12-13-2011 08:48 AM - edited 03-07-2019 03:52 AM
Been dealing with a strange problem for several days now. It started out with a problem that I thought was VTP related but ended up being something else. I setup a span port on a 3750 that I am connected to that was mirroring the trunk connection coming into the switch.
Never saw an VTP traffic come across the connection but doing a sh vtp status indicated the traffic was arriving and getting processed. When I found some debug commands (debug sw-lan vtp), I was also able to see the packets go between switches. Seeing this issue concerns me that there is other traffic that isnt showing up during a span session.
I know that doing a span on a switch, especially using a trunk port as a source, isnt a good idea. Since I didnt have a TAP at time, this was my only choice. I have since borrowed a NetOptics TP-CU3 tap from a good friend and was able to confirm the VTP traffic was going across the trunk connection between switches.
I had seen a posting on a website/blog confirming that someone else had seen this same problem but cant find that link now. All of my 3750's are running 12.2.55.SE.
Has anyone else seen this problem ?
Solved! Go to Solution.
12-14-2011 03:15 AM
Hi Ronald
Do you also have configured the 'encapsulation replicate' keyword on the SPAN destination configuration line ?
monitor session 1 destination interface Gi 1/0/11 encapsulation replicate
=====================================================================
The default configuration for local SPAN session ports is to send all packets untagged. SPAN also does not normally monitor bridge protocol data unit (BPDU) packets and Layer 2 protocols, such as Cisco Discovery Protocol (CDP), VLAN Trunk Protocol (VTP), Dynamic Trunking Protocol (DTP), Spanning Tree Protocol (STP), and Port Aggregation Protocol (PAgP).
However, when you enter the encapsulation replicate keywords when configuring a destination port, these changes occur:
•Packets are sent on the destination port with the same encapsulation—untagged, IEEE 802.1Q, or Inter-Switch Link (ISL)—that they had on the source port.
•Packets of all types, including BPDU and Layer 2 protocol packets are monitored.
Therefore, a local SPAN session with encapsulation replicate enabled can have a mixture of untagged, 802.1Q, and ISL tagged packets appear on the destination port.
Regards.
Karim
=====================================================================
12-13-2011 12:40 PM
Are you spanning a trunk port as a source and the destination port being an access vlan? Access vlans will only see traffic from a single vlan. ??
What monitor commands are you using ?
Sent from Cisco Technical Support iPhone App
12-13-2011 12:53 PM
Can you also say what's the strange problem?
12-14-2011 06:05 AM
Fabio:
To me, not being able to see VTP traffic on a spanned interface is "strange" because I am seeing everything else.
Zabeelmusa:
Yes, I am spanning a trunk port as a source. The destination port has no configuration commands on it other than what you would see on a freshly powered up switch.
I am using monitor session 1 source interface gi1/0/1 on the trunked connection and monitor session 1 destination interface fa1/0/1.
Sweta:
I am working with this in a lab situation and have no pruning on the trunk. In reading up on this, even if vlan 1 is pruned, traffic such as cdp and vtp will still use it and be accepted by the switch.
Karim:
I will try the keywords you have suggested. What surprises me is that I thought I was seeing CDP and STP traffic. Will go back into the lab and see what this change shows me.
Thanks to all and I will post an update once I have done additional testing later today.
Ron
12-13-2011 05:55 PM
What about pruning on that trunk link?
12-14-2011 03:15 AM
Hi Ronald
Do you also have configured the 'encapsulation replicate' keyword on the SPAN destination configuration line ?
monitor session 1 destination interface Gi 1/0/11 encapsulation replicate
=====================================================================
The default configuration for local SPAN session ports is to send all packets untagged. SPAN also does not normally monitor bridge protocol data unit (BPDU) packets and Layer 2 protocols, such as Cisco Discovery Protocol (CDP), VLAN Trunk Protocol (VTP), Dynamic Trunking Protocol (DTP), Spanning Tree Protocol (STP), and Port Aggregation Protocol (PAgP).
However, when you enter the encapsulation replicate keywords when configuring a destination port, these changes occur:
•Packets are sent on the destination port with the same encapsulation—untagged, IEEE 802.1Q, or Inter-Switch Link (ISL)—that they had on the source port.
•Packets of all types, including BPDU and Layer 2 protocol packets are monitored.
Therefore, a local SPAN session with encapsulation replicate enabled can have a mixture of untagged, 802.1Q, and ISL tagged packets appear on the destination port.
Regards.
Karim
=====================================================================
12-14-2011 06:32 AM
Are you using wireshark to filter vtp traffic?
12-14-2011 08:51 AM
Fabio:
I am capturing with Wireshark. Tried filtering for vtp and not filtering for vtp and didnt see any vtp traffic either way.
Ron
12-14-2011 09:00 AM
Karim:
The encapsulation replicate keyword at the end of the monitor setup allowed me to see the vtp traffic. That is the only traffic that I was having a problem in seeing.
Here is the port config that I was using for the trunk ports -
switchport trunk encapsulation dot1q
switchport mode trunk
Here is the port config for the destination port where my sniffer pc was plugged into -
int fa1/0/24
! no configuration lines
This is the config I was using in the lab. My production network is using 6509's and 3750's with a native vlan of something other than 1 and I do have vlan pruning going on. I went with this simple config to reduce the variables I was fighting.
Thanks for the help,
Ron
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: