Re: port block unicast and multicast [7:12052]
Priscilla Oppenheimer wrote: > > Has anyone seen this and is there a workaround? > > On a Catalyst 1900 switch enterprise edition, the software has decided that > one of my ports should not flood unknown unicast or multicast. This > wouldn't be a problem except that the port is also my monitor port for > sniffing packets, and I WANT to see unknown unicast and multicast. I'm > trying to see EIGRP, CDP, etc. from a router connected to another port. The > monitoring is working, but I'm not seeing multicasts. > > SwitchA#show int e 0/1 > Hardware is Built-in 10Base-T > Address is 00B0.6426.7941 > MTU 1500 bytes, BW 1 Kbits > 802.1d STP State: Forwarding Forward Transitions: 1 > Unknown unicast flooding: Disabled > Unregistered multicast flooding: Disabled > Duplex setting: Half duplex > Back pressure: Disabled > > See how it says that unknown unicast and unregistered multicast are > disabled? It doesn't say that for any of the other ports. [snip] Priscilla, This is apparently an intentional side effect of enabling a port for SPAN/port monitoring, according to: http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v8x/19icg8x/19icweb.htm#xtocid482036 So your analyzer would get only broadcasts until you configure it to monitor (copy) other ports on the switch. Those other ports will be getting unknowns and multicast so your monitor port will see a copy. I agree that this behavior is different than all the other Cisco switches including XLs, 4xxx, 5xxx, and 6xxx. - Marty Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12055&t=12052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: port block unicast and multicast [7:12052]
Hi, I am glad that this topic is discussed here. In fact currently I am doing a project that is trying to make use of the Port Monitoring/SPAN feature as a form of keepalive & duplicate traffic discovery with a third party product. I won't go into that detail. I had read the portion of info at the directed web link. But would like to confirm my doubts. I need all the valuable advise and inputs from all of you. May be I am poor in my English to interpret this. Appreciate to confirm, does that mean all Cisco Switches, be it Cat 19xx, 29xx, 5xxx, 6xxx, etc have the similar feature of blocking Unknow Unicast & Unregistered Multicast from forwarding through the Source port & not reaching the destination directed ports? The traffic is also not forwarded out of the connected port to the connected neighbouring port? Source Switch Port1Router-WAN | ^ Mirrored Traffic--->| | |Eth Destine Switch Port2 Based on the above diagram for simple discussion. Does that means EIGRP routing entries will be discarded at the Switch Port1 & not updated to the Router Ethernet port? Similar CDP, Multicast Video streaming, Mainframe application, ...etc, will not able to pass through the Monitored port? Lastly, is there a way to enable all traffic to flow through the Monitored switch port? Hope to hear some comments on this. Apprecaite the inputs. Cheers. regard Steven Quek -Original Message- From: Marty Adkins [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 11:09 AM To: [EMAIL PROTECTED] Subject: Re: port block unicast and multicast [7:12052] Priscilla Oppenheimer wrote: > > Has anyone seen this and is there a workaround? > > On a Catalyst 1900 switch enterprise edition, the software has decided that > one of my ports should not flood unknown unicast or multicast. This > wouldn't be a problem except that the port is also my monitor port for > sniffing packets, and I WANT to see unknown unicast and multicast. I'm > trying to see EIGRP, CDP, etc. from a router connected to another port. The > monitoring is working, but I'm not seeing multicasts. > > SwitchA#show int e 0/1 > Hardware is Built-in 10Base-T > Address is 00B0.6426.7941 > MTU 1500 bytes, BW 1 Kbits > 802.1d STP State: Forwarding Forward Transitions: 1 > Unknown unicast flooding: Disabled > Unregistered multicast flooding: Disabled > Duplex setting: Half duplex > Back pressure: Disabled > > See how it says that unknown unicast and unregistered multicast are > disabled? It doesn't say that for any of the other ports. [snip] Priscilla, This is apparently an intentional side effect of enabling a port for SPAN/port monitoring, according to: http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v8x/19icg8x /19icweb.htm#xtocid482036 So your analyzer would get only broadcasts until you configure it to monitor (copy) other ports on the switch. Those other ports will be getting unknowns and multicast so your monitor port will see a copy. I agree that this behavior is different than all the other Cisco switches including XLs, 4xxx, 5xxx, and 6xxx. - Marty Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12096&t=12052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: port block unicast and multicast [7:12052]
It is monitoring other ports. I did the three steps: enable the feature, configure the monitor port, and configure the monitored port. It is seeing traffic, but not multicasts. It seems to disable unknown unicast and unregistered multicasts on the monitor port no matter what you do. I have decided that it's to protect the user from trouble. If you turned this feature on while the monitor port was connected to something more than just an analyzer, you could cause problems (even loops?) Priscilla At 10:53 PM 7/11/01, Marty Adkins wrote: >Priscilla Oppenheimer wrote: > > > > Has anyone seen this and is there a workaround? > > > > On a Catalyst 1900 switch enterprise edition, the software has decided that > > one of my ports should not flood unknown unicast or multicast. This > > wouldn't be a problem except that the port is also my monitor port for > > sniffing packets, and I WANT to see unknown unicast and multicast. I'm > > trying to see EIGRP, CDP, etc. from a router connected to another port. The > > monitoring is working, but I'm not seeing multicasts. > > > > SwitchA#show int e 0/1 > > Hardware is Built-in 10Base-T > > Address is 00B0.6426.7941 > > MTU 1500 bytes, BW 1 Kbits > > 802.1d STP State: Forwarding Forward Transitions: 1 > > Unknown unicast flooding: Disabled > > Unregistered multicast flooding: Disabled > > Duplex setting: Half duplex > > Back pressure: Disabled > > > > See how it says that unknown unicast and unregistered multicast are > > disabled? It doesn't say that for any of the other ports. > [snip] > >Priscilla, >This is apparently an intentional side effect of enabling a port for >SPAN/port monitoring, according to: >http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v8x/19icg8x/19icweb.htm#xtocid482036 >So your analyzer would get only broadcasts until you configure it to >monitor (copy) other ports on the switch. Those other ports will be >getting unknowns and multicast so your monitor port will see a copy. > >I agree that this behavior is different than all the other Cisco switches >including XLs, 4xxx, 5xxx, and 6xxx. > >- Marty Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12159&t=12052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: port block unicast and multicast [7:12052]
Hi, So far I have not heard any response for this. Anyone care to provide the info? Thanks in advance. With regards Steven Quek -Original Message- From: Quek, Steven Sent: Thursday, July 12, 2001 6:02 PM To: [EMAIL PROTECTED] Subject: RE: port block unicast and multicast [7:12052] Hi, I am glad that this topic is discussed here. In fact currently I am doing a project that is trying to make use of the Port Monitoring/SPAN feature as a form of keepalive & duplicate traffic discovery with a third party product. I won't go into that detail. I had read the portion of info at the directed web link. But would like to confirm my doubts. I need all the valuable advise and inputs from all of you. May be I am poor in my English to interpret this. Appreciate to confirm, does that mean all Cisco Switches, be it Cat 19xx, 29xx, 5xxx, 6xxx, etc have the similar feature of blocking Unknow Unicast & Unregistered Multicast from forwarding through the Source port & not reaching the destination directed ports? The traffic is also not forwarded out of the connected port to the connected neighbouring port? Source Switch Port1Router-WAN | ^ Mirrored Traffic--->| | |Eth Destine Switch Port2 Based on the above diagram for simple discussion. Does that means EIGRP routing entries will be discarded at the Switch Port1 & not updated to the Router Ethernet port? Similar CDP, Multicast Video streaming, Mainframe application, ...etc, will not able to pass through the Monitored port? Lastly, is there a way to enable all traffic to flow through the Monitored switch port? Hope to hear some comments on this. Apprecaite the inputs. Cheers. regard Steven Quek -Original Message- From: Marty Adkins [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 11:09 AM To: [EMAIL PROTECTED] Subject: Re: port block unicast and multicast [7:12052] Priscilla Oppenheimer wrote: > > Has anyone seen this and is there a workaround? > > On a Catalyst 1900 switch enterprise edition, the software has decided that > one of my ports should not flood unknown unicast or multicast. This > wouldn't be a problem except that the port is also my monitor port for > sniffing packets, and I WANT to see unknown unicast and multicast. I'm > trying to see EIGRP, CDP, etc. from a router connected to another port. The > monitoring is working, but I'm not seeing multicasts. > > SwitchA#show int e 0/1 > Hardware is Built-in 10Base-T > Address is 00B0.6426.7941 > MTU 1500 bytes, BW 1 Kbits > 802.1d STP State: Forwarding Forward Transitions: 1 > Unknown unicast flooding: Disabled > Unregistered multicast flooding: Disabled > Duplex setting: Half duplex > Back pressure: Disabled > > See how it says that unknown unicast and unregistered multicast are > disabled? It doesn't say that for any of the other ports. [snip] Priscilla, This is apparently an intentional side effect of enabling a port for SPAN/port monitoring, according to: http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v8x/19icg8x /19icweb.htm#xtocid482036 So your analyzer would get only broadcasts until you configure it to monitor (copy) other ports on the switch. Those other ports will be getting unknowns and multicast so your monitor port will see a copy. I agree that this behavior is different than all the other Cisco switches including XLs, 4xxx, 5xxx, and 6xxx. - Marty Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=12161&t=12052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: port block unicast and multicast [7:12052]
See some comments below.
At 06:01 AM 7/12/01, Quek, Steven wrote:
>Hi,
>
>I am glad that this topic is discussed here. In fact currently I am doing
>a project that is trying to make use of the Port Monitoring/SPAN
>feature as a form of keepalive & duplicate traffic discovery
>with a third party product. I won't go into that detail.
>
>I had read the portion of info at the directed web link. But would like to
>confirm my doubts. I need all the valuable advise and inputs from all of
>you.
>
>May be I am poor in my English to interpret this. Appreciate to confirm,
>does that mean all Cisco Switches, be it Cat 19xx, 29xx, 5xxx, 6xxx, etc
>have the similar feature of blocking Unknow Unicast & Unregistered Multicast
I have only seen this with the Cat 1900. You will need to check Cisco
documentation for the other switches. I checked the 6xxx and 5xxx
documentation and monitoring multicasts is enabled by default for those
switches. Multicasts are not blocked.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_2/confg_gd/span.htm#xtocid147020
Monitoring multicasts is configurable. See this command:
set span {src_mod/src_ports | src_vlans | sc0} {dest_mod/dest_port} [rx |
tx | both] [inpkts {enable | disable}] [learning {enable | disable}]
[multicast {enable | disable}]
[filter vlans...] [create]
>from forwarding through the Source port & not reaching the destination
>directed ports?
>The traffic is also not forwarded out of the connected port to the connected
>neighbouring
>port?
>
> Source Switch Port1Router-WAN
> | ^
>Mirrored Traffic--->| |
> |Eth
> Destine Switch Port2
>
>Based on the above diagram for simple discussion.
>
>Does that means EIGRP routing entries will be discarded at the Switch Port1
>& not updated to the Router
I am assuming that EIGRP multicasts arrive from the router at switch port 1
in your diagram, and port 1 is the monitored (mirrored) port and port 2 is
the monitor port where the analyzer resides. You will not see the EIGRP
multicasts on the destination (monitor) port 2 when using a Cat 1900. The
EIGRP multicasts should go out all other ports on the switch (depending on
VLAN and other configurations.) So, it won't cause any operational problems
on a network. It just makes monitoring difficult.
Note that EIGRP uses multicasts for hellos. It sends routing updates
directly to neighbors, so you would see those on the monitor port.
>Ethernet port? Similar CDP, Multicast Video streaming, Mainframe
>application, ...etc, will not able
>to pass through the Monitored port?
I also do not see CDP on my monitor port on my Cat 1900. I haven't tried
multicast video or other applications.
>Lastly, is there a way to enable all traffic to flow through the Monitored
>switch port?
Well, it blocks "unregistered" multicasts. Theoretically you could
"register" the port to receive multicasts. I don't know how, though. IGMP?
Sorry, I don't know more about this. I'm just discovering the problems
myself. But I think it's just a Cat 1900 problem.
Priscilla
>Hope to hear some comments on this. Apprecaite the inputs.
>
>Cheers.
>
>regard
>Steven Quek
>
>-Original Message-
>From: Marty Adkins [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, July 12, 2001 11:09 AM
>To: [EMAIL PROTECTED]
>Subject: Re: port block unicast and multicast [7:12052]
>
>
>Priscilla Oppenheimer wrote:
> >
> > Has anyone seen this and is there a workaround?
> >
> > On a Catalyst 1900 switch enterprise edition, the software has decided
>that
> > one of my ports should not flood unknown unicast or multicast. This
> > wouldn't be a problem except that the port is also my monitor port for
> > sniffing packets, and I WANT to see unknown unicast and multicast. I'm
> > trying to see EIGRP, CDP, etc. from a router connected to another port.
>The
> > monitoring is working, but I'm not seeing multicasts.
> >
> > SwitchA#show int e 0/1
> > Hardware is Built-in 10Base-T
> > Address is 00B0.6426.7941
> > MTU 1500 bytes, BW 1 Kbits
> > 802.1d STP State: Forwarding Forward Transitions: 1
> > Unknown unicast flooding: Disabled
> > Unregistered multicast flooding: Disabled
> > Duplex setting: Half duplex
> > Back pressure: Disabled
> >
> > See how it says that unknown unicast and unregistered multicast are
> > disabled? It doesn't say that for any of the other ports.
> [snip]
>
>Priscilla,
>This is apparently an intentional side effect of enabling a port for
>SPAN/port monitoring, accordin
RE: port block unicast and multicast [7:12052]
Hi,
Priscilla, thank you very much for the info.
I was hoping for your response for I always enjoy your email on the mailing
discussion.
In fact I enjoy reading your DCN book. It is informative & straight to the
point.
In fact I used for reference for some of my propsed solution.
The regional project I am handling was having problem with Port Monitoring
and the customer has various types of Cisco switch. I faced this problem
for the Cat6000 when SPAN was enabled. I guess I need to study further
how to configure the SPAN to I understand the SPAN work on the Cat6000.
When SPAN was enabled on Cat6000, the LAN EIGRP routing entries were
lost on the Router Ethernet port. I guess I have to configure the CAT6000
to forward the EIGRP multicast traffic and other types of traffic. Thus,
this is not a workable solution for my customer to go through all these.
Thank you & have a great weekend.
With regards
Steven Quek
-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 13, 2001 1:33 AM
To: [EMAIL PROTECTED]
Subject: RE: port block unicast and multicast [7:12052]
See some comments below.
At 06:01 AM 7/12/01, Quek, Steven wrote:
>Hi,
>
>I am glad that this topic is discussed here. In fact currently I am doing
>a project that is trying to make use of the Port Monitoring/SPAN
>feature as a form of keepalive & duplicate traffic discovery
>with a third party product. I won't go into that detail.
>
>I had read the portion of info at the directed web link. But would like to
>confirm my doubts. I need all the valuable advise and inputs from all of
>you.
>
>May be I am poor in my English to interpret this. Appreciate to confirm,
>does that mean all Cisco Switches, be it Cat 19xx, 29xx, 5xxx, 6xxx, etc
>have the similar feature of blocking Unknow Unicast & Unregistered
Multicast
I have only seen this with the Cat 1900. You will need to check Cisco
documentation for the other switches. I checked the 6xxx and 5xxx
documentation and monitoring multicasts is enabled by default for those
switches. Multicasts are not blocked.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_2/confg_gd/
span.htm#xtocid147020
Monitoring multicasts is configurable. See this command:
set span {src_mod/src_ports | src_vlans | sc0} {dest_mod/dest_port} [rx |
tx | both] [inpkts {enable | disable}] [learning {enable | disable}]
[multicast {enable | disable}]
[filter vlans...] [create]
>from forwarding through the Source port & not reaching the destination
>directed ports?
>The traffic is also not forwarded out of the connected port to the
connected
>neighbouring
>port?
>
> Source Switch Port1Router-WAN
> | ^
>Mirrored Traffic--->| |
> |Eth
> Destine Switch Port2
>
>Based on the above diagram for simple discussion.
>
>Does that means EIGRP routing entries will be discarded at the Switch Port1
>& not updated to the Router
I am assuming that EIGRP multicasts arrive from the router at switch port 1
in your diagram, and port 1 is the monitored (mirrored) port and port 2 is
the monitor port where the analyzer resides. You will not see the EIGRP
multicasts on the destination (monitor) port 2 when using a Cat 1900. The
EIGRP multicasts should go out all other ports on the switch (depending on
VLAN and other configurations.) So, it won't cause any operational problems
on a network. It just makes monitoring difficult.
Note that EIGRP uses multicasts for hellos. It sends routing updates
directly to neighbors, so you would see those on the monitor port.
>Ethernet port? Similar CDP, Multicast Video streaming, Mainframe
>application, ...etc, will not able
>to pass through the Monitored port?
I also do not see CDP on my monitor port on my Cat 1900. I haven't tried
multicast video or other applications.
>Lastly, is there a way to enable all traffic to flow through the Monitored
>switch port?
Well, it blocks "unregistered" multicasts. Theoretically you could
"register" the port to receive multicasts. I don't know how, though. IGMP?
Sorry, I don't know more about this. I'm just discovering the problems
myself. But I think it's just a Cat 1900 problem.
Priscilla
>Hope to hear some comments on this. Apprecaite the inputs.
>
>Cheers.
>
>regard
>Steven Quek
>
>-Original Message-
>From: Marty Adkins [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, July 12, 2001 11:09 AM
>To: [EMAIL PROTECTED]
>Subject: Re: port block unicast and multicast [7:12052]
>
>
>Priscilla Oppenheimer wrote:
> >
> > Has anyone seen this and is there a workaround?
> >
> > On a Catalyst 1900 switch enterprise edition, the softwa
