Strange Wireshark Capture XR Span

Unanswered Question
Oct 24th, 2014
User Badges:

Good afternoon. I am working on Inter-op with a brocade CER and an ASR 9001 and I am running into an issue getting ISIS adjacency up. I was able to solve this on our other systems by paying close attention to wireshark captures of the authentication of Hello and LSP adjacency.

However, when mirroring on the XR, I am getting some strange output. Here is my config:

monitor-session BROCADE ethernet
 destination interface GigabitEthernet0/0/0/2

interface GigabitEthernet0/0/0/10
 description UPLINK TO BOTTOM BROCADE ETHERNET 2
 ipv4 address 10.9.0.94 255.255.255.252
 monitor-session BROCADE ethernet
 !
 negotiation auto

Here is a screenshot of the packet capture:

http://goo.gl/7xDLxw

 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Ruben C Sun, 10/26/2014 - 11:33
User Badges:
  • Bronze, 100 points or more
  • Community Spotlight Award,

    Portuguese Best Publication, April 2017

hi,

Can you share the config from both sides? if you disable the IS-IS authentication on this interface the adjacency comes up?

Evan Roggenkamp Wed, 10/29/2014 - 11:32
User Badges:

Here is the brocade side:

router isis
 net 49.0002.0100.0900.0200.00
 auth-mode cleartext level-2
 auth-key "********" level-2
 bfd all-interfaces
 log adjacency
 log invalid-lsp-packets                                          
 set-overload-bit on-startup 30
 address-family ipv4 unicast
  default-metric 200
  metric-style wide
 exit-address-family
 
 address-family ipv6 unicast
 exit-address-family

 

interface ethernet 1/2
 port-name P2P to West 9001
 enable
 route-only
 ip router isis
 ip address 10.9.0.93/30
 isis auth-mode cleartext
 isis auth-key "********"
 isis circuit-type level-2
 isis ipv6 metric 200
 isis metric 200
 isis point-to-point

Here is the Cisco side:

router isis lab
 set-overload-bit on-startup 30
 net 49.0002.0100.0900.0197.00
 nsf ietf
 lsp-gen-interval maximum-wait 30000 initial-wait 30000 secondary-wait 30000
 lsp-password text encrypted 130232020F3901130F1D0C356205373D11362B425A level 2
 address-family ipv4 unicast
  metric-style wide
  metric 16000000
  ispf
  default-information originate
 !
 address-family ipv6 unicast
  metric-style wide
  metric 16000000
 !
 interface Loopback0
  passive
  circuit-type level-2-only
  address-family ipv4 unicast
   metric 200
  !
 !
!
 !
 interface GigabitEthernet0/0/0/10
  circuit-type level-2-only
  point-to-point
  hello-password text encrypted 121E2007163E093D0E12002E641206290023291555
  address-family ipv4 unicast
   metric 200

I have not disabled ISIS authentication because although it is a lab others are working in it and would interrupt some of what they are doing.

So far in the wireshark it looks like I can see hellos from the Cisco, but not from the brocade. Perhaps I am on the wrong support forums? :)

xthuijs Wed, 10/29/2014 - 11:57
User Badges:
  • Cisco Employee,

hey evan,

yeah I dont like the answer of contact someone different, but in this case it might seem like the best thing to do :).

Having said that, if you can pull an ISIS/CLNS debug from the 9k side maybe then potentially we can say something more.

But if there is nothing on the wire from the B side, yeah...

Also if they are not seen with the isis/clns debug on the a9k, then lets check the np counters of the a9k to see if they are dropped in the hardware just to make sure this side is "clean".

cheers!

xander

xthuijs Mon, 10/27/2014 - 05:35
User Badges:
  • Cisco Employee,

note that span messes with the L2 header if the desintation interface is not an l2transport.

make sure that that is set correctly also.

xander

Actions

This Discussion