Solved: Re: Span blade server on Cisco 3020?

Josh Morris · ‎06-04-2013

I have an HP blade center with a Cisco 3020. From what I know, the baldes use a connection on the backplane for network connectivity. So my question is, can you setup a monitoring session to capture traffic from one individual blade server? I would normally span source interface destination interface. But how do I specify the blade server's interface when it's not on the switch itself? Thanks.

Steve Fuller · ‎06-06-2013

Hi Josh,

I'm not sure I really follow you here. The backplane of the blade server chassis is simply used as a communications channel between the blade server NICs and the server facing interfaces of the switch i.e., Gi0/1-16 and has no real bearing on how SPAN would work.

SPAN in the Catalyst 3020 switch works in exactly the same way as other Catalyst switches, with you specifying the source and destination interfaces etc., as you normally would. So assuming you have a server connected to Gi0/1 that you wanted to capture traffic to/from then you would configure something along the lines of monitor session 1 source interface gi0/1.

The tricky part can be the SPAN session destination and you have a number of options.

Use a server within the same chassis as the capture device.

If you have a server in the same chassis that has packet capture capability then you simply specify its NIC interface as the SPAN destination e.g., monitor session 1 destination interface gi0/2. The problem here is that when the destination interface goes into the monitoring state you'll lose in-band connectivity to the server so you would need to use the console to access the server.

Attach an external capture device to one of the switches external interfaces

The Catalyst 3020 has eight external facing interfaces i.e., Gi0/17-24 which are typically used for upstream network connectivity. If not all of these are in use then attach your capture device to one of those interfaces and configure the SPAN destination appropriately e.g., monitor session 1 destination interface Gi0/24.

Attach your capture device to an upstream switch and, on the Catalyst 3020, use an RSPAN VLAN as the destination to carry the traffic

This requires you define an RSPAN VLAN on the Catalyst 3020 and configure this as the SPAN destination. This VLAN is then configured on the external interfaces between your Catalyst 3020 and the upstream switch, where you would connect your capture device. In this case the upstream switch obviously requires a SPAN session to be configured as well.

There's discussion on the use of SPAN and RSPAN in the Integrating the Cisco Catalyst Blade Switch 3020 for the HP c-Class BladeSystem into the Cisco Data Center Network Architecture design guide that would go into more detail and has examples configurations.

Regards

View solution in original post

Steve Fuller · ‎06-06-2013

Hi Josh,

I'm not sure I really follow you here. The backplane of the blade server chassis is simply used as a communications channel between the blade server NICs and the server facing interfaces of the switch i.e., Gi0/1-16 and has no real bearing on how SPAN would work.

SPAN in the Catalyst 3020 switch works in exactly the same way as other Catalyst switches, with you specifying the source and destination interfaces etc., as you normally would. So assuming you have a server connected to Gi0/1 that you wanted to capture traffic to/from then you would configure something along the lines of monitor session 1 source interface gi0/1.

The tricky part can be the SPAN session destination and you have a number of options.

Use a server within the same chassis as the capture device.

If you have a server in the same chassis that has packet capture capability then you simply specify its NIC interface as the SPAN destination e.g., monitor session 1 destination interface gi0/2. The problem here is that when the destination interface goes into the monitoring state you'll lose in-band connectivity to the server so you would need to use the console to access the server.

Attach an external capture device to one of the switches external interfaces

The Catalyst 3020 has eight external facing interfaces i.e., Gi0/17-24 which are typically used for upstream network connectivity. If not all of these are in use then attach your capture device to one of those interfaces and configure the SPAN destination appropriately e.g., monitor session 1 destination interface Gi0/24.

Attach your capture device to an upstream switch and, on the Catalyst 3020, use an RSPAN VLAN as the destination to carry the traffic

This requires you define an RSPAN VLAN on the Catalyst 3020 and configure this as the SPAN destination. This VLAN is then configured on the external interfaces between your Catalyst 3020 and the upstream switch, where you would connect your capture device. In this case the upstream switch obviously requires a SPAN session to be configured as well.

There's discussion on the use of SPAN and RSPAN in the Integrating the Cisco Catalyst Blade Switch 3020 for the HP c-Class BladeSystem into the Cisco Data Center Network Architecture design guide that would go into more detail and has examples configurations.

Regards

Josh Morris · ‎06-06-2013

Thanks Steve,

I got it up and working. I was missing one crucial piece of logic...The first 16 ports on the switch are in the backplace. For some reason that was slipping my mind and I thought you couldn't easily source a host because of that. But I just found out which bay the server was in, sourced that port, and connected my sniffer. I was over-complicating this. Thanks!

Steve Fuller · ‎06-06-2013

No problem. Thanks for the rating and marking the question as answered.

Regards