cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
15878
Views
0
Helpful
7
Replies
Highlighted
Beginner

Maintain VLAN Tagging through SPAN destination?

I need to have a SPAN port forward VLAN tags.  This is on a 6509 running 122-18.SXF15a.

Here's the current configuration for the port and the monitor session:

interface GigabitEthernet2/11
description Connected to Gigamon-1A port 9
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
end

monitor session 2 source vlan 54 , 260 , 801 - 805 , 900 - 936
monitor session 2 destination intrusion-detection-module 1 data-port 1
monitor session 2 destination interface Gi2/11
monitor session 2 destination interface Gi4/4 , Gi4/25 , Gi4/40

When I do a capture, I'm not seeing the tags.

What am I missing?

Thanks.

Jason

7 REPLIES 7
Highlighted
Beginner

I'm going to bump this in the hopes that someone can help.

From what I have read, in theory, all I should need to do is have the destination port trunked.  However, when I do a capture with tcpdump off of that destination port, I'm not seeing the VLAN tags.

Is there something else that I'm missing?  I've removed the destination port from the monitor session and re-added it, but it did not help.

Any thoughts?  I really need to fix this.

Thanks.

Jason

Highlighted

Hello Jason,

it should work if this is a local span session.

also the device you connect to the monitor destination port plays a role: its nic has to understand tagging.

may you post a sh module to see exactly what type of PFC is on the chassis?

Hope to help

Giuseppe

Highlighted

Hi Jason

Your span destination port needs to be a trunk port in order to preserve the 1Q tags

ie

  switchport

  switchport mode trunk

Highlighted

I have been working on this exact issue. I configured my destination port as a trunk port as shown above, but it still did not pass VLAN tags. However, once I added "switchport nonegotiation", vlan tags were captured in my monitor session.

For those playing at home, my succesful config looks like this:

interface GigabitEthernet2/2

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

switchport nonegotiate

no ip address

monitor session 2 source vlan 45 - 50 , 182 , 190 , 260 , 300 - 306

monitor session 2 destination interface Gi2/2


Highlighted
Hall of Fame Mentor

jason.williams@lowes.com

monitor session 2 source vlan 54 , 260 , 801 - 805 , 900 - 936

monitor session 2 destination intrusion-detection-module 1 data-port 1
monitor session 2 destination interface Gi2/11
monitor session 2 destination interface Gi4/4 , Gi4/25 , Gi4/40

When I do a capture, I'm not seeing the tags.

What am I missing?

Thanks.

Jason

The sources are L3 interfaces and do not contain any tag information.

If you want to capture tags, you must span a 802.1q switchport

Regards

Edison

Highlighted
Beginner

Also verify if you are using a Broadcom chip-based NIC card. They strip out (silently) the VLAN tags. You can either get yourself a cheap realtek based card (what I did) or try the following from the wireshark FAQ:

http://wiki.wireshark.org/CaptureSetup/VLAN

Highlighted
Beginner

Hi I've had the same problem with our vlan span on our 6509, and believe me it gave me a hard time before finding the solution:

 

The most easy part is that you've to add a replication of the vlan tag for it to work.  WIth this command

monitor session egress replication-mode distributed

 

Also curiously the order in which you create your monitor session is important from my experience.   Once i had the replication, i had to remove the SPAN config on the interface and then re-apply it.

 

monitor session 2 source vlan 12 - 13
monitor session 2 source vlan 2271 , 2310
monitor session 2 destination interface Gi1/1/44
monitor session egress replication-mode distributed

 

interface GigabitEthernet1/1/44
 description Span-To-Arista
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk

 

Hope this help, but i'm now having the same problem with Nexus 9000, i wish for a world where manufacturer will use the same code for every equipment...

 

Francois Gervais

 

Content for Community-Ad