SPAN entire vlan...leak from other vlans

Unanswered Question
Jul 10th, 2007

Hi all

We run a Catalist 6513 with some 30+ vlans configured and four SVIs for different vlans. Today I wanted to test SPAN with an entire vlan, without SVI, as source and a gigEther port as the destination. On the receiving end was a server running Ethereal. I've been using this setup several times to diagnose network errors but never with an entire vlan as source.

I was amazed to see traffic from other vlans, some not even remotely related, appearing in Ethereal. This monitoring session has no other source active and when I disable the source in the monitoring session Ethereal goes quiet.

I was under the impression that traffic in one vlan was isolated from the other. Or is this something that relates to SPAN configuration only?


Fredrik Hofgren

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

As I understand it you only have one 6513 so RSPAN is not being used?

The VLAN interface should only pass traffic marked for another VLAN because it should already know where the traffic on the same VLAN is destined.

So if you had vlan 2 (example) and had two hosts connected to ports on that vlan then the first packet from each host is marked on that VLAN but all other traffic would then bypass the VLAN 2 interface and communicate directly with each other.

If you had those same two hosts connecting to a host on VLAN 3 (example) then all of the traffic should pass through both VLAN 2 & VLAN 3 interfaces.

I am not an expert layer 2 guy though but this is my perception and experience with VLAN/Inter-VLAN routing.


hoffa2000 Wed, 07/11/2007 - 03:04

Correct. The issue concerns one 6513 and local SPAN only.

As I understand your example with Vlan 2 and 3 you would have to have a virtual interface on the switch for each vlan to allow routing between them, I.E. have one SVI configured for each interface and then use each SVI as default gateway for the hosts on Vlan 2 and 3.

My problem is that no SVI has been configured for the vlan I'm monitoring and it should be completely isolated from other vlans. This doesn't seems to be the case.



This Discussion