Hello there - I am setting up a span port so that we can record our voice traffic with Witness. I have gotten the span port all setup like this:
monitor session 2 source vlan 10
monitor session 2 destination interface Gi0/25
Our voice VLAN is VLAN10. My question is do I need to configure the port (Gi0/25) any differently than any other port on the switch. Here is the current configuration for the port:
description Witness SPAN port
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
mls qos trust dscp
auto qos voip trust
It seems that we are capturing some of the traffic on the voice vlan but not all of it and according to the vendor it may be an issue with the span port so I just wanted to get some other opinions as to if my span configuration is correct. If any of you have any ideas I would greatly appreciate them. Thanks.
Thanks for the link Mahmood. I have followed the procedure as described in that document but that document does not describe if the port that will be monitoring the traffic needs to be configured in any certain way which is what I am really trying to figure out. Thanks again for the useful link but it just does not give me the information I am looking for.
Each local SPAN session or RSPAN destination session must have a destination port (also called a monitoring port) that receives a copy of traffic from the source ports or VLANs and sends the SPAN packets to the user, usually a network analyzer.
A destination port has these characteristics:
For a local SPAN session, the destination port must reside on the same switch as the source port. For an RSPAN session, it is located on the switch containing the RSPAN destination session. There is no destination port on a switch running only an RSPAN source session.
When a port is configured as a SPAN destination port, the configuration overwrites the original port configuration. When the SPAN destination configuration is removed, the port reverts to its previous configuration. If a configuration change is made to the port while it is acting as a SPAN destination port, the change does not take effect until the SPAN destination configuration had been removed.
If the port was in an EtherChannel group, it is removed from the group while it is a destination port. If it was a routed port, it is no longer a routed port.
It can be any Ethernet physical port.
It cannot be a secure port.
It cannot be a source port.
It cannot be an EtherChannel group or a VLAN.
It can participate in only one SPAN session at a time (a destination port in one SPAN session cannot be a destination port for a second SPAN session).
When it is active, incoming traffic is disabled. The port does not transmit any traffic except that required for the SPAN session. Incoming traffic is never learned or forwarded on a destination port.
If ingress traffic forwarding is enabled for a network security device, the destination port forwards traffic at Layer 2.
It does not participate in any of the Layer 2 protocols (STP, VTP, CDP, DTP, PagP).
A destination port that belongs to a source VLAN of any SPAN session is excluded from the source list and is not monitored.
The maximum number of destination ports in a switch is 64.
Local SPAN and RSPAN destination ports behave differently regarding VLAN tagging and encapsulation:
For local SPAN, if the encapsulation replicate keywords are specified for the destination port, these packets appear with the original encapsulation (untagged, ISL, or IEEE 802.1Q). If these keywords are not specified, packets appear in the untagged format. Therefore, the output of a local SPAN session with encapsulation replicate enabled can contain a mixture of untagged, ISL, or IEEE 802.1Q-tagged packets.
For RSPAN, the original VLAN ID is lost because it is overwritten by the RSPAN VLAN identification. Therefore, all packets appear on the destination port as untagged.
As you want to monitor the traffic for vlan 10 only, my suggestion for you would be to remove the trunk configuration from the switch and check if that works. As you are using a dedicated destinaton port for monitoring the vlan traffic, it will not participate in normal traffic forwarding.You can safely remove the other commands also and let the port just be an access port for vlan 10.
Thank you for the suggestion with this. I have removed the trunk configuration from the port and will see how that goes. Do you think that I should remove the port from VLAN 10 as well? From the other help I have gotten here it looks like it does not make any difference so it really should not matter but it's always good to g et a second opinion. Thanks again.
Thanks for the information. I have modified the interface so that it is no longer configured as a trunk, and removed the qos configuration as well. I will need to hold off on creating a null VLAN that I could assign the port to due to our change control but I will give that a shot. thanks again for the advice.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...