often have you set
up monitoring a port connected to a router...> > It appears that something is
broken here. SW1 must be removing the> vlan999 tag, then looking at the packet
natively. If SW2 was removing> the tag, then my monitor would not end with the
traffic, which it is -> monitoring is working, source from the RSPAN vlan.> >
I do appreciate all the suggestions, I'm kind of curious if anyone> else has
labbed this or could lab this up. It just takes two 3560's> and a router...> >
On 1/31/09, Shawn Zandi <szmetal@gmail.com> wrote:> >> >> > Did you use
"encapsulation replicate"? cause there's a hardware limitation> > on 3560s as
mentioned in documentation if you have high-traffic load, and> > RSPAN does
not support BPDU packet monitoring or other Layer 2 switch> > protocols.> >> >
also it's recommended that you configure an RSPAN VLAN before you configure> >
an RSPAN source or a destination session,> >> > Make sure RSPAN VLAN is
configured only on trunk ports and not on access> > ports.> >> >> > --> >
Sincerely,> > Shawn Zandi> >> >> > On Sun, Feb 1, 2009 at 12:10 AM, Hobbs
<deadheadblues@gmail.com> wrote:> >> > > Yep, the output is below. I am
worried because this could screw up> > > things on a lab if cdp neighboring
was required to be a certain way. I> > > could turn it off on R2 but if cdp
was required...not good.> > >> > > SW1#sho vlan remote-span> > > Remote SPAN
VLANs> > > --------------------------> > > 999> > >> > > SW2#sho vlan rem> > >
Remote SPAN VLANs> > > --------------------------> > > 999> > >> > > Also, I
thought maybe the native vlan could cause problems if it was> > > the rspan
vlan, but my native vlan is 1. I just don't see how this is> > > happening,
vlan999 is tagged and packets to sw1 should arrive as> > > tagged. It should
then strip off the header and send it to the> > > monitoring destination
port.> > >> > > Other things I tried:> > > -Tagging the native vlan just for
kicks (R2 is on vlan 150 btw)> > > -Monitoring a source vlan, instead of port
on sw2.> > > -Changing native vlan to a non-existing vlan.> > >> > > very
strange...> > >> > > On Sat, Jan 31, 2009 at 12:52 PM, Jared Scrivener> > >> >
>> > >> > > <jscrivener@ipexpert.com> wrote:> > > > That's definitely odd and
not something I've encountered before.> > > >> > > > If you do "sh vlan
remote-span" on both switches are they both aware it> > is> > > > an RSPAN
VLAN?> > > >> > > > Cheers,> > > >> > > > Jared Scrivener CCIE3 #16983 (R&S,
Security, SP), CISSP> > > > Technical Instructor - IPexpert, Inc.> > > >
Telephone: +1.810.326.1444> > > > Fax: +1.810.454.0130> > > > Mailto:
jscrivener@ipexpert.com> > > >> > > >> > > > -----Original Message-----> > > >
From: Hobbs [mailto:deadheadblues@gmail.com]> > > > Sent: Saturday, 31 January
2009 2:36 PM> > > > To: jscrivener@ipexpert.com> > > > Cc: Cisco
certification> > > > Subject: Re: RSPAN causing an l2protocol tunnel-like
effect> > > >> > > > Ok, just to remove any doubt. I got my laptop connected
to SW1 now and> > > > removed R5 :)> > > >> > > > So now R2 packets are being
sent to remote-span VLAN999, to sw1 and> > > > then along to my laptop,
monitoring is working...but sw1 still sees R2> > > > as cdp neighbor.> > > >>
> > > I would think that SW1 is supposed to know that vlan 999 is an> > > >
rspan-vlan not take everything literal....> > > >> > > > On Sat, Jan 31, 2009
at 12:30 PM, Hobbs <deadheadblues@gmail.com> wrote:> > > >> Jared,> > > >>> >
> >> Thanks for the reply, but the issue isn't with R5, I was using it test> >
> >> my monitoring by running debug ip packet. I can remove as needed and> > >
>> the issue remains.> > > >>> > > >> The issue is with SW1 seeing R2 as a CDP
neighbor - THIS should not be> > > >> happening. Suppose I had a monitoring
device on SW1....why does SW1> > > >> see R2 as a neighbor?> > > >>> > > >>
thanks,> > > >>> > > >>> > > >> On Sat, Jan 31, 2009 at 12:21 PM, Jared
Scrivener> > > >> <jscrivener@ipexpert.com> wrote:> > > >>> Hey Hobbs,> > >
>>>> > > >>> It appears that your switch is copying ALL frames (from layer 2)>
> received> > > >>> via R2 and outputting them to R5. That includes CDP
frames.> > > >>>> > > >>> R5 thinks that R2 is a CDP neighbor as a result of
this. CDP> > adjacencies> > > >>> require duplex to be matching (as they
assume that CDP adjacencies are> > on> > > >>> the same physical link) but it
appears that R2 is half-duplex. This is> > > >>> giving you CDP errors.> > >
>>>> > > >>> My first question is "why" are you doing this (spanning a router
to> > > > another> > > >>> router), but I'm sure you're doing it to learn
something new. :)> > > >>>> > > >>> Just disable CDP on R2's interface and
your issue should resolve> > itself> > > >>> (assuming changing the duplex on
R2 doesn't help).> > > >>>> > > >>> Cheers,> > > >>>> > > >>> Jared Scrivener
CCIE3 #16983 (R&S, Security, SP), CISSP> > > Blogs and organic groups at
http://www.ccie.net> >
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:09 ARST