12-08-2010 12:10 PM - edited 03-06-2019 02:25 PM
I am testing a record software for Cisco IP Phones. This software must receive voice traffic from mirrorred ports on a 3560 switch. I´ve configured the span ports in this switch, but the only traffic I can see is broadcast and multicast. I didn´t see neither the audio streamming nor the call signaling (I can´t see any unicast traffic). Below is part of the configuration of the 3560 switch.
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree uplinkfast
spanning-tree backbonefast
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
switchport access vlan 23
switchport mode access
switchport voice vlan 51
spanning-tree portfast
!
interface FastEthernet0/2
switchport access vlan 23
switchport mode access
switchport voice vlan 51
spanning-tree portfast
!
interface FastEthernet0/3
switchport access vlan 23
switchport mode access
switchport voice vlan 51
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 23
switchport mode access
switchport voice vlan 51
spanning-tree portfast
!
interface FastEthernet0/5
switchport access vlan 23
switchport mode access
switchport voice vlan 51
spanning-tree portfast
!
interface FastEthernet0/6
switchport access vlan 23
switchport mode access
switchport voice vlan 51
spanning-tree portfast
!
interface FastEthernet0/14
switchport access vlan 23
switchport mode access
switchport voice vlan 51
spanning-tree portfast
!
interface FastEthernet0/48
speed 100
duplex full
spanning-tree portfast
!
monitor session 1 source interface Fa0/1 - 6 , Fa0/14
monitor session 1 filter vlan 51
monitor session 1 destination interface Fa0/48
The ports with IP Phones are 1 to 6 and 14. The port that will receive the VoIP traffic is 48.
The switch is loaded with C3560 Software (C3560-IPBASE-M), Version 12.2(50)SE1.
Have anyone had this problem before?
Best Regards.
Fujimura.
12-08-2010 12:13 PM
Have you tried removing the filter and see if you get any data?
12-08-2010 12:23 PM
I´ve tried already without the filter. The difference is that, without the filter, I see the broadcast and multicast from vlan 23 (vlan 23 is the pc vlan; the PCs are connect to the IP Phones; vlan 51 is the voice vlan). I´ve tried too the source as vlan 51 instead of the range of ports. But the result is the same with and without the filter.
Best Regards.
Fujimura.
12-08-2010 12:30 PM
It seems your configuration is not actually being applied. Try removing the session configuration and use a different session number of 2 or some other integer. If it still doesn't work you could be running into a software or hardware problem.
Another idea, just try a one to one session and see if you get data that way. Perhaps your control plane cannot process the number of source ports you are configuring.
12-08-2010 01:10 PM
I´ve tried another session (session id 2) with 1 to 1 port, but it didn´t work. I still is receiving only broadcast and multicast traffic.
Best Regards.
Fujimura.
12-08-2010 12:42 PM
I'm pretty sure that "monitor session 1 filter vlan 51" will only work if your source ports are trunk ports. In your case they are all access ports.
As for the problem, is your sniffer and/or tool in promiscuous mode?
12-08-2010 01:14 PM
The sniffer is working in promiscuous mode. The source of the traffic is only one port now. But I still receive broadcast and multicast traffic only.
Best Regards.
Fujimura.
12-08-2010 01:30 PM
I'm pretty sure that "monitor session 1 filter vlan 51" will only work if your source ports are trunk ports.
It is also working for voice ports
12-08-2010 01:37 PM
Hmmm...
Can you default interface f0/48 and re-configure it as a switchport? I'm tending to agree that the config didn't take. And did you try a different monitor session?
(Thanks for the clarification cadetalain!)
12-08-2010 01:44 PM
What does show monitor session says?
12-08-2010 06:38 PM
Below is the output for the sh monitor session command.
IDF-46# sh monitor session 2 detail
Session 2
---------
Type : Local Session
Description : -
Source Ports :
RX Only : None
TX Only : None
Both : Fa0/14
Source VLANs :
RX Only : None
TX Only : None
Both : None
Source RSPAN VLAN : None
Destination Ports : Fa0/48
Encapsulation : Native
Ingress : Disabled
Filter VLANs : None
Dest RSPAN VLAN : None
Best Regards.
Fujimura.
12-08-2010 06:51 PM
I took off the spanning tree portfast from the destination port (port 48). In this port, there are only settings for speed (100Mbps) and duplex (full) that match the server´s interface configuration (100 Mbps, full duplex ). I changed already monitor session id to number 2. But the problem still happens.
The output for the sh runn (only show the FastEthernet0/48 setting) and sh interfaces fastEthernet 0/48 are shown below.
!
interface FastEthernet0/48
speed 100
duplex full
IDF-46#sh interfaces fastEthernet 0/48
FastEthernet0/48 is up, line protocol is down (monitoring)
Hardware is Fast Ethernet, address is 0024.f7e6.0a34 (bia 0024.f7e6.0a34)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 06:02:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 87142
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 1000 bits/sec, 1 packets/sec
2893 packets input, 301216 bytes, 0 no buffer
Received 1774 broadcasts (838 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 838 multicast, 0 pause input
0 input packets with dribble condition detected
12422832 packets output, 4710427378 bytes, 0 underruns
0 output errors, 10 collisions, 5 interface resets
0 babbles, 16 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
Best Regards.
Fujimura.
12-11-2010 11:05 PM
Hi Fujimura,
You would need to put the span destination port i.e fa0/48 in vlan 51 (switchport access vlan 51).
Please check if you receive the unicast traffic once this has been configured.
-Reghu.
12-12-2010 07:25 PM
Hi, Reghunath.
I´ve tried vlan 51 at mirrorred port (port 48), but it didn´t work. I still am receiving only broadcast and multicast traffic.
Best Regards.
Fujimura.
12-13-2010 11:30 AM
Hi,
Can you please try to modify your destination command as follows:
"monitor session 1 dest int fa0/48 enc replicate"
and see if there is any progress.
Best regards,
Antonin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide