We run a Catalist 6513 with some 30+ vlans configured and four SVIs for different vlans. Today I wanted to test SPAN with an entire vlan, without SVI, as source and a gigEther port as the destination. On the receiving end was a server running Ethereal. I've been using this setup several times to diagnose network errors but never with an entire vlan as source.
I was amazed to see traffic from other vlans, some not even remotely related, appearing in Ethereal. This monitoring session has no other source active and when I disable the source in the monitoring session Ethereal goes quiet.
I was under the impression that traffic in one vlan was isolated from the other. Or is this something that relates to SPAN configuration only?
As I understand it you only have one 6513 so RSPAN is not being used?
The VLAN interface should only pass traffic marked for another VLAN because it should already know where the traffic on the same VLAN is destined.
So if you had vlan 2 (example) and had two hosts connected to ports on that vlan then the first packet from each host is marked on that VLAN but all other traffic would then bypass the VLAN 2 interface and communicate directly with each other.
If you had those same two hosts connecting to a host on VLAN 3 (example) then all of the traffic should pass through both VLAN 2 & VLAN 3 interfaces.
I am not an expert layer 2 guy though but this is my perception and experience with VLAN/Inter-VLAN routing.
Correct. The issue concerns one 6513 and local SPAN only.
As I understand your example with Vlan 2 and 3 you would have to have a virtual interface on the switch for each vlan to allow routing between them, I.E. have one SVI configured for each interface and then use each SVI as default gateway for the hosts on Vlan 2 and 3.
My problem is that no SVI has been configured for the vlan I'm monitoring and it should be completely isolated from other vlans. This doesn't seems to be the case.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...