[c-nsp] SPAN limitations on already-mirrored traffic
Pierre Emeriaud
petrus.lt at gmail.com
Wed Nov 26 14:17:15 EST 2014
Folks,
I'm having difficulties to monitor traffic already mirrored from
another equipment.
Basically, i'm just trying to use the switch (2970, 12.2(25)SE) as a
media converter, from fiber to copper gig.
The traffic coming from the fiber (gi0/25) is from another equipment
(ALu 7750, debug mirror if that matters) and thus has no valid
destination mac address on the 2970. Lots of different vlans on this
port.
So I assumed that a span session from port gi0/25 to gi0/24 should
copy all incoming traffic, independantly of the destination mac.
However this doesn't work, like if all traffic was dropped because of
unknown destination (all other ports down) before it was mirrored to
gi0/24.
Config is pretty basic:
Switch#sh run | i mon
monitor session 1 source interface Gi0/25 rx
monitor session 1 destination interface Gi0/24
Switch#sh int g0/24
GigabitEthernet0/24 is up, line protocol is down (monitoring)
Switch#sh int g0/25 | i packets in
561890 packets input, 723169677 bytes, 0 no buffer
Switch#sh int g0/24 | i packets out
0 packets output, 0 bytes, 0 underruns
I tried to configure the two ports as switchport trunk, access in the
same vlan (with sufficient mtu to allow already tagged traffic), but
also no switchport (how is that even possible on a 2970?), no luck.
Am I hitting a hardware limitation or is there something I missed?
TIA,
pierre
More information about the cisco-nsp
mailing list