See some comments below.
At 06:01 AM 7/12/01, Quek, Steven wrote:
>Hi,
>
>I am glad that this topic is discussed here. In fact currently I am doing
>a project that is trying to make use of the Port Monitoring/SPAN
>feature as a form of keepalive & duplicate traffic discovery
>with a third party product. I won't go into that detail.
>
>I had read the portion of info at the directed web link. But would like to
>confirm my doubts. I need all the valuable advise and inputs from all of
>you.
>
>May be I am poor in my English to interpret this. Appreciate to confirm,
>does that mean all Cisco Switches, be it Cat 19xx, 29xx, 5xxx, 6xxx, etc
>have the similar feature of blocking Unknow Unicast & Unregistered Multicast
I have only seen this with the Cat 1900. You will need to check Cisco
documentation for the other switches. I checked the 6xxx and 5xxx
documentation and monitoring multicasts is enabled by default for those
switches. Multicasts are not blocked.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_2/confg_gd/span.htm#xtocid147020
Monitoring multicasts is configurable. See this command:
set span {src_mod/src_ports | src_vlans | sc0} {dest_mod/dest_port} [rx |
tx | both] [inpkts {enable | disable}] [learning {enable | disable}]
[multicast {enable | disable}]
[filter vlans...] [create]
>from forwarding through the Source port & not reaching the destination
>directed ports?
>The traffic is also not forwarded out of the connected port to the connected
>neighbouring
>port?
>
> Source Switch Port1------------Router---------WAN
> | ^
>Mirrored Traffic------->| |
> | Eth
> Destine Switch Port2
>
>Based on the above diagram for simple discussion.
>
>Does that means EIGRP routing entries will be discarded at the Switch Port1
>& not updated to the Router
I am assuming that EIGRP multicasts arrive from the router at switch port 1
in your diagram, and port 1 is the monitored (mirrored) port and port 2 is
the monitor port where the analyzer resides. You will not see the EIGRP
multicasts on the destination (monitor) port 2 when using a Cat 1900. The
EIGRP multicasts should go out all other ports on the switch (depending on
VLAN and other configurations.) So, it won't cause any operational problems
on a network. It just makes monitoring difficult.
Note that EIGRP uses multicasts for hellos. It sends routing updates
directly to neighbors, so you would see those on the monitor port.
>Ethernet port? Similar CDP, Multicast Video streaming, Mainframe
>application, ...etc, will not able
>to pass through the Monitored port?
I also do not see CDP on my monitor port on my Cat 1900. I haven't tried
multicast video or other applications.
>Lastly, is there a way to enable all traffic to flow through the Monitored
>switch port?
Well, it blocks "unregistered" multicasts. Theoretically you could
"register" the port to receive multicasts. I don't know how, though. IGMP?
Sorry, I don't know more about this. I'm just discovering the problems
myself. But I think it's just a Cat 1900 problem.
Priscilla
>Hope to hear some comments on this. Apprecaite the inputs.
>
>Cheers.
>
>regard
>Steven Quek
>
>-----Original Message-----
>From: Marty Adkins [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, July 12, 2001 11:09 AM
>To: [EMAIL PROTECTED]
>Subject: Re: port block unicast and multicast [7:12052]
>
>
>Priscilla Oppenheimer wrote:
> >
> > Has anyone seen this and is there a workaround?
> >
> > On a Catalyst 1900 switch enterprise edition, the software has decided
>that
> > one of my ports should not flood unknown unicast or multicast. This
> > wouldn't be a problem except that the port is also my monitor port for
> > sniffing packets, and I WANT to see unknown unicast and multicast. I'm
> > trying to see EIGRP, CDP, etc. from a router connected to another port.
>The
> > monitoring is working, but I'm not seeing multicasts.
> >
> > SwitchA#show int e 0/1
> > Hardware is Built-in 10Base-T
> > Address is 00B0.6426.7941
> > MTU 1500 bytes, BW 10000 Kbits
> > 802.1d STP State: Forwarding Forward Transitions: 1
> > Unknown unicast flooding: Disabled
> > Unregistered multicast flooding: Disabled
> > Duplex setting: Half duplex
> > Back pressure: Disabled
> >
> > See how it says that unknown unicast and unregistered multicast are
> > disabled? It doesn't say that for any of the other ports.
> [snip]
>
>Priscilla,
>This is apparently an intentional side effect of enabling a port for
>SPAN/port monitoring, according to:
>http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v8x/19icg8x
>/19icweb.htm#xtocid482036
>So your analyzer would get only broadcasts until you configure it to
>monitor (copy) other ports on the switch. Those other ports will be
>getting unknowns and multicast so your monitor port will see a copy.
>
>I agree that this behavior is different than all the other Cisco switches
>including XLs, 4xxx, 5xxx, and 6xxx.
>
>- Marty
________________________
Priscilla Oppenheimer
http://www.priscilla.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=12170&t=12052
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
