Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
928
Views
0
Helpful
3
Replies

VACL on 6500

gs
Level 1
Level 1

‎11-10-2005 03:55 AM - edited ‎03-03-2019 12:45 AM

I have setup a basic VACL applied on a SPAN interface. The problem is that I am beginning to see duplicate packets at the destination port. This was not so a few months back. So what change? Some VLANS are now managed by the FWSM whereas it was before part of the RSM or inside if you may.

Extract from show ver

Cisco Internetwork Operating System Software

IOS (tm) s72033_rp Software (s72033_rp-PSV-M), Version 12.2(17d)SXB2, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2004 by cisco Systems, Inc.

Compiled Tue 20-Jul-04 09:44 by hqluong

Image text-base: 0x40020FBC, data-base: 0x41CC0000

ROM: System Bootstrap, Version 12.2(14r)S1, RELEASE SOFTWARE (fc1)

BOOTLDR: s72033_rp Software (s72033_rp-PSV-M), Version 12.2(17d)SXB2, RELEASE SOFTWARE (fc1

++++++++++++++++++++++++

VACL config

vlan access-map Capture 10

match ip address 180

action forward capture

!

vlan filter Capture vlan-list 101-107,304

vlan internal allocation policy ascending

vlan access-log maxflow 1024

vlan access-log ratelimit 2400

vlan access-log threshold 10240000

interface FastEthernet1/44

switchport

switchport capture

switchport capture allowed vlan 101,103,105,304

!

access-list 180 permit udp any range 16384 32767 10.0.105.0 0.0.0.255

access-list 180 permit ip 10.0.105.0 0.0.0.255 host x.x.x.x

access-list 180 permit ip 10.0.105.0 0.0.0.255 host x.x.x.y

access-list 180 permit ip 10.0.105.0 0.0.0.255 host x.x.x.z

access-list 180 permit ip host x.x.x.x 10.0.105.0 0.0.0.255

access-list 180 permit ip host x.x.x.y 10.0.105.0 0.0.0.255

access-list 180 permit ip host x.x.x.z 10.0.105.0 0.0.0.255

++++++++++++++++++++++++++

See debug info:

HXCS1A# sh vlan access-log config

VACL Logging Configuration:

max log table size :1024

log threshold :10240000

rate limiter :2400

HXCS1A# sh vlan access-log stat

VACL Logging Statistics:

total packets :0

logged :0

dropped :0

buffered :0

Dropped Packets Statistics:

unsupported protocol :0

no packet buffer :0

hash queue full :0

flow table full :0

Misc Information:

VACL Logging LTL Index :0x7E05

free packet buffers :8192

log messages sent :0

flow table size :0

Labels:
0 Helpful
3 Replies 3

mchin345
Level 6
Level 6

‎11-16-2005 07:26 AM

For VSPAN (VSPAN), if both ingress and egress span are configured, in certain scenarios, it is

possible to see duplicate copies of a packet at the destination port. here is the link in the

configuration guide that talks about it:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_7_6/confg_gd/span.htm#83331

it says

"For VSPAN sessions with both ingress and egress SPAN configured, the system operates as follows

based upon the type of supervisor engine you have:

WS-X6K-SUP1A-PFC, WS-X6K-SUP1A-MSFC, WS-X6K-SUP1A-MSFC2, WS-X6K-SUP2-PFC2, WS-X6K-SUP2-MSFC2?Two

packets are forwarded by the SPAN destination port if the packets get switched on the same VLAN.

WS-X6K-SUP1-2GE, WS-X6K-SUP1A-2GE?Only one packet is forwarded by the SPAN destination port.

''

so what you saw could be normal.

It applies to all kinds of ethernet ports. if u want to see both tx/rx pkts of a port and also the mcast/broadcast pkts then u will see duplicates of these mcast/brcast pkts...otherwise, u can turn off mcast pkts option in span configuration

0 Helpful

gs
Level 1
Level 1
In response to mchin345

‎11-21-2005 03:47 AM

You right, duplicate packets are as expected it's the nature of the beast - Pardon the expression. However, is there anyway of fixing this problem by using some other technique/s?

George.

0 Helpful

gs
Level 1
Level 1
In response to gs

‎11-23-2005 06:27 AM

The issue with duplicate packets was due to command

"monitor session servicemodule" enabled on the router.

Reason. With switchport capture the port membership of the vlan act as the source ports for the capture.

RTR (Customer) --Port1/6 (Vlan 105)-- 6513 --Virtual Port Outside5 (Vlan 105)-- FWSM ---- PSTN gateway

The packet duplicate was observed as one way from our environment to the customers. As per the explanation above the same packet from interface outside5 FWSM and F 1/6 were copied to the destination for call recording which caused problems.

By removing the monitor session servicemodule command, outside5 interface was then removed from the source ports of the span.Thus avoiding packet duplications.

Cheers - George.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card