I have a Cisco WS-C3750G-24PS switch running 15.0(2)SE7. I was trying to enable ingress on a SPAN destination port. But it didn't work as expected.
Here's the configuration on the switch:
monitor session 1 source vlan 102
monitor session 1 destination interface Gi1/0/11 ingress untagged vlan 100
switchport access vlan 100
switchport mode access
ip address 126.96.36.199 255.255.255.0
mac address-table static 000c.29db.e985 vlan 100 interface GigabitEthernet1/0/11
SW#sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 188.8.131.52 9 000c.296d.b386 ARPA Vlan100
Internet 184.108.40.206 0 000c.29db.e985 ARPA Vlan100
SW#sh mac addr
Mac Address Table
Vlan Mac Address Type Ports
---- ----------- -------- -----
100 000c.298e.c512 STATIC Gi1/0/11
100 000c.29db.e985 STATIC Gi1/0/11
The PC connected to port Gi1/0/11 is with IP address 220.127.116.11 and MAC address 000c.29db.e985. The PC default gateway is 18.104.22.168 (SVI on switch).
When the switch is powered up and fully loaded, I cannot ping the PC from switch. I cannot ping the switch SVI from PC.
However, if I remove the "monitor destination" command. Try the ping a couple times. The ping will work both ways. Then I re-apply the "monitor destination" command. The ping continue to work after that.
After some investigation, it looks like the "monitor destination" command somehow blocked the ARP request from the PC (to resolve the MAC address of the default gateway). If we remove the "monitor destination" command, the ARP will go through. The PC builds its ARP table and starts communicating with the default gateway. Then it continues to work even after we re-apply the "monitor destination" command.
Is this an expected behavior? Is there a better way to configure the ingress feature on a SPAN destination port?
Hello!I'm looking for a way to make my EEM script more dynamic and automated for my environment. This is what I have - basically I just capture the 4 IPSec peer IP addresses of each neighbor and insert this data into 4 different variables. ...
Hi all,I have a couple of Nexus9k switches. I need to get tcpdump from the physical interface which connected to the server. I'm looking for a specific protocol on tcpdump so that which feature should I use? I asked that because I couldn't full...
We are building out our first few AAR polices and are running into an error message.Built Global Policy with SLA class and traffic rules for voice traffic, attached to to the sites and VPN we needed, no issue. Building a second policy for management ...
Cisco Champion Radio · S7|E45 Network Insights with AI Endpoint Analytics
Identifying who and what is on the network is a challenge for many organizations. Incomplete visibility makes it difficult to implement advanced security policies and recommendatio...