 
					
				
		
06-20-2017 08:38 PM - edited 03-08-2019 11:02 AM
hii all
i just want to ask , if i have switch with vlan allowed in trunk 
(1-4196) when i do monitoring in access port (vlan 88) ,
i. can all the traffic from same vlan(vlan88) that the access port (vlan88) using can be monitored ?i mean all traffic include the individual ip (like 10.24.0.x (vlan 100) to 10.49.196.x(vlan 88) ) can be monitored ?even if the destination and source are different switch from the switch i monitor?
ii.this is not broadcast traffic .
please advise.
06-21-2017 07:02 AM
Hi
You can monitor the local vlan 88 and 100 and send the information to other interface destination located on a different switch but using RSPAN (Remote SPAN)
I recommend this link:
https://supportforums.cisco.com/document/139236/understanding-spanrspanand-erspan
Hope it is useful
:-)
06-21-2017 08:03 AM
Thanks for the response, but my concern are not about rspan or span.
It about the traffic flow inside the switchport ,traffic should be send to other switchport. I see alot non broadcast traffic that not belong to the swithport i span. Is it normal because i enable all vlan in my trunk ?
06-21-2017 09:00 AM
I am not sure if I understand your question correctly. So, I will answer based on span configuration examples:
monitor session 1 source vlan 88 (rx or tx or both)
- With this SPAN configuration switch will duplicate all frames that belong to vlan 88
Monitor session 1 source interface f0/1 (rx or tx or both)
- With this SPAN configuration switch will only duplicate frames that are received and transmitted on interface f0/1
I hope this answers your question
06-21-2017 04:08 PM
Tq , i dont span the vlan88, i span switchport which in vlan 88.
Here is my config for span
Monitor session 1 source int fa0/6
Monitor session 1 destination int fa0/7
I saw traffic from vlan 88 & 100 from this monitoring . Which is not broadcast traffic.
And the destination of the ip address and mac at other switch.
I check my routing and spanning tree all ok.
What could be lead to this problem ?
06-21-2017 04:21 PM
Why do you think that's a problem? If there is communication between the host you are monitoring which is in vlan 88 to another host that's in vlan 100 that's perfectly fine.
Unless you are seeing traffic that's not sourced by the host you are monitoring or you are receiving traffic on that port when monitored end host is not the destination.
06-21-2017 04:35 PM
Unless you are seeing traffic that's not sourced by the host you are monitoring or you are receiving traffic on that port when monitored end host is not the destination.
I saw this .
06-21-2017 04:53 PM
Any problem may result to this problem ?
06-21-2017 05:23 PM
Can you share captured traffic that's not supposed to be received on this interface?
i wonder what will cause that situation unless there is some misconfiguaration. However, packets sent to the host when its layer 2 and 3 address is not listed in the destination address will be discarded by the host. It could be an issue if host is receiving a high amount of such traffic because it would still need to process it first before it drops it.
06-21-2017 06:08 PM
06-21-2017 06:38 PM
Destination and Souce address doesn't belong to the host you are monitoring ?
also can you also send complete configuration of monitoring ?
Also did you trace source and destination MAC address/ IP address in the screen you sent, if so do they exist on the switch you have span configured on ?
06-21-2017 07:55 PM
Ya correct it not belong to switchport i spanning.
It not belong to my switch that i span. It in other switch.
06-22-2017 03:48 AM
Please run this command on the switch you have SPAN configured on and provide the output.
show monitor session all
06-21-2017 09:03 AM
Well, the switchport could be communicating with other networks, but if you are monitoring a trunk you could filter the vlans to be monitored.
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide