Cisco Switching/Routing :: 6509 - Nexus And Span Sessions
Oct 24, 2011
I am in the early planning stages for a 6509 to Nexus 7K migration. Based on my experience with the 7K's at a previous company where we ran into a lot of issues, I am trying to be very careful.
I am more at home with the 6500 chassis and know what I can do with them. I remember running into a limitation on the Nexus that involved their not supporting span sessions like the 6500's do. Is that still the case ?
If that isnt an option in the short term, I will need to look at a substantial investment in ethernet tap's to replace the lost span functionality because the security group's heavy use of span sessions.
I am hoping you can provide me with some opinions, feedback, thoughts on the following. We have some Cisco 6509 switches in our environment currently hitting around 60% usage on the Router overall statistics.
Now we are looking at implementing an intrusion detection system but by being as least invasive as possible to the network. Our thoughts are to utilize a SPAN port on the switches to send traffic to the NIDS device but we have concerns of the following. The limitations of SPAN sessions on 6509's . The overhead on the switch of turning a SPAN session on and leaving it on permanently.
I've learned recently that the Nexus 7000 only allows the configuration of a maximum of 2 Monitor sessions for spanning traffic. I only have one monitor session left and I need to do the following. 2 Core Nexus 7000 boxes with 2 different traffic probes/sniffers to each nexus( eg Sniffer 1 connects to Switch A on interface eth 1 and to Switch B on eth 1 ; Sniffer 2 connects to Switch A on eth 2 and to Switch B on eth 2.) My plan was to setup a standard session with multiple sources and destinations then on the interfaces connecting to the sniffers run a trunk and do 'sw trunk allowed xxxxx' and filter what I need to go to each sniffer box. However I've recently found out that some of my source traffic is coming from Port-Channel interfaces. Is there a way I can get around this and still do the filtering within only 1 monitor session ?
I have a single Nexus 7K (6.x) with only F2 modules and I would like to SPAN the same source interfaces and vlans to mulitple destination servers (interfaces). When configuring SPAN to a single destination traffic gets replicated successfully but when I add an additional destination to the same SPAN session then none of the destination interfaces receive any traffic. As soon as modify the SPAN to include only a single destination interface it works again. I'm guess this is a limitation of the Nexus 7K 6.x code or the F2 modules.
I'm setting up a montitor session on a NEXUS 7K as below.we are receiving in 150M of data and 0 data going out port 9/25.but port 4/24 shows 300M to the span port?
I want to monitor our backup server (commvault) as it is saying it's library (Data Domain) is going off line.[code] The issue is I am seeing a lot of unicast traffic (on Wireshark) that has nothing to do with the server on E2/11. Some of it is from different VLANs... There is way too much data (multi-Mbps) to keep wireshark running very long to capture our intermitten problem.
I hve the above setup and I need to setup multicast between the 2 servers. The nexu7k is a layer 2 switch and the 6500 is a lyer3.Both servers would be sending/receving traffic.
I have two Nexus 5596UP that will be connected together via VPC-Peerlink. From there I want to connect both 5596UP's to a 6509-VSS via VPC.The Nexus 5596UP's will be essentially layer 2 switches, all routing will be done the 6509-VSS's.
we have a new IBM Bladechassie with two Cisco nexus 4001i switches.I have configured one external port on each nexus and connected them to a cisco 6509 with 1G cisco SFP-modules and MM fibre.Both the nexus and 6509 ports are configured as trunk ports, and set speed to 1000.I see light in the SFP-modules on both devices, and through the fibre. When I connect the devices, the link doesn't come up. No light on the ports, the nexus says "link not connected", and the 6509 says "notconnect". I have tried reconfiguring the ports in many ways, even as accessports, nothing seems to work. If I move the SFP and fibre from the 6509 over to a trunk port on a cisco c2960-24TC-L, the link comes up and everything is working fine. why this work on a 2960 and not my 6509 coreswitch? One of the configs I've tried on the 6509:interface GigabitEthernet2/20description *IBM Bladechassie 2 NW1*switchportswitchport trunk encapsulation dot1qswitchport trunk native vlan 34switchport trunk allowed vlan 34switchport mode trunkend
We have two 5548 switches connected to a pair of 6509 running in VSS mode. I am trying to understand the benefit of having bridge assurance on the uplink ports.
If we have the command spanning-tree port type network enabled we cannot do a non disruptive upgrade. If there is bridge assurance on the uplink it warns you of this. Yet if I do not run bridge assurance on the uplinks I can do a upgrade without any disruption.
Why in god would I enable bridge assurance on this VPC link if I cannot do a non disruptive upgrade?
I have the following connectivity :Nexus(7004) - M1 8Port card with x2-10GB-SR <----------------------> 6509 -- 6704 card -- xenpak-10GB-SR ,The fiber link is not coming up.
I am trying to understand what load balancing method is used on a port channel on a Nexus switch . I have a server connected by a VPC to two Nexus switches. The nexus switches are only acting as layer 2 switches. I have a 6509 connected via a upstream link that does all of the routing for my VLANS. If have a server connected to the Nexus switches and it talks to a server on my 6509 what load balancing happens on the Nexus going across VPC 27 which is a layer 2 trunk going up to my 6509. Is it done on layer 2 or layer 3 flows?
My Nexus shows the default load balancing configurations
Port Channel Load-Balancing Configuration:System: source-dest-ip Port Channel Load-Balancing Addresses Used Per-Protocol:Non-IP: source-dest-macIP: source-dest-ip source-dest-mac
I am trying to work up a config based on equipment that was ordered before I joined my current employer.
I will be deploying N2Ks at the top of each rack. Each N2K will be dual homed to two different N5K's. Being new to the Nexus, I understand that the N2K's have no brains and are dependent on the N5K's they connected to. Wasnt sure how to tell each 5K that the 2K that was dual connected to it needed to be able to move between N5K's based on failure/availability. I havent been able to find a sample config of what this will look like anywhere on the Nexus section of the Cisco site.
The next step after this will be to connect N5K_1 to blade on a 6509 and N5K_2 to a different blade on the same 6509. I will be installing two of the 10Gig blades in the 6509. Havent been able to find any sample configs on what this would look like either. We are upgrading the sup engines on the 6509 to the new 2T version.
I wanted to know if any has the Nexus 7009 chassis installed into a 600 wide rack with the sides fitted and if they are experiencing heat issues?
My client will be replacing their aging 6509 chassis with 7009 devices, but the physicals dont tally with the install guidelines for the 7009 series chassis. The current install of the 6509s does not tally with the recommended install guidelines for those either, but they have not expereienced any heat issues...
The 7009 will be fitted with 2xSUP2E, 3x48portSFP-F2E cards and 2x10GSFP-M2 cards with 2x6K PSUs. I am genuinely concerned they may cook these devices, but space restrictions look like vetoing the upgrade to 800 wide racks. Likewise moving to 7010 chassis may prove tricky due to existing other installs within the racks limiting vertical space.
Our customer is willing to have a Cisco Nexus 5020 to provide server connectivity and this Nexus would go connected to their core switch 6509. They are concern about Spanning tree compatibility between the Nexus and the 6509. Are they fully compatible for Spanning tree?
I am trying to configure RSPAN for one of my client. They have Server-Client VTP architecture. Voice Recording Server is connected to C4507. Agents are connected to C2960 and C3750. I got 2 sessions configured and the connectivity is a as follows:
1. Voice Recording Server-----C4507-----C2960-----C2960-----Agent IP Phones (Session 1) 2. Voice Recording Server-----C4507-----C3750-----Agent IP Phones (Session 2)
Recording works with Session-2 but not with Session-1. I understand the problem could be due to multiple reasons: 1.1. C2960 is working in client VTP mode so i cannot add remote span command under the vlan configuration. 1.2. C2960 has LANLITE IOS image which i am not sure if it supports Remote Span.
I have CISCO catalyst with VLANs (VLAN ID 33, 36, 40-53) configured. I need to configure port mirroring in Switch 3750 for NAC (Network Access Control). I need to Monitor all the VLANs. Here is the SPAN configuration of switch: [code] Monitor session 1 source vlan 33 , 36 , 40 – 53.Monitor Session 1 destination interface fa 1/0/8 (here I am not able to set encapsulation dot1q ) because the error occurred saying %one or more dest port do not support the encapsulation%.
I currently have IOS image cat4500e-entservices-mz.122-53.SG5.bin. According to my research it appears SPAN is supported on this OS. However, after looking at procedure notes using websites like here:
[url]... I cannot find and obviously not figure out how to use the SPAN command. My main objective is to simply setup a port mirror on one of my TenGigabitEthnet interfaces and from what I read SPAN is the best way to setup a tap interface on a cisco switch.
Been dealing with a strange problem for several days now. It started out with a problem that I thought was VTP related but ended up being something else. I setup a span port on a 3750 that I am connected to that was mirroring the trunk connection coming into the switch.
Never saw an VTP traffic come across the connection but doing a sh vtp status indicated the traffic was arriving and getting processed. When I found some debug commands (debug sw-lan vtp), I was also able to see the packets go between switches. Seeing this issue concerns me that there is other traffic that isnt showing up during a span session.
I know that doing a span on a switch, especially using a trunk port as a source, isnt a good idea. Since I didnt have a TAP at time, this was my only choice. I have since borrowed a NetOptics TP-CU3 tap from a good friend and was able to confirm the VTP traffic was going across the trunk connection between switches.
I have a Cisco 881 router running 15.1(4)M4. I am trying to configure SPAN on it to mirror my outside interface (source) to one of my LAN interfaces (dest).
!--- WAN interface interface FastEthernet4 description Comcast WAN$ETH-WAN$
[Code]......
As you can see from the above output there is a problem with the command on this interface. When I try to set Fa0 as my source it works fine:
rtr(config)#mon session 1 source int fastEthernet 0 rtr(config)#
Is this because fa4 is layer 3 and fa0 is a switchport? If so, is there another way to set fa4 as the source?
I have a need to capture some traffic but my core 6513's are already using the limit of 2 span sessions. I can't edit any of the sessions either because I want to source traffic from vlans and you can only do one or the other. Is using a VACL with 'switchport capture' on the destination interface an option ? E.g. I want to source traffic from vlan 10,20,30,40 and send the all to interface Gi10/10 ? Is there any caveats ? I dont need to be too granular with the ACL's but just capture all traffic in those vlans.
i have configured SPAN on cisco 4900 series switches its a Loacal SPAN . as there is only commnads to complete this activity but hard luck its not working.
I have cisco 2651 with one L3 interface ip 172.26.18.200. This Cisco is gateway from E1 PRI (PBX Aastra MX-ONE TSW) to SIP (Asterisk). This cisco 2651 connected to cisco 2950 in port Fa 0/12. Fa 0/12 is in VLAN 518 (dot1q).
On cisco 2950 i made next commands:
# monitor session 1 source interface Fa 0/12 both encap dot1q # monitor session 1 destination interface Fa 0/9 #sho monitor session 1 [Code].....
I'm trying to configure a mirror port on a 3750. This configuration needs to replicate data from local ports, but I need that also act as a regular access port.
With the initial configuration, SPAN port, there is no problem, all the data of the configurated ports is replicating in the configurated port. On the port configurated as mirror there is a PC connected for audio recording. When the port is not operating as SPAN there is communications without problem over the LAN. But when I configure the port as SPAN, communication is interrupted.
Here is the actual configuration:
SWITCH1-PISO7#sh monitor session 1 Session 1 --------- Type : Local Session
I do not see 802.1Q tags nor do I see p-bits (COS) in my wireshark captures. My setup is not working and I have no way to verify (sniff) that the 6509 is setting the p-bits to 3. [code]
i have configured SPAN over cisco 2960 to monitor source port traffic but after configuration i dont able to get response from destination port as my NMS is attached on destination port so i lost its web interface.
Configuration is as under.
monitor session 1 source interface gigabitEthernet0/5 (Source Port on Vlan 100) monitor session 1 destination interface gigabitEthernet0/1 (Destination Port on Vlan 200)
i am running c3640-is-mz.124-21.bin on a cisco router 3640. i am trying to create a monitor session in the CLI and everytime i type the command Router(config)#monitor session 1 interface ethernet2/1 % Invalid input detected at '^' marker. Router(config)#monitor session 1 interface ethernet2/1 ^% Invalid input detected at '^' marker. i get the error invalid input ?
I'm trying to configure a SPAN session on a Cisco 3725 router, but it won't let me complete the command. The router has two Fast Ethernet interfaces: 0/0 and 0/1. I'm trying to configure a SPAN session with Fa0/0 as the source interface and Fa0/1 as the destination interface. [code] But when I try to configure the session, it seems like it's giving me the option to configure the SPAN session, but in the end the router won't let me: [code] When I type "?", why would it give me the option of using the Fast Ethernet interface as source port, then when I try to execute the command, it doesn't like it?
I have configured Span port on our 4510. We have an application 5view server to monitor trafic connected to G9/17 Since we have changed the network connection from physical Giga port and add a Port-channel instead, we don't see any more trafic from the new Port-channel to G9/17
