I'm setting up a montitor session on a NEXUS 7K as below.we are receiving in 150M of data and 0 data going out port 9/25.but port 4/24 shows 300M to the span port?
View 1 Repliesrsbd7k01-p-vdca(config)# monitor session 2
rsbd7k01-p-vdca(config-monitor)# source vlan ?
<1-3967>
rsbd7k01-p-vdca(config-monitor)# source vlan 1 - 3967
ERROR: vlan 33-3967: Number of source vlans exceeds maximum
rsbd7k01-p-vdca(config-monitor)#
If I monitor a trunkport on the rootbridge in both directions I get Duplicate Multicast Packets on the perticular VLAN. The first guess is, that this is worked as designed and not a IOS Bug (Platform CAT6500 SUP720 IOS 12.2(33)SXI9 ) Until know I only found an old Cisco press link from 2002 with this subject.
View 2 Replies View RelatedI have a need to capture some traffic but my core 6513's are already using the limit of 2 span sessions. I can't edit any of the sessions either because I want to source traffic from vlans and you can only do one or the other. Is using a VACL with 'switchport capture' on the destination interface an option ? E.g. I want to source traffic from vlan 10,20,30,40 and send the all to interface Gi10/10 ? Is there any caveats ? I dont need to be too granular with the ACL's but just capture all traffic in those vlans.
View 2 Replies View RelatedOn a Catalyst 6500, we configured a SPAN session with VLAN 300 as a source. We configured the session bi-directional ("both" keyword). We connect a sniffer on the SPAN destination port.
Strangely enough, we only see the traffic from the VRF to the firewall, but not the reverse traffic ! What can be the problem ?
I am having difficulties with getting SPAN traffic over my WS-X6704-10GE (CFC).
CISCO7606
ios 12.2(33)SRE6, SUP720-3BXL
Trying to use the span feature, put the commands listed below in and they entered successfully, but the port is not being mirrored.
interface TenGigabitEthernet1/1
description PUBLIC
dampening
mtu 9216
ip address x.x.x.x x.x.x.x
[Code]....
I've learned recently that the Nexus 7000 only allows the configuration of a maximum of 2 Monitor sessions for spanning traffic. I only have one monitor session left and I need to do the following. 2 Core Nexus 7000 boxes with 2 different traffic probes/sniffers to each nexus( eg Sniffer 1 connects to Switch A on interface eth 1 and to Switch B on eth 1 ; Sniffer 2 connects to Switch A on eth 2 and to Switch B on eth 2.) My plan was to setup a standard session with multiple sources and destinations then on the interfaces connecting to the sniffers run a trunk and do 'sw trunk allowed xxxxx' and filter what I need to go to each sniffer box. However I've recently found out that some of my source traffic is coming from Port-Channel interfaces. Is there a way I can get around this and still do the filtering within only 1 monitor session ?
View 1 Replies View RelatedI am in the early planning stages for a 6509 to Nexus 7K migration. Based on my experience with the 7K's at a previous company where we ran into a lot of issues, I am trying to be very careful.
I am more at home with the 6500 chassis and know what I can do with them. I remember running into a limitation on the Nexus that involved their not supporting span sessions like the 6500's do. Is that still the case ?
If that isnt an option in the short term, I will need to look at a substantial investment in ethernet tap's to replace the lost span functionality because the security group's heavy use of span sessions.
I have a single Nexus 7K (6.x) with only F2 modules and I would like to SPAN the same source interfaces and vlans to mulitple destination servers (interfaces). When configuring SPAN to a single destination traffic gets replicated successfully but when I add an additional destination to the same SPAN session then none of the destination interfaces receive any traffic. As soon as modify the SPAN to include only a single destination interface it works again. I'm guess this is a limitation of the Nexus 7K 6.x code or the F2 modules.
View 4 Replies View RelatedI want to monitor our backup server (commvault) as it is saying it's library (Data Domain) is going off line.[code] The issue is I am seeing a lot of unicast traffic (on Wireshark) that has nothing to do with the server on E2/11. Some of it is from different VLANs... There is way too much data (multi-Mbps) to keep wireshark running very long to capture our intermitten problem.
View 3 Replies View RelatedBeen dealing with a strange problem for several days now. It started out with a problem that I thought was VTP related but ended up being something else. I setup a span port on a 3750 that I am connected to that was mirroring the trunk connection coming into the switch.
Never saw an VTP traffic come across the connection but doing a sh vtp status indicated the traffic was arriving and getting processed. When I found some debug commands (debug sw-lan vtp), I was also able to see the packets go between switches. Seeing this issue concerns me that there is other traffic that isnt showing up during a span session.
I know that doing a span on a switch, especially using a trunk port as a source, isnt a good idea. Since I didnt have a TAP at time, this was my only choice. I have since borrowed a NetOptics TP-CU3 tap from a good friend and was able to confirm the VTP traffic was going across the trunk connection between switches.
All of my 3750's are running 12.2.55.SE.
I'm trying to configure a mirror port on a 3750. This configuration needs to replicate data from local ports, but I need that also act as a regular access port.
With the initial configuration, SPAN port, there is no problem, all the data of the configurated ports is replicating in the configurated port. On the port configurated as mirror there is a PC connected for audio recording. When the port is not operating as SPAN there is communications without problem over the LAN. But when I configure the port as SPAN, communication is interrupted.
Here is the actual configuration:
SWITCH1-PISO7#sh monitor session 1
Session 1
---------
Type : Local Session
[Code]......
i have configured SPAN over cisco 2960 to monitor source port traffic but after configuration i dont able to get response from destination port as my NMS is attached on destination port so i lost its web interface.
Configuration is as under.
monitor session 1 source interface gigabitEthernet0/5 (Source Port on Vlan 100) monitor session 1 destination interface gigabitEthernet0/1 (Destination Port on Vlan 200)
i am running c3640-is-mz.124-21.bin on a cisco router 3640. i am trying to create a monitor session in the CLI and everytime i type the command Router(config)#monitor session 1 interface ethernet2/1 % Invalid input detected at '^' marker. Router(config)#monitor session 1 interface ethernet2/1 ^% Invalid input detected at '^' marker. i get the error invalid input ?
View 10 Replies View RelatedI have two servers, connected on two(Different) 6513 directly connected switches. Both these servers are in the same Vlan.
I have to monitor communication these two servers. I have a system connected on one of the 6513 switch, where network tool wireshark is installed.
How to configure span port.
switch 6513-1# show run int Gi10/43 --------------------Server 1 is connected
switch 6513-2# show run int Gi9/45 ------------------------Server 2 is connected
switch 6513-2# show run int Gi9/46 ------------------------System on which network tool wireshark is installed.
Any issues with pasting scripts into a Nexus 7K and having the scripts get all messed up even though they are logically correct? I've had this issue over the years with IOS devices and the console port and tweaking some of the line feed/character delays fixes the issue but that was always with the console port and not a telnet session. Telnet has always worked flawlessly on IOS.
I've determined that if I tweak my line feed delay up to 1000ms it seems to work fine, but it just doesn't make sense to me that I have to do that.I have a customer with 3300 ACL lines that need to be put into a Nexus as part of a migration from 6500 to Nexus. And yes, I've already tried to convice them to offload these VLANs behind an ASA!
I read quite a few documents on configuring SPAN on a cisco switch but none of them mention any limitations or any kind of CPU load it can have on a switch. I need to configure this on one of our switches and would like to know if there are any implications related to SPAN.
View 5 Replies View RelatedIn s SPAN session , normally the destination prt is used for monitoring purpose only. But could destination port be used to access the equipement or PC connected to that port , for a 2960 LAN BASE image switch .
View 2 Replies View RelatedIs it possible to configure the span(switch port analyzer) port and restrict it to only listen to ingress and egress of TCP/1433 from the source port?
View 2 Replies View RelatedLucien is a customer support engineer at the Cisco Technical Assistance Center. He currently works in the data center switching team supporting customers on the Cisco Nexus 5000 and 2000. He was previously a technical leader within the network management team. Lucien holds a bachelor's degree in general engineering and a master's degree in computer science from Ecole des Mines d'Ales. He also holds the following certifications: CCIE #19945 in Routing and Switching, CCDP, DCNIS, and VCP #66183
View 1 Replies View Relatedhave multicast data across OTV extensions? We run OTV between two pairs of Nexus 7000 in different datacenters with mcast underlying encapsulation. We stretch 10 or so vlans between the sites. We have encountered multiple bugs over the last two years and had to upgrade code and have rarely been clear for any period of time.
We've had an ongoing Tac case where IGMP requests are not getting across the OTV VLAN extension to the PIM forwarder on another site. You can see OTV IGMP snooping on the AED VDC is picking up the request on the local site but it does not get to the remote site that is the PIM forwarder so no multicast gets onto the VLAN. For a while we had a hack where we would get a local server to the PIM forwarder router to request the same groups and then this would somehow get across to the other site. Since clearing the overlay interfaces to try and fix the original problem the hack no longer works and I can't get multicast to the receiver at all.
Customer production environment is nexus 5000 use 1 G interface * 4 and config Port-channel ( LACP ) uplink to C3560 , The port channel link is 802.1q trunk , but Data transfer is low , the sh int display as follow :
Why transfer performance pool and how to fix
N-5548UP# sh int ethernet 1/30Ethernet1/30 is up Hardware: 1000/10000 Ethernet, address: 547f.ee14.ed25 (bia 547f.ee14.ed25) MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA Port mode is trunk full-duplex, 1000 Mb/s, media type is 10G Beacon is turned off Input flow-control is off, output flow-control is off Rate mode is dedicated Switchport monitor is off EtherType is 0x8100 Last link flapped 9week(s) 6day(s) Last clearing of "show interface" counters 20w2d 30 seconds input rate 152 bits/sec, 19 bytes/sec, 0 packets/sec 30 [Code]...
I am having some problems creating a SPAN port on my Cisco 871 (running IOS 12.4-11T). My 871 is connected to a DSL modem, and uses "IP Negotiated" to get its dynamic ip address.I want to monitor the WAN port (FastEthernet4) using SPAN, but when I type "monitor session 1 source interface FastEthernet4" into the cli, it is rejected. I can successfully use any of the other FastEthernet ports, as well as Vlan1 as a source for the SPAN session. I have tried to use Dialer0 instead of FastEthernet4, but it still doesnt work.
View 5 Replies View RelatedNormally when we do HSRP with vPC on N7K the device will be Active/Standby in control plane but it will be Active/Active in data plane. In this case any traffic reach to standby device it can forward traffic directly to uplink which is not my desire. My goal is all traffic should pass through active (control plane) device in every case unless active device totally dead. So Is it possible for Nexus 7000 to be HSRP Active/Standby in Data Plane ?
View 4 Replies View RelatedI console into switch 1 (or router, it doesn't matter) and everything is fine. From that session I SSH to switch 2 (or router). The session on the second device has a noticable delay when I type.Next I SSH to switch 1, then SSH to switch 2 from that session. Everything works fine.Finally, I console to switch 1, and telnet to switch 2. There is no delay.So it appears the delay only occurs when I open an SSH session while consoled into a device. It didn't matter what switch 1 and switch 2 were - I had 3560Gs, 4900Ms and a 3845 router. There's no special configuration on the console or vty ports - when I do a "show line console" and "show line vty 0" the output is basically the same.
View 2 Replies View RelatedI have cisco 2651. It contains two FastEthernet interfaces: Fa0/0, Fa0/1.Fa0/1 has an ip address. Fa0/0 hasn't an ip address.I need to create monitor session from source Fa0/1 to destination Fa0/0. Then i want to connect my notebook to Fa0/0 to analyze some traffic from port Fa0/1
View 2 Replies View RelatedI have configured SPAN session on 2960 switch, source port being a VLAN and destination being one of the fastethernet ports. All I see in the capture is control traffic (HSRP, RIP, Syslog, DNS..etc). However I dont see any real data traffic being captured. Below is how I have SPAN configured..
monitor session 1 source vlan <vlan_id> both
monitor session 1 destination interface fa0/42
When I read Nexus 5K install guide , I found the follow :The Cisco Nexus 5596UP switch has the following features: # •48 fixed 1- and 10-Gigabit Ethernet server connection ports on the back of the switch AND The 48 fixed ports support 8-, 4-, 2-, or 1-Gbps Fibre Channel transceivers and 1- or 10-Gigabit Ethernet transceivers. Does these is a conflict ?The 48 fixed port on this switch support only 1- and 10-Gigabit Ethernet or 8-, 4-, 2-, or 1-Gbps Fibre Channel and 1- or 10-Gigabit simultaneously ?
View 2 Replies View RelatedWe are running nexus 5018 in our DC.What is the difference betwen "channel-group 214 mode active" and " channel-group 216" Any difference?.. because i have problem with this config we are going build a server config?
We have problem with porth channel down.
5K# sh int po71
port-channel71 is down (No operational members)
vPC Status: Down, vPC number: 71 [packets forwarded via vPC peer-link]
I have one cisco Nexus 7000 with version 6.1(2).I created 3 VDC
ADMINCOREsecurity
I have configured 1 - 45 ports for Core and 46 - 48 ports for Security.Now I am not using the VDC Security and I tried to move the assigned ports 46 - 48 from Security to ADMIN.Switch accepted the command .But the ports are not visible on ADMIN VDC.Now it is not showing on Security VDC also. I need this ports in ADMIN VDC
nyone know if "vpc-orphan-port suspend" works if i put on N2k interface. not the fex link. example i have fex 101 and i put on eth 101/1/10 will it suspend the port on N2K connected to secondary N5K when peer link is down?
View 2 Replies View RelatedI am trying to create a port channel between HP servers (4 nic) and two nexus 2k. The server side its a single team with 803.2ad fault taulerence and on the nexus side it have created two port channel (port channel 1 for nexus 2k1 and port channel 2 for nexus 2k2) and made them ACTIVE (channel group mode active)
But when i add a another server on different ports and port channel them the same way as the above server on nexus 2k1 and nexus 2k2, the first server stops pinging. so i have to sht down the first port channel and reopen them - then it works, however it says NO NETWORK ACCESS on the servers (running windows 2008). the only way is to reboot the server i cant be doing this on a production network.
How to remove the config from an ethernet port on a Nexus 5548 - send it back to factory default.
View 1 Replies View Related