[c-nsp] 6500 - Is it possible to sniff DSCP values over RSPAN?

[Anton Kapela]

> The layer 2 path for the RSPAN session passes from this 6500 
> to a 7200, into an L2TPv3 tunnel over the 'net to another 
> 7200, through another 6500, and finally through two 3560s to 
> the sniffer.

You should ensure that the 6500 and 3560's are set to 'trust dscp' on
all interfaces over which your data passes. Default behaviors for
whether or not the DSCP is set to null/zero depend on mls qos being
enabled, routed ports vs. bridged vlan, etc. IIRC, 3550's that were not
running mls qos would leave all dscp unmutated, but with mls qos enabled
they would set all packets ingressing untrusted ports to zero. 3560,
iirc, reverses this, and sets all routed packets to dscp zero regardless
of mls qos state. 

> The RSPAN session works fine, and I see all the traffic I 
> want to see, but all my DSCP values are zero. Before I go 
> digging into the PBX to figure out why it's not marking DSCP 
> properly, I'd like to see if anyone has successfully passed 
> non-zero DSCP values over an RSPAN session.

Check those boxes, ensure that the 7200's (unlikely to touch dscp at all
in x-connect tunnels), 6500 and 3560's aren't mutating or resetting. 

Failing rspan/l2tpv3 doing what you need, you could check this (voip
system seting proper DSCP values..) on the main switch. You could map
dscp to CoS queues and check counters for those queues, or use ACL's
that match the DSCP values, assuming counters work for you. <g>

-Tk