Cisco催化剂“流量跨越”不起作用,尝试了多种方法,不知道下一步要尝试什么
Cisco催化剂“流量跨越”不起作用,尝试了多种方法,不知道下一步要尝试什么
提问于 2019-04-04 17:35:41
所以我们这里有个奇怪的装置。在我工作的地方,我们有两个Nexus9k交换机运行着我们的核心网分别命名为A和B,它们有跨端口将流量发送到催化剂2960-X,后者反过来中继到另一个用于流量监控的系统(不幸的是,后者只有一个NIC )。
最初,我们在VLAN 1000的催化剂交换机中使用一个中间VLAN来尝试以一种能够被正确检测并传递到流量监控系统的方式来传递流量,因此端口46、46和47都有:
switchport mode access
switchport access vlan 1000..。这起作用了。但是,在移动到新的数据中心后,保持端口连接相同,这将不再有效。
如下图所示,我们还试图将其作为催化剂-本地SPAN端口来实现,在解构开关端口访问模式以只进行直跨行为之后:
VLAN / access端口方法和SPAN方法似乎都无法将流量传递给监视系统。催化剂上来自show int gig 1/0/45或show int gig 1/0/46的接口统计数据显示,随着数据包计数器的不断增加,流量和接收的数据包数量都在增加。但是,这将不再将Cataylst中的通信量中继到端口48 --它的计数器显示零数据包活动,下游流量监视系统没有看到任何流量通过该端口。
有人知道我们怎样才能让这件事再次发生吗?流量监控系统是一个专用的设备,只有一个上行端口,因此我们不能将额外的NIC放入等式中,通过单个NIC从每个交换机直接将流量泵到流量监视器,不幸的是……
催化剂span配置:
monitor session 1 source int gig 1/0/45 both
monitor session 1 source int gig 1/0/46 both
monitor session 1 dest int gig 1/0/48Nexus本地span配置(两者相同,请注意这不是RSPAN设置):
monitor session 1
source vlan 20-21,121,150,160,270,300,400,500 both
destination interface Ethernet1/15
no shut请注意,我们可以根据催化剂的端口45和46上的“接收”率来确认,流量来自NEXUS,到达催化剂上的45和46端口,只是没有通过从这两个端口跨越催化剂上的端口48。
ALso注意到,VLAN1000并不存在于网络上的其他任何地方,而且目前还没有发挥作用;为了尝试使用标准SPAN,access交换端口信任被删除,尽管这两种机制都不起作用。(VLAN 1000被用作一个只在内部直接切换的VLAN,试图欺骗系统将未加标记的数据包从Nexuses传递到监控系统所在的端口)
要求催化剂上的show monitor session 1 detail输出:
#show monitor session 1 detail
Session 1
---------
Type : Local Session
Description : -
Source Ports :
RX Only : None
TX Only : None
Both : Gi1/0/45-46
Source VLANs :
RX Only : None
TX Only : None
Both : None
Source RSPAN VLAN : None
Destination Ports : Gi1/0/48
Encapsulation : Native
Ingress : Disabled
Filter VLANs : None
Dest RSPAN VLAN : None催化剂2960-X目前运行配置show run (部分消毒以隐藏敏感信息):
Current configuration : 8036 bytes
!
! Last configuration change at 17:13:19 UTC Thu Apr 4 2019 by admin
! NVRAM config last updated at 16:20:59 UTC Mon Apr 1 2019 by admin
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname catalyst
!
boot-start-marker
boot-end-marker
!
!
[username data snipped]
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default none
aaa authorization commands 15 default local
!
!
!
!
!
!
aaa session-id common
switch 1 provision ws-c2960x-48fps-l
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-2307906176
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2307906176
revocation-check none
rsakeypair TP-self-signed-2307906176
!
!
crypto pki certificate chain TP-self-signed-2307906176
certificate self-signed 01
[SNIP]
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/2
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/5
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/6
description exagrid mgmt
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/7
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/8
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/9
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/10
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/11
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/12
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/13
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/14
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/15
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/16
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/17
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/18
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/19
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/20
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/21
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/22
description WAN Switch
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/23
description Core 9K A
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/24
description Core 9K B
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/25
description UPLINK TO MGT NETWORK
switchport trunk allowed vlan 255
switchport mode trunk
!
interface GigabitEthernet1/0/26
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/27
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/28
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/29
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/30
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/31
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/32
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/33
description esx500 console
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/34
description esx501 Console
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/35
description esx502 Console
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/36
description esx503 Console
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/37
description esx504 Console
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/38
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/39
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/40
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/41
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/42
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/43
!
interface GigabitEthernet1/0/44
!
interface GigabitEthernet1/0/45
description Core A Monitor Port
!
interface GigabitEthernet1/0/46
description Core B Monitor Port
!
interface GigabitEthernet1/0/47
!
interface GigabitEthernet1/0/48
description Monitor Ports to Monitoring System
!
interface GigabitEthernet1/0/49
!
interface GigabitEthernet1/0/50
!
interface GigabitEthernet1/0/51
!
interface GigabitEthernet1/0/52
!
interface Vlan1
no ip address
!
interface Vlan255
ip address 10.1.255.21 255.255.255.0
!
interface Vlan1000
description SPAN collection
no ip address
!
ip http server
ip http secure-server
!
!
!
!
!
!
!
line con 0
line vty 0 4
timeout login response 300
transport input telnet ssh
line vty 5 15
timeout login response 300
transport input telnet ssh
!
!
monitor session 1 source interface Gi1/0/45 - 46
monitor session 1 destination interface Gi1/0/48
end回答 1
Server Fault用户
回答已采纳
发布于 2019-04-04 20:05:52
根据这些注释,您似乎还没有在交换机上的VLAN数据库中创建VLAN。
不使用全局vlan命令为独立交换机创建VLAN是常见的问题来源。使用树干的交换机通常启用VTP,VLAN数据库将由VTP填充。对于独立交换机和VTP透明模式下的交换机,您需要确保创建交换机上使用的VLAN。
这似乎解决了你的问题。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/961552
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号