[c-nsp] SPAN limitations on already-mirrored traffic
Painting, Stuart
Stuart.Painting at TheAA.com
Thu Nov 27 03:44:33 EST 2014
This isn't something as simple as "bring up another port on the
switch", is it?
The switch may be discarding the traffic because there is
nowhere to send it (the SPAN port may only work if the traffic
is traversing the switch).
-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Pierre Emeriaud
Sent: 26 November 2014 19:17
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] SPAN limitations on already-mirrored traffic
Folks,
I'm having difficulties to monitor traffic already mirrored from
another equipment.
Basically, i'm just trying to use the switch (2970, 12.2(25)SE) as a
media converter, from fiber to copper gig.
The traffic coming from the fiber (gi0/25) is from another equipment
(ALu 7750, debug mirror if that matters) and thus has no valid
destination mac address on the 2970. Lots of different vlans on this
port.
So I assumed that a span session from port gi0/25 to gi0/24 should
copy all incoming traffic, independantly of the destination mac.
However this doesn't work, like if all traffic was dropped because of
unknown destination (all other ports down) before it was mirrored to
gi0/24.
Config is pretty basic:
Switch#sh run | i mon
monitor session 1 source interface Gi0/25 rx
monitor session 1 destination interface Gi0/24
Switch#sh int g0/24
GigabitEthernet0/24 is up, line protocol is down (monitoring)
Switch#sh int g0/25 | i packets in
561890 packets input, 723169677 bytes, 0 no buffer
Switch#sh int g0/24 | i packets out
0 packets output, 0 bytes, 0 underruns
I tried to configure the two ports as switchport trunk, access in the
same vlan (with sufficient mtu to allow already tagged traffic), but
also no switchport (how is that even possible on a 2970?), no luck.
Am I hitting a hardware limitation or is there something I missed?
TIA,
pierre
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
“To our Members we're the 4th Emergency Service "
This electronic message contains information from AA Corporation Limited or from a member, or members, of its group of companies which may be privileged or confidential. The information is intended to be for the use of the individual(s) or entity named above. If you are not the intended recipient, please delete this e-mail immediately. The contents of this e-mail must not be disclosed or copied without the sender's consent. We cannot accept any responsibility for viruses, so please scan all attachments.
No changes to Terms and Conditions of trade can be accepted through e-mail communication. All changes to Terms and Conditions must be in writing evidenced by a director of the company and in hard copy format. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. The company does not take any responsibility for the views of the author. ”
More information about the cisco-nsp
mailing list