RE: port block unicast and multicast [7:12052]
Hi, I am glad that this topic is discussed here. In fact currently I am doing a project that is trying to make use of the Port Monitoring/SPAN feature as a form of keepalive duplicate traffic discovery with a third party product. I won't go into that detail. I had read the portion of info at the directed web link. But would like to confirm my doubts. I need all the valuable advise and inputs from all of you. May be I am poor in my English to interpret this. Appreciate to confirm, does that mean all Cisco Switches, be it Cat 19xx, 29xx, 5xxx, 6xxx, etc have the similar feature of blocking Unknow Unicast Unregistered Multicast from forwarding through the Source port not reaching the destination directed ports? The traffic is also not forwarded out of the connected port to the connected neighbouring port? Source Switch Port1Router-WAN | ^ Mirrored Traffic---| | |Eth Destine Switch Port2 Based on the above diagram for simple discussion. Does that means EIGRP routing entries will be discarded at the Switch Port1 not updated to the Router Ethernet port? Similar CDP, Multicast Video streaming, Mainframe application, ...etc, will not able to pass through the Monitored port? Lastly, is there a way to enable all traffic to flow through the Monitored switch port? Hope to hear some comments on this. Apprecaite the inputs. Cheers. regard Steven Quek -Original Message- From: Marty Adkins [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 11:09 AM To: [EMAIL PROTECTED] Subject: Re: port block unicast and multicast [7:12052] Priscilla Oppenheimer wrote: Has anyone seen this and is there a workaround? On a Catalyst 1900 switch enterprise edition, the software has decided that one of my ports should not flood unknown unicast or multicast. This wouldn't be a problem except that the port is also my monitor port for sniffing packets, and I WANT to see unknown unicast and multicast. I'm trying to see EIGRP, CDP, etc. from a router connected to another port. The monitoring is working, but I'm not seeing multicasts. SwitchA#show int e 0/1 Hardware is Built-in 10Base-T Address is 00B0.6426.7941 MTU 1500 bytes, BW 1 Kbits 802.1d STP State: Forwarding Forward Transitions: 1 Unknown unicast flooding: Disabled Unregistered multicast flooding: Disabled Duplex setting: Half duplex Back pressure: Disabled See how it says that unknown unicast and unregistered multicast are disabled? It doesn't say that for any of the other ports. [snip] Priscilla, This is apparently an intentional side effect of enabling a port for SPAN/port monitoring, according to: http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v8x/19icg8x /19icweb.htm#xtocid482036 So your analyzer would get only broadcasts until you configure it to monitor (copy) other ports on the switch. Those other ports will be getting unknowns and multicast so your monitor port will see a copy. I agree that this behavior is different than all the other Cisco switches including XLs, 4xxx, 5xxx, and 6xxx. - Marty Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12096t=12052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: port block unicast and multicast [7:12052]
It is monitoring other ports. I did the three steps: enable the feature, configure the monitor port, and configure the monitored port. It is seeing traffic, but not multicasts. It seems to disable unknown unicast and unregistered multicasts on the monitor port no matter what you do. I have decided that it's to protect the user from trouble. If you turned this feature on while the monitor port was connected to something more than just an analyzer, you could cause problems (even loops?) Priscilla At 10:53 PM 7/11/01, Marty Adkins wrote: Priscilla Oppenheimer wrote: Has anyone seen this and is there a workaround? On a Catalyst 1900 switch enterprise edition, the software has decided that one of my ports should not flood unknown unicast or multicast. This wouldn't be a problem except that the port is also my monitor port for sniffing packets, and I WANT to see unknown unicast and multicast. I'm trying to see EIGRP, CDP, etc. from a router connected to another port. The monitoring is working, but I'm not seeing multicasts. SwitchA#show int e 0/1 Hardware is Built-in 10Base-T Address is 00B0.6426.7941 MTU 1500 bytes, BW 1 Kbits 802.1d STP State: Forwarding Forward Transitions: 1 Unknown unicast flooding: Disabled Unregistered multicast flooding: Disabled Duplex setting: Half duplex Back pressure: Disabled See how it says that unknown unicast and unregistered multicast are disabled? It doesn't say that for any of the other ports. [snip] Priscilla, This is apparently an intentional side effect of enabling a port for SPAN/port monitoring, according to: http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v8x/19icg8x/19icweb.htm#xtocid482036 So your analyzer would get only broadcasts until you configure it to monitor (copy) other ports on the switch. Those other ports will be getting unknowns and multicast so your monitor port will see a copy. I agree that this behavior is different than all the other Cisco switches including XLs, 4xxx, 5xxx, and 6xxx. - Marty Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12159t=12052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: port block unicast and multicast [7:12052]
Hi, So far I have not heard any response for this. Anyone care to provide the info? Thanks in advance. With regards Steven Quek -Original Message- From: Quek, Steven Sent: Thursday, July 12, 2001 6:02 PM To: [EMAIL PROTECTED] Subject: RE: port block unicast and multicast [7:12052] Hi, I am glad that this topic is discussed here. In fact currently I am doing a project that is trying to make use of the Port Monitoring/SPAN feature as a form of keepalive duplicate traffic discovery with a third party product. I won't go into that detail. I had read the portion of info at the directed web link. But would like to confirm my doubts. I need all the valuable advise and inputs from all of you. May be I am poor in my English to interpret this. Appreciate to confirm, does that mean all Cisco Switches, be it Cat 19xx, 29xx, 5xxx, 6xxx, etc have the similar feature of blocking Unknow Unicast Unregistered Multicast from forwarding through the Source port not reaching the destination directed ports? The traffic is also not forwarded out of the connected port to the connected neighbouring port? Source Switch Port1Router-WAN | ^ Mirrored Traffic---| | |Eth Destine Switch Port2 Based on the above diagram for simple discussion. Does that means EIGRP routing entries will be discarded at the Switch Port1 not updated to the Router Ethernet port? Similar CDP, Multicast Video streaming, Mainframe application, ...etc, will not able to pass through the Monitored port? Lastly, is there a way to enable all traffic to flow through the Monitored switch port? Hope to hear some comments on this. Apprecaite the inputs. Cheers. regard Steven Quek -Original Message- From: Marty Adkins [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 12, 2001 11:09 AM To: [EMAIL PROTECTED] Subject: Re: port block unicast and multicast [7:12052] Priscilla Oppenheimer wrote: Has anyone seen this and is there a workaround? On a Catalyst 1900 switch enterprise edition, the software has decided that one of my ports should not flood unknown unicast or multicast. This wouldn't be a problem except that the port is also my monitor port for sniffing packets, and I WANT to see unknown unicast and multicast. I'm trying to see EIGRP, CDP, etc. from a router connected to another port. The monitoring is working, but I'm not seeing multicasts. SwitchA#show int e 0/1 Hardware is Built-in 10Base-T Address is 00B0.6426.7941 MTU 1500 bytes, BW 1 Kbits 802.1d STP State: Forwarding Forward Transitions: 1 Unknown unicast flooding: Disabled Unregistered multicast flooding: Disabled Duplex setting: Half duplex Back pressure: Disabled See how it says that unknown unicast and unregistered multicast are disabled? It doesn't say that for any of the other ports. [snip] Priscilla, This is apparently an intentional side effect of enabling a port for SPAN/port monitoring, according to: http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v8x/19icg8x /19icweb.htm#xtocid482036 So your analyzer would get only broadcasts until you configure it to monitor (copy) other ports on the switch. Those other ports will be getting unknowns and multicast so your monitor port will see a copy. I agree that this behavior is different than all the other Cisco switches including XLs, 4xxx, 5xxx, and 6xxx. - Marty Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12161t=12052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: port block unicast and multicast [7:12052]
See some comments below.
At 06:01 AM 7/12/01, Quek, Steven wrote:
Hi,
I am glad that this topic is discussed here. In fact currently I am doing
a project that is trying to make use of the Port Monitoring/SPAN
feature as a form of keepalive duplicate traffic discovery
with a third party product. I won't go into that detail.
I had read the portion of info at the directed web link. But would like to
confirm my doubts. I need all the valuable advise and inputs from all of
you.
May be I am poor in my English to interpret this. Appreciate to confirm,
does that mean all Cisco Switches, be it Cat 19xx, 29xx, 5xxx, 6xxx, etc
have the similar feature of blocking Unknow Unicast Unregistered Multicast
I have only seen this with the Cat 1900. You will need to check Cisco
documentation for the other switches. I checked the 6xxx and 5xxx
documentation and monitoring multicasts is enabled by default for those
switches. Multicasts are not blocked.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_2/confg_gd/span.htm#xtocid147020
Monitoring multicasts is configurable. See this command:
set span {src_mod/src_ports | src_vlans | sc0} {dest_mod/dest_port} [rx |
tx | both] [inpkts {enable | disable}] [learning {enable | disable}]
[multicast {enable | disable}]
[filter vlans...] [create]
from forwarding through the Source port not reaching the destination
directed ports?
The traffic is also not forwarded out of the connected port to the connected
neighbouring
port?
Source Switch Port1Router-WAN
| ^
Mirrored Traffic---| |
|Eth
Destine Switch Port2
Based on the above diagram for simple discussion.
Does that means EIGRP routing entries will be discarded at the Switch Port1
not updated to the Router
I am assuming that EIGRP multicasts arrive from the router at switch port 1
in your diagram, and port 1 is the monitored (mirrored) port and port 2 is
the monitor port where the analyzer resides. You will not see the EIGRP
multicasts on the destination (monitor) port 2 when using a Cat 1900. The
EIGRP multicasts should go out all other ports on the switch (depending on
VLAN and other configurations.) So, it won't cause any operational problems
on a network. It just makes monitoring difficult.
Note that EIGRP uses multicasts for hellos. It sends routing updates
directly to neighbors, so you would see those on the monitor port.
Ethernet port? Similar CDP, Multicast Video streaming, Mainframe
application, ...etc, will not able
to pass through the Monitored port?
I also do not see CDP on my monitor port on my Cat 1900. I haven't tried
multicast video or other applications.
Lastly, is there a way to enable all traffic to flow through the Monitored
switch port?
Well, it blocks unregistered multicasts. Theoretically you could
register the port to receive multicasts. I don't know how, though. IGMP?
Sorry, I don't know more about this. I'm just discovering the problems
myself. But I think it's just a Cat 1900 problem.
Priscilla
Hope to hear some comments on this. Apprecaite the inputs.
Cheers.
regard
Steven Quek
-Original Message-
From: Marty Adkins [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 11:09 AM
To: [EMAIL PROTECTED]
Subject: Re: port block unicast and multicast [7:12052]
Priscilla Oppenheimer wrote:
Has anyone seen this and is there a workaround?
On a Catalyst 1900 switch enterprise edition, the software has decided
that
one of my ports should not flood unknown unicast or multicast. This
wouldn't be a problem except that the port is also my monitor port for
sniffing packets, and I WANT to see unknown unicast and multicast. I'm
trying to see EIGRP, CDP, etc. from a router connected to another port.
The
monitoring is working, but I'm not seeing multicasts.
SwitchA#show int e 0/1
Hardware is Built-in 10Base-T
Address is 00B0.6426.7941
MTU 1500 bytes, BW 1 Kbits
802.1d STP State: Forwarding Forward Transitions: 1
Unknown unicast flooding: Disabled
Unregistered multicast flooding: Disabled
Duplex setting: Half duplex
Back pressure: Disabled
See how it says that unknown unicast and unregistered multicast are
disabled? It doesn't say that for any of the other ports.
[snip]
Priscilla,
This is apparently an intentional side effect of enabling a port for
SPAN/port monitoring, according to:
http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v8x/19icg8x
/19icweb.htm#xtocid482036
So your analyzer would get only broadcasts until you configure it to
monitor (copy) other ports on the switch. Those other ports will be
getting unknowns and multicast so your monitor port will see a copy.
I agree that this behavior is different than all the other Cisco switches
including XLs, 4xxx, 5xxx, and 6xxx.
- Marty
Priscilla Oppenheimer
http
RE: port block unicast and multicast [7:12052]
Hi,
Priscilla, thank you very much for the info.
I was hoping for your response for I always enjoy your email on the mailing
discussion.
In fact I enjoy reading your DCN book. It is informative straight to the
point.
In fact I used for reference for some of my propsed solution.
The regional project I am handling was having problem with Port Monitoring
and the customer has various types of Cisco switch. I faced this problem
for the Cat6000 when SPAN was enabled. I guess I need to study further
how to configure the SPAN to I understand the SPAN work on the Cat6000.
When SPAN was enabled on Cat6000, the LAN EIGRP routing entries were
lost on the Router Ethernet port. I guess I have to configure the CAT6000
to forward the EIGRP multicast traffic and other types of traffic. Thus,
this is not a workable solution for my customer to go through all these.
Thank you have a great weekend.
With regards
Steven Quek
-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 13, 2001 1:33 AM
To: [EMAIL PROTECTED]
Subject: RE: port block unicast and multicast [7:12052]
See some comments below.
At 06:01 AM 7/12/01, Quek, Steven wrote:
Hi,
I am glad that this topic is discussed here. In fact currently I am doing
a project that is trying to make use of the Port Monitoring/SPAN
feature as a form of keepalive duplicate traffic discovery
with a third party product. I won't go into that detail.
I had read the portion of info at the directed web link. But would like to
confirm my doubts. I need all the valuable advise and inputs from all of
you.
May be I am poor in my English to interpret this. Appreciate to confirm,
does that mean all Cisco Switches, be it Cat 19xx, 29xx, 5xxx, 6xxx, etc
have the similar feature of blocking Unknow Unicast Unregistered
Multicast
I have only seen this with the Cat 1900. You will need to check Cisco
documentation for the other switches. I checked the 6xxx and 5xxx
documentation and monitoring multicasts is enabled by default for those
switches. Multicasts are not blocked.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_2/confg_gd/
span.htm#xtocid147020
Monitoring multicasts is configurable. See this command:
set span {src_mod/src_ports | src_vlans | sc0} {dest_mod/dest_port} [rx |
tx | both] [inpkts {enable | disable}] [learning {enable | disable}]
[multicast {enable | disable}]
[filter vlans...] [create]
from forwarding through the Source port not reaching the destination
directed ports?
The traffic is also not forwarded out of the connected port to the
connected
neighbouring
port?
Source Switch Port1Router-WAN
| ^
Mirrored Traffic---| |
|Eth
Destine Switch Port2
Based on the above diagram for simple discussion.
Does that means EIGRP routing entries will be discarded at the Switch Port1
not updated to the Router
I am assuming that EIGRP multicasts arrive from the router at switch port 1
in your diagram, and port 1 is the monitored (mirrored) port and port 2 is
the monitor port where the analyzer resides. You will not see the EIGRP
multicasts on the destination (monitor) port 2 when using a Cat 1900. The
EIGRP multicasts should go out all other ports on the switch (depending on
VLAN and other configurations.) So, it won't cause any operational problems
on a network. It just makes monitoring difficult.
Note that EIGRP uses multicasts for hellos. It sends routing updates
directly to neighbors, so you would see those on the monitor port.
Ethernet port? Similar CDP, Multicast Video streaming, Mainframe
application, ...etc, will not able
to pass through the Monitored port?
I also do not see CDP on my monitor port on my Cat 1900. I haven't tried
multicast video or other applications.
Lastly, is there a way to enable all traffic to flow through the Monitored
switch port?
Well, it blocks unregistered multicasts. Theoretically you could
register the port to receive multicasts. I don't know how, though. IGMP?
Sorry, I don't know more about this. I'm just discovering the problems
myself. But I think it's just a Cat 1900 problem.
Priscilla
Hope to hear some comments on this. Apprecaite the inputs.
Cheers.
regard
Steven Quek
-Original Message-
From: Marty Adkins [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 11:09 AM
To: [EMAIL PROTECTED]
Subject: Re: port block unicast and multicast [7:12052]
Priscilla Oppenheimer wrote:
Has anyone seen this and is there a workaround?
On a Catalyst 1900 switch enterprise edition, the software has decided
that
one of my ports should not flood unknown unicast or multicast. This
wouldn't be a problem except that the port is also my monitor port for
sniffing packets, and I WANT to see unknown unicast and multicast. I'm
trying to see EIGRP, CDP, etc. from a router connected to another port.
The
monitoring
port block unicast and multicast [7:12052]
Has anyone seen this and is there a workaround? On a Catalyst 1900 switch enterprise edition, the software has decided that one of my ports should not flood unknown unicast or multicast. This wouldn't be a problem except that the port is also my monitor port for sniffing packets, and I WANT to see unknown unicast and multicast. I'm trying to see EIGRP, CDP, etc. from a router connected to another port. The monitoring is working, but I'm not seeing multicasts. SwitchA#show int e 0/1 Hardware is Built-in 10Base-T Address is 00B0.6426.7941 MTU 1500 bytes, BW 1 Kbits 802.1d STP State: Forwarding Forward Transitions: 1 Unknown unicast flooding: Disabled Unregistered multicast flooding: Disabled Duplex setting: Half duplex Back pressure: Disabled See how it says that unknown unicast and unregistered multicast are disabled? It doesn't say that for any of the other ports. My full config is below. Note the added lines for e 0/1. Yes, I did try to enter no port block unicast and no port block multicast but it didn't help. They are still blocked. I guess it must be a feature of the port monitoring. I moved the monitor port to 0/2 and the annoying block commands moved with it. I guess that's the answer. But why would it do this? Thanks Priscilla SwitchA#show version Cisco Catalyst 1900/2820 Enterprise Edition Software Version V8.01.02 SwitchA#show run Building configuration... Current configuration: ! ! vtp domain Lab vtp transparent ! vlan 10 name Engineering sde 100010 state Operational mtu 1500 vlan 50 name Accounting sde 100050 state Operational mtu 1500 ! ! ! ! hostname SwitchA ! ! ! monitor-port monitored 0/26 monitor-port port 0/1 monitor-port ! ip address 172.16.10.3 255.255.255.0 ip default-gateway 172.16.10.1 --More-- ! no rip ! ! ! ! ! interface Ethernet 0/1 port block unicast port block multicast vlan-membership static 10 ! interface Ethernet 0/2 vlan-membership static 10 ! interface Ethernet 0/3 vlan-membership static 10 ! --More-- interface Ethernet 0/4 vlan-membership static 10 ! interface Ethernet 0/5 vlan-membership static 10 ! interface Ethernet 0/6 vlan-membership static 10 ! interface Ethernet 0/7 vlan-membership static 50 ! interface Ethernet 0/8 vlan-membership static 50 ! interface Ethernet 0/9 --More-- vlan-membership static 50 ! interface Ethernet 0/10 vlan-membership static 50 ! interface Ethernet 0/11 vlan-membership static 50 ! interface Ethernet 0/12 vlan-membership static 10 ! interface Ethernet 0/25 vlan-membership static 50 ! interface FastEthernet 0/26 --More-- ! vlan-membership static 50 ! ! interface FastEthernet 0/27 ! vlan-membership static 50 ! ! line console end Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12052t=12052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: port block unicast and multicast [7:12052]
Priscilla Oppenheimer wrote: Has anyone seen this and is there a workaround? On a Catalyst 1900 switch enterprise edition, the software has decided that one of my ports should not flood unknown unicast or multicast. This wouldn't be a problem except that the port is also my monitor port for sniffing packets, and I WANT to see unknown unicast and multicast. I'm trying to see EIGRP, CDP, etc. from a router connected to another port. The monitoring is working, but I'm not seeing multicasts. SwitchA#show int e 0/1 Hardware is Built-in 10Base-T Address is 00B0.6426.7941 MTU 1500 bytes, BW 1 Kbits 802.1d STP State: Forwarding Forward Transitions: 1 Unknown unicast flooding: Disabled Unregistered multicast flooding: Disabled Duplex setting: Half duplex Back pressure: Disabled See how it says that unknown unicast and unregistered multicast are disabled? It doesn't say that for any of the other ports. [snip] Priscilla, This is apparently an intentional side effect of enabling a port for SPAN/port monitoring, according to: http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v8x/19icg8x/19icweb.htm#xtocid482036 So your analyzer would get only broadcasts until you configure it to monitor (copy) other ports on the switch. Those other ports will be getting unknowns and multicast so your monitor port will see a copy. I agree that this behavior is different than all the other Cisco switches including XLs, 4xxx, 5xxx, and 6xxx. - Marty Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12055t=12052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
