I do use intra-vlan routing in that a within the vlan is a gateway for that
VLAN of course an arp (that I see) for the gateway occurs... then when
traffic is sent to the vlans gateway to route to another vlan or anywhere...
I do NOT see that
As you said I would have to go to where the mapping occurs (a bunch of 7507s
with AIPs)... I would find the HSRP active router... no problems... Still
this does not give me what I was looking for...
In Top Down Design (shameless Plug), a lot of discussion goes to knowing
thyself and the traffic. What I wanted to see was the amount of traffic,
type of traffic, broadcast versus standard.... on a given VLAN. First to
baseline the VLAN, then to identify within my network where I may need
additional improvements. We have some 16000 host and seem rock solid... We
have way more bandwidth then needed but expect a huge amount of growth..
not in host but in applications... two of my 120+ work group managers
constantly insist on infrastructure related problems... yet LMS and HP Open
view show nothing. Each time they raise a stink, me or one of my
technicians find not only nothing wrong, but often see no symptoms. Still
these WGMs get managements ear. In all we have proven each and every time
these guys are off their rockers but it did raise my desire to span the
entire VLAN to Sniffer Pro and get some baselines of the VLANs traffic. I
wanted to do this from my office simply by creating the LEC spanning the
vlan ... and wham... In the end all I catch mostly is some CDP, HSRP, and
other type broadcast
Now spanning the port works exactly and accomplished everything I have
wanted it to where I use it. I have been able to get profiles of our
outbound and inbound data to our network. I have been able to show growth
and get additional assets with empirical data...
Anyway thanks Nigel... I keep looking for a way to capture ALL the data in
a given VLAN... this kinda does make ya wish for a HUB mode.. not
-----Original Message-----
From: Nigel Taylor [mailto:[EMAIL PROTECTED]]
Sent: Saturday, December 30, 2000 5:25 AM
To: Lou Nelson; [EMAIL PROTECTED]; [EMAIL PROTECTED];
Priscilla Oppenheimer
Cc: Bryant Andrews
Subject: Re: can SPAN port transmit?
See Inline.....
----- Original Message -----
From: Lou Nelson <[EMAIL PROTECTED]>
To: Nigel Taylor <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>; Priscilla Oppenheimer <[EMAIL PROTECTED]>;
Lou Nelson <[EMAIL PROTECTED]>
Cc: Bryant Andrews <[EMAIL PROTECTED]>
Sent: Saturday, December 30, 2000 3:13 AM
Subject: RE: can SPAN port transmit?
> hmmm.
> I fully understand the Lane ATM Vlan Elan relationships.
> What is happening is that I only see the broadcast on the specific Vlan.
I
> do not see the direct Vlan to Vlan traffic nor the Vlan to Vlan Gateway
> address...
NT: This won't happen unless you implement some type of inter-vlan routing
in
which case you're no longer monitoring at layer 2 which is where the span
ports
on the switched devices are suppose to monitor/capture. Of course to monitor
different vlans you would have to redefine you SPAN port values if you were
looking to still mointor on Layer 2 . However, To monitor the VLAN to VLAN
or VLANto VLAn gateway traffic you would have to do this where your VLAN
maps to layer 3, which would mean at either the RSM(where you would
probably have your HSRP gateways defined) or at router with
a AIP card that provides the layer 3 requirememt.
I assumed that the trunked ports were not passing the traffic
> out the lane blades because the Cam Dynamics recognized that the
destination
> MAC was not down that port (trunked port... therefore it dropped the frame
> and my spanned port on the other side of the cloud never got the frame...
> and yes everything else is in place... a lec is configured on my Spanned
> port switch's lane blade...
>
> I clearly do not know what I am missing... I really feel I have covered
> everything
>
>
> -----Original Message-----
> From: Nigel Taylor [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, December 30, 2000 1:54 AM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; Priscilla
> Oppenheimer; Lou Nelson
> Cc: Bryant Andrews
> Subject: Re: can SPAN port transmit?
>
>
> Lou,
> The answer is yes. I must be more specific in stating that since
> LANE extends layer 2 characteristics through the ATM cloud. ELANs are
> simply a way of extending a VLAN(lan segment/broadcast domain).
> So plugging a sniffer onto a span port that is configured to a specific
VLAN
> which is mapped to a possible specific ELAN you should be able to capture
> all/any traffic within the E-LAN(Extended-VLAN).
>
> What you're seeing would tend to suggest a incorrectly SPAN port.
>
> HTH
>
> Nigel
>
> ----- Original Message -----
> From: Lou Nelson <[EMAIL PROTECTED]>
> To: Priscilla Oppenheimer <[EMAIL PROTECTED]>;
> <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Saturday, December 30, 2000 12:02 AM
> Subject: RE: can SPAN port transmit?
>
>
> > The answer is no. I have tried before and I now think of spanning a
port
> as
> > a 6th state of the STP... Listen only to the other port.... .. to TX
and
> > receive to the sniffer you will need another NIC and Port
> >
> > Now a question back to the group... Across an ATM cloud... using LANE...
> and
> > ELANS.... Is there a way to see ALL Vlan traffic (Inc. from switches
> across
> > the cloud) when you span a VLAN on a switch... Thus far I can ONLY see
the
> > broadcast traffic!
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Priscilla Oppenheimer
> > Sent: Friday, December 29, 2000 4:42 PM
> > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> > Subject: Re: can SPAN port transmit?
> >
> >
> > The reason I ask is that my client is developing a network management
box
> > that will connect to a SPAN port and collect traffic as well as
> > occasionally send SNMP queries and other UDP packets.
> >
> > He realizes that if the user were collecting data from many ports there
> > would be performance issues. However, he wants to know, in the absence
of
> > performance problems, will his device be able to send some queries? Is
> > sending disabled on the SPAN port? The other answers (from people who
have
> > tried it) make me think the answer is no, sending is not disabled.
> >
> > Priscilla
> >
> > At 04:46 PM 12/29/00, [EMAIL PROTECTED] wrote:
> >
> >
> > >Cisco employees have confirmed for me that devices connected to span
> ports
> > >are unable to act as normal hosts by design.
> > >
> > >
> > >
> > >
> > >
> > >
> > >Priscilla Oppenheimer <[EMAIL PROTECTED]>@groupstudy.com on
12/29/2000
> > >03:27:52 PM
> > >
> > >Please respond to Priscilla Oppenheimer <[EMAIL PROTECTED]>
> > >
> > >Sent by: [EMAIL PROTECTED]
> > >
> > >To: [EMAIL PROTECTED]
> > >cc: (bcc: Kevin Cullimore)
> > >Subject: can SPAN port transmit?
> > >
> > >
> > >Hi folks,
> > >
> > >If I connect a Sniffer-like device to the SPAN port of a switch, will
the
> > >Sniffer-like device be able to transmit data?
> > >
> > >My guess is no. From my reading on Cisco's SwitchProbe external
hardware
> > >probes, it appears that the SwitchProbe needs an additional port to
send
> > >data to a network management system. One port connects to a SPAN port
on
> > >the switch and the other port connects to a normal port and is
configured
> > >in "management mode."
> > >
> > >But, does anyone have experience with trying to send from a device
> > >connected to a SPAN port?
> > >
> > >Thanks
> > >
> > >Priscilla
> >
> >
> > ________________________
> >
> > Priscilla Oppenheimer
> > http://www.priscilla.com
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
