Curious VLAN and differentiated services traffic with new TV
-
Cisco has some settings that manipulate VLAN tags on mirror ports:
The default configuration for local SPAN session ports is to send all packets untagged. SPAN also does not normally monitor bridge protocol data unit (BPDU) packets and Layer 2 protocols, such as Cisco Discovery Protocol (CDP), VLAN Trunk Protocol (VTP), Dynamic Trunking Protocol (DTP), Spanning Tree Protocol (STP), and Port Aggregation Protocol (PAgP). However, when you enter the encapsulation replicate keywords when configuring a destination port, these changes occur Packets are sent on the destination port with the same encapsulation—untagged, Inter-Switch Link (ISL), or IEEE 802.1Q—that they had on the source port. Packets of all types, including BPDU and Layer 2 protocol packets, are monitoredhttps://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/swspan.html
That doesn't exactly match what you are seeing but it's in the right wheelhouse.
Chattanooga, Tennessee, USA
A comprehensive network diagram is worth 10,000 words and 15 conference calls.
DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
Do Not Chat For Help! NO_WAN_EGRESS(TM) -
Yeah but the smb line isn't running the full blown ios - so prob no way to alter such setting.. have to look to see what can do on the sg300s I have.
But yeah could be something around those lines causing it.
-
@johnpoz said in Curious VLAN and differentiated services traffic with new TV:
When you created the span, you didn't happen to pick vlan 1 vs just tx and rx on the port?
I have not configured VLANs on this switch at all.
What firmware you running on it?
1.0.8.3 That's the latest available for this switch.
-
Here check out this thread - this is what your seeing right?
https://community.cisco.com/t5/small-business-switches/mirror-vlan-tag-not-stripped/td-p/2272832/page/2"I can see this issue on SG200-8, I think it's not a bug, but an enhancement. For TX packets, by default they will be added a dot1q tag. "
If reading right, got around it via doing spans of just the rx on the 2 ports vs tx and rx on 1 port.
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11 -
@Derelict said in Curious VLAN and differentiated services traffic with new TV:
Cisco has some settings that manipulate VLAN tags on mirror ports:
I don't know what tags it would manipulate, as I don't have any VLANs configured on this switch.
BTW, I'm more used to the term mirror, rather than span, as I started doing this sort of thing on Adtran gear, where it was called port mirroring. It's also called mirroring on both my Cisco and TP-Link switches. In fact, until recently, on another thread, I had never heard of span in this application. In my earlier experience, "span" referred to span lines, which carried T1 signals over significant distances, through the use of repeaters.
-
No idea, man. I don't have one of those switches.
-
But there stil is the default vlan 1.. you can not get rid of it.. you can just change the default.. I changed my default vlan to 9 but vlan 1 is still there, even if not used.
-
@johnpoz said in Curious VLAN and differentiated services traffic with new TV:
Here check out this thread - this is what your seeing right?
https://community.cisco.com/t5/small-business-switches/mirror-vlan-tag-not-stripped/td-p/2272832/page/2"I can see this issue on SG200-8, I think it's not a bug, but an enhancement. For TX packets, by default they will be added a dot1q tag. "
If reading right, got around it via doing spans of just the rx on the 2 ports vs tx and rx on 1 port.
Could be. I'll have to check further. I just don't recall seeing that before, though I wasn't looking. Regardless, I wouldn't expect a tag to be added. What would happen if there were already 2 tags (QinQ). I have worked on networks where that was used.
-
Your dest port on the mirror can not be a member of a vlan. All tags should be stripped going to dest mirror port.. Way I read that thread (really quick) is that is "feature" of adding tag to the tx traffic that is sent to the mirror port.. I think the suggestion of just using 2 rx sources would be quick work around for the "feature" ;)
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11 -
Have to ask Cisco.
-
@johnpoz said in Curious VLAN and differentiated services traffic with new TV:
Your dest port on the mirror can not be a member of a vlan. All tags should be stripped going to dest mirror port.
I would think that a mirror should duplicate the original. As I mentioned, I have worked on systems where QinQ is used. It would be nice to be able to see the tags when working on it. On my TP-Link switch, I use port based VLANs to keep the monitor port separate from the traffic ports. I'll have to do some testing with both, when I get a round tuit.
-
@Derelict said in Curious VLAN and differentiated services traffic with new TV:
Spanning Tree Protocol (STP)
I have certainly seen spanning tree on mirror ports. In fact, they became so annoying I created Wireshark filters to block them. On my home network, my PVR thinks it's the root switch.
-
@johnpoz said in Curious VLAN and differentiated services traffic with new TV:
adding tag to the tx traffic that is sent to the mirror port
It appears to be the receive side, not transmit.
-
@JKnott said in Curious VLAN and differentiated services traffic with new TV:
TP-Link does something better than Cisco!
