i would like to monitor traffic between multiple source ports to multiple destination ports on a nexus 7k. i lknow when you set up monitor session is between source and destination (laptop or traffic analyser) but is there a way i can set up between source and multiple destination ports and capture that traffic ?
View 3 RepliesWe have 2 6513 switches with SUP720/PFC3A and various POE modules and a 6748-GE-TX facing our servers. Additionally, we have a 4Gbps portchannel trunk interconnecting the switches. We have approximately 300 Nortel IP 1140e phones in use between the two switches.For the purpose of call recording, we've attempted to mirror the voice vlan using various approaches and have been met with limited success. We mirrored the VLAN using tx, rx, and both. When using both we appear to get duplicate packets at the destination interface.We seem to lose packets completely going in one direction or another for a given call. Packets are lost before they get to the destination interface?
View 2 Replies View RelatedBasically I am trying to use Wireshark to do a packet capture on a Nexus 5010. I want to do a monitor session on on the switch so I can capture from a source port to a destination port on the same switch. I can configure the source port but when I go to configure the destination port I get "ERROR: Eth102/1/4: Configuration not allowed on fex interface". I have tried to reconfigure this port as a switchport but "switchport mode access" command does not take. I don't want to make any changes to any other ports but this one.
View 1 Replies View RelatedI'm trying to get ERSPAN working with an ERSPAN source on a Nexus 5548 and the ERSPAN destination on a Catalyst 6500.
The configuration on the Nexus is as follows:
[...]
interface loopback0
ip address 192.168.2.133/32
[Code].....
If I do a netdr capture I can see ERSPAN traffic sourced from the Nexus reaching the C6500, but there doesn't appear to be anything sent out the ERSPAN destination inerface (Gi4/6) and there's nothing being received by the probe connected to that interface. I know the traffic seen with netdr is definitely the ERSPAN traffic sourced from the Nexus as I've changed the TTL and DSCP values within the monitor session on the Nexus and can see those changes reflected on the C6500 netdr capture. The attached is a screen grab of the show netdr capture started with debug netdr capture soure-ip-address 192.168.2.133.
When I look at the interface I see it shown as up/down (monitoring), but no output or counters clocking up. If I run a local SPAN session on the C6500 it works fine.
I've tried changing the destination IP address from that assigned to the C6500 Loopback interface to an IP address assigned to a physical interface, but that still doens't work.
The hardware in the C6500 is WS-SUP720-BASE Hw version 3.2 with WS-F6K-PFC3B Hw version 2.4. The IOS version is 12.2(33)SXI6.
I want to know if there is way to tag traffic with DCSP tags without having to do all the other requirments of QOS setup. All i want to do is just tag traffic at different DCSP values via source and destination IPs. We do not have a need to be priortizing traffic on out internal switches. We just want to tag the traffic so our MPLS provider can distinguish the different types of traffic.
Our environments is primarily 3750s in all offices.
At present we are having a 4900 series switch where we are running one monitor session.Additionaly we are in need of capturing VLAN traffic and set the destination to 2 * GE ports , both are in the same switch.Due to the limitation of two monitor sessions per switch , we thought of putting the destination ports as port channel but it looks like it is not supported.
View 1 Replies View RelatedDoes one can use a Vacl to monitor network traffic on a nexus 3064 much like you can on the 6500s? If so, any performance tradeoffs or caveats to be aware of ?
View 2 Replies View RelatedI have a requirement to bypass some specific traffic (with particular source to specific internet destination) in ACE 4710.
All the webtraffic (http and https) is configured to loadbalance to my proxies , i need to configure some specific traffic with source and destiantion to internet to byepass from this loadbalancing and directly got to outside interface .
Does Nexus 7K support Multiple VDCs sharing ports on a single line card. One of our cisco parnter engineers stated that cisco doenst recommend using same line card for multiple VDCs.The second VDC (Non-Default VDC) will be used four our Outside, and DMZ Segment, and to phyiscally segregate our Firewall from our Internal/Inside Core Switch without using a physical DMZ Switch.I know Cisco used the Nexus in this way in their PCI DSS 2.0 Compliance Document. Module is N7K-M148GT-11L
Mod Ports Module-Type Model Status
--- ----- -------------------------------- ------------------ ------------
1 48 10/100/1000 Mbps Ethernet XL Mod N7K-M148GT-11L
Mod Ports Module-Type Model Status
--- ----- -------------------------------- ------------------ ------------
1 48 10/100/1000 Mbps Ethernet XL Mod N7K-M148GT-11L
I have cisco 2651. It contains two FastEthernet interfaces: Fa0/0, Fa0/1.Fa0/1 has an ip address. Fa0/0 hasn't an ip address.I need to create monitor session from source Fa0/1 to destination Fa0/0. Then i want to connect my notebook to Fa0/0 to analyze some traffic from port Fa0/1
View 2 Replies View RelatedDoes the ESW 520 24P Support Mirroring 20 Ports Traffic to 1 Destination Port?
View 3 Replies View RelatedIs there any way to have my Cisco 877W Router alter from using one static route to another static route when another router on the network is reporting destination host unreachable?
Router 1 (192.168.2.253)
Dialer0 -> ppoe to internet
Vlan1 -> local 192.168.2.0/24
Router 2 (192.168.2.254)
Dialer0 -> ppoe to managed VPN (172.16.28.1)
Vlan1 -> local 192.168.2.0/24
Router 2 is connected to another network through a managed VPN and that network also has internet access. I want to be able to have two routes to the internet on Router 2. And when Router 1 internet goes down packets get routed through the VPN instead.
I currently have on Router 2
ip route 0.0.0.0 0.0.0.0 192.168.2.253
ip route 10.0.0.0 255.255.255.0 Dialer0
ip route 0.0.0.0 0.0.0.0 172.16.28.5 250
Which does nothing when Router 1 has its Dialer0 interface shutdown, or goes offline completely.I suspect I could reverse the setup and have everything routed through the VPN by default and then if / when Dialer0 interface goes down it would switch to using Router 2, but if the problem is in the remote network and interface Dialer0 stays up, it would probably do the same thing... nothing.All devices mentioned are Cisco 877W routers with ADSL and a bunch of fast ethernet interfaces.
I have configured the ip telnet source-interface Loopback 0 command on a Nexus7010, but when I telnet to another device and do a show users, the ip address is of the closest interface to the device I telnet to, not the ip address of the Loopback. All interfaces are in vrf default. I am running 5.1(6) NXOS.
View 6 Replies View RelatedWe have 2 switches split across 2 datacentres connected via an interconnect. Over the past couple of days the interconnect provider's Cisco kit has shut down our port (err-disabled) due to a broadcast storm. They had the level set at 1 which I thought was a bit low. They say they tried to set to 2, then 5 but still kept tripping the storm-control feature so they set at 10. They say they've always had it set at 1% (on a 100Mb switch) and so we must be generating more broadcast traffic.
I'm trying to identify where the broadcast traffic is coming from. On our Cisco 3750 I've clear interface counters and when I do a sh run | i broadcasts there are a few ports which have what seems like a high broadcast count. The one port that is especially high and the only one tripping the storm-control feature (I've enabled on all our ports to try to identify where the traffic is coming from) is the port connected to the 100Mb interconnect. I've mirrored that port to another port and connected a server with wireshark so I can capture all the traffic across that port.
What I'm struggling to find is the source of the broadcast traffic.I have a few questions are these broadcasts layer 3 or layer 2 broadcasts. Also in the output below when it says broadcasts received is this inbound to the port i.e. from the connected device or is this a total of inbound and outbound broadcasts.
When I use wireshark and filter the capture on broadcasts (ff:ff:ff:ff:ff:ff) I see only 200-300 compared to the thousands the switch is reporting.If I filter on the broadcast IP address I also don't see the numbers corresponding to what I see in the show interface output.
GigabitEthernet1/0/1 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 0014.a93f.7401 (bia 0014.a93f.7401)
Description: Interconnect
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 4/255, rxload 44/255
Encapsulation ARPA, loopback not set
[code].....
also I'm currently doing : monitor session 1 source int g1/0/1 both, and also tried just rx incase I just need to be looking at receive traffic but still nothing is standing out.
rsbd7k01-p-vdca(config)# monitor session 2
rsbd7k01-p-vdca(config-monitor)# source vlan ?
<1-3967>
rsbd7k01-p-vdca(config-monitor)# source vlan 1 - 3967
ERROR: vlan 33-3967: Number of source vlans exceeds maximum
rsbd7k01-p-vdca(config-monitor)#
Both regular IP traffic and ICMP traffic are passing through the source port. C6509 provides the option of filtering vlan traffic during monitoring. But I don't have vlan traffic.
qa-c6509-c(config)#monitor session 1 filter ? vlan SPAN filter VLAN
So I applied an access-list which only allows icmp traffic to be sent out of the monitoring port. But it does not work.
I was previously using SDM for our Cisco 2811, and this past week installed CISCO Configuration Professional so I could have access to a bandwidth/traffic monitor.
I have successfully started the monitoring service and monitored traffic from within CCP, but it appears that if I turn off the computer I am using to monitor the traffic, it stops collecting data until I start CCP and the monitor up again.
Is there a way (maybe with IOS console commands) that I can have the monitor always running, so I can pull up, say, a week's worth of info at any time? Leaving the computer on all the time is not an option, and currently I have only a few days of data, then a big empty chunk, and then what I have collected since I started it back up today.
I have a switch 4948, with version 12.2.31.sga4 ( I dont found bug about monitor session) and we try to made port mirroring with a monitor session from a VLAN and port belong at this VLAN have traffic input and output, but in the destination port, I always see it output traffic..
Global command
Red-127#sh run | in moni
monitor session 1 source vlan 1127
[Code].....
I''ve trying to bring up ports on a N7K-M108X2-12L card using X2-10GB-SR modules.
All ports are in a VDC and configured to accept the M1 card:
vdc_id vdc_name state mac type lc
------ -------- ----- ---------- --------- ------
2 cam-cor-csw-sfy-01 active 64:a0:e7:43:f0:c2 Ethernet m1 f1 m1xl
[Code]....
I have a situation which requires some non best practice stuff to be done. There is a box behind an ASA that has a lot of code that references public DNS names and therefore needs access to itself and a number of other boxes on the same subnet via the public DNS names (that obviously resolve to public IPs). This traffic is dropped on some pretty fundamental ASA characteristics.I know this isn't really ideal, and it should be handled by DNS nstead, but I'm in somewhat of a bind and need to know if the ASA can allow this traffic.I figure I could match the traffic and exempt it from state-checking and that would probably work, but it's not a very graceful solution.
View 2 Replies View RelatedWhy the nexus 2k has 8 uplink ports ?
the nexus 7k or 5k can be devided into 4 virtual devices ( using vdc)and making 8 uplink ports in the 2k will allow us to use the extender for all the 4 vdc's with 2 uplinks ( for redundancy ) from each vdc
I have 2 nexus 5000 switches configured with a trunk linking the two how can i do the follwoing
BOX 2
vrf context management
ip route 0.0.0.0/0 192.162.88.9
BOX 2
vrf context management
ip route 0.0.0.0/0 192.168.88.10
1. ping between the two boxes, i set up static route's but when i ping i get the error "NO ROUTE TO DESTINATION"
2. routing between the two
Any opinion on what could cause loops on nexus 5000 ports that are connected to esx hosts ?
View 3 Replies View Relatedwe have two nexus 7k connected via vPC peer. We have edge switch connected to the core using HSRP via vPC.Now we have 1 orphan port connected to each Nexus (WLC).The problem is i cant seem to connect / ping the WLC (only 1 of them) that is connected to the orphan port and i think it is probably due to the packet arriving at the secondary HSRP and traversing through peer-link and dropping the packet.
HSRP address on Core: 10.10.10.1
vlan 10 - N7k1 - 10.10.10.2
Vlan 10 - N7k2 - 10.10.10.3
Edge Sw - 10.10.10.10 - Vlan 10
[code].....
Now what is the best practise for HSRP with vPC for orphan ports ? The problem is i can only ping 1 wlc from a machine. on doing a traceroute i find that the packets seems reach N7k1 and reach wlc that is connected to its own port but not to the WLC that is connected to N7k2 due to the packet travesing through peer-link and dropping at the peer-link.Now what is the best practise to sort this out and reach both WLC at the same time ? Do i move the WLC 2 to N7k1 ?
I have a internal subnet 192.168.3.0/24 sitting behind an ASA firewal 8.2 and would behind accessing to web server 192.168.11.54 which sits behind the outside interface of the ASA firewall.The access would be like this:
1) 192.168.3.0/24 will be accesing to the web server http://192.168.11.54
2) We would like to translate the source 192.168.3.0/24 to the firewall outside IP address
3) We would like to translate the destination web server 192.168.11.54 to 202.90.197.146 as well
How to perform this simultaneous source and destnation address translation in ASA firewall 8.2? Could this be done in ASA firewall 8.2?
Anyone got a single VSM (albiet in HA) managing two vDS split over two ESX clusters connected to a single instance of vCenter?
View 0 Replies View Relatedwe have several uplink ports on a verity of cisco switches connecting to the nexus 7000, recording CRC errors.most are trunked ports with the following configuration. [code]
View 2 Replies View RelatedI have two 5548s as core. 8 FEXs are multihomed (advanced vPC topology?) to both the cores.Suppose, I have to configure a bunch of ports on the FEXs, say Eth101/1/10 - 20. I would login to the first core and apply the configs.
My question is - do I have to do the same on the second core also? Or would the first core replicate the stuff to the second core? I know about port-profiles/CFS and such. But, without that would it automatically sync to second core?
For testing purpose, I went to Core 1 Eth101/1/10 and put a description "TEST". Wrote the config. After 5 minutes logged into second core and did show run Eth101/1/10. But, the description "TEST" didn't show up there.
Also, doing sh run on any FEX port is faster on one of the cores and very slow on second core... all the FEXs have 20 GB uplink to core 1 & 2 (so total 40GB in vPC, max pinning 1)
The Cisco ASDM or the event manager show wrong source/destination for teardown tcp messages:In this example the communication is an ssh session;from 1.1.1.1 -> 2.2.2.2 ssh and the connection is reseted by 2.2.2.2
The message build outbound is correct, i.e. source is 1.1.1.1 (message id is 302013)
But the teardown is incorrect, i.e. source for the connection is 2.2.2.2 which is definitely not true (message id is 302014)
Also there seems to be a documentation bug in syslog messages for ASA 8.4 since the message for the teardown 302014 is gone!
I have a customer with three rooms where teh access layer aggregation switches are run back to.
Access Switch Stack A -> room 1 + room 2
Access Switch Stack B -> room 2 + room 3
Is it possible to have three Nexus 7000s ie one in each room (1,2 and 3) and have them setup like this:
Nexus 7000#1 vPC domain 1
Nexus 7000#2 vPC domain 1 + vPC domain 2
Nexus 7000#3 vPC domain 2
Thus gving all access switch stacks redundant links to the core withouit spanning tree.
I know its not ideal but its a campus site and thats how the existing fibre runs go.
I have a single Nexus 7K (6.x) with only F2 modules and I would like to SPAN the same source interfaces and vlans to mulitple destination servers (interfaces). When configuring SPAN to a single destination traffic gets replicated successfully but when I add an additional destination to the same SPAN session then none of the destination interfaces receive any traffic. As soon as modify the SPAN to include only a single destination interface it works again. I'm guess this is a limitation of the Nexus 7K 6.x code or the F2 modules.
View 4 Replies View RelatedI have a senario where i'm going to have 2 Nexus 7010 connected as a core, and i'm going to have 4 5510's connected in a star formation. Each nexus 5510 will connect to the nexus core Via two 10Gb links. Each nexus 5510 will have 2 links attached to The core switches in vPc's.
Nexus 7010-1 = Core 1
Nexus 7010-2 = Core 2
Nexus 5510-1 = vPC = 100 2 Ports in vPc 100 -- > 7010-1, 7010-2
Nexus 5510-2 = vPC = 200 2 Ports in vPC 200 -- > 7010-1, 7010-2
Nexus 5510-3 = vPC = 100 2 Ports in vPc 300 -- > 7010-1, 7010-2
Nexus 5510-4 = vPC = 200 2 Ports in vPC 400 -- > 7010-1, 7010-2
The way I intend to configure the vPC's is this the best way. If i get a vPC dual active scenario what would happen. All ports will be forwarding all VLAN traffic this is how I intend to have it work.
Is it possible to NAT source & destination addresses (twice nat) on an ASA5520 running 7.2(5)?
View 4 Replies View Related