I have a question regarding access ports, monitor ports, switchport trunk allowed vlan on a C6500 with VSS 12.2(33)SXI3. In this catalyst we have generated unidirectional traffic by accident. This traffic was in one VLAN (i.e. 123). The monitor destination port was assigned to a different VLAN (321) and the initial mode in the config was "switchport mode access". When sending the monitor traffic to the interface we always saw the double rate of the input interface on the output counter of the monitor destination.
Now we entered "switchport trunk allowed vlan remove 123" and the rate went down to the same value as on the input side. Unortunately we did not look at any other interfaces (we will redo the test), so we are not sure, if this was a known behaviour of monitor interfaces or if we have some weird behavior of the C6500 in terms of flooding out of access ports.
If anyone has some idea how this is supposed to work, please let me know. Any input is greatly appreciated.
thanks for you reply, it answers a lot of functionality of the SPAN feature. But my observation is that the egress interface is copying the traffic from the source interface twice: once as untagged frames and once with tags. And that's what I find strange. And that's what I'm trying to find out why it happens.
Really starnge but for your query we can test by monitoring the trunk port as well then check what exactly is the behaivor, anyway when you monitor a trunk port as a source port, all VLANs active on the trunk are monitored by default. You can use VLAN filtering in order to limit SPAN traffic monitoring on trunk source ports to specific VLANs.
Hope this can give some light on your query !!
If helpful do rate