Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
835
Views
0
Helpful
2
Replies

SPAN entire vlan...leak from other vlans

hoffa2000
Level 3
Level 3

‎07-10-2007 03:38 AM - edited ‎03-05-2019 05:12 PM

Hi all

We run a Catalist 6513 with some 30+ vlans configured and four SVIs for different vlans. Today I wanted to test SPAN with an entire vlan, without SVI, as source and a gigEther port as the destination. On the receiving end was a server running Ethereal. I've been using this setup several times to diagnose network errors but never with an entire vlan as source.

I was amazed to see traffic from other vlans, some not even remotely related, appearing in Ethereal. This monitoring session has no other source active and when I disable the source in the monitoring session Ethereal goes quiet.

I was under the impression that traffic in one vlan was isolated from the other. Or is this something that relates to SPAN configuration only?

Regards

Fredrik Hofgren

Labels:
0 Helpful
2 Replies 2

bryan.lofland
Level 1
Level 1

‎07-10-2007 02:34 PM

As I understand it you only have one 6513 so RSPAN is not being used?

The VLAN interface should only pass traffic marked for another VLAN because it should already know where the traffic on the same VLAN is destined.

So if you had vlan 2 (example) and had two hosts connected to ports on that vlan then the first packet from each host is marked on that VLAN but all other traffic would then bypass the VLAN 2 interface and communicate directly with each other.

If you had those same two hosts connecting to a host on VLAN 3 (example) then all of the traffic should pass through both VLAN 2 & VLAN 3 interfaces.

I am not an expert layer 2 guy though but this is my perception and experience with VLAN/Inter-VLAN routing.

Bryan

0 Helpful

hoffa2000
Level 3
Level 3
In response to bryan.lofland

‎07-11-2007 03:04 AM

Correct. The issue concerns one 6513 and local SPAN only.

As I understand your example with Vlan 2 and 3 you would have to have a virtual interface on the switch for each vlan to allow routing between them, I.E. have one SVI configured for each interface and then use each SVI as default gateway for the hosts on Vlan 2 and 3.

My problem is that no SVI has been configured for the vlan I'm monitoring and it should be completely isolated from other vlans. This doesn't seems to be the case.

/Fredrik

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card