Networking
Cisco Catalyst“流量跨越”不起作用,嘗試了多種方法,不知道接下來要嘗試什麼
所以我們在這裡有一個奇怪的設置。在我工作的地方,我們有兩台 Nexus 9k 交換機執行我們的核心網路 - 分別命名為 A 和 B,它們有跨接埠,將流量發送到 Catalyst 2960-X,後者又中繼到另一個系統進行流量監控(只有一個不幸的是,網卡)
最初,我們在 VLAN 1000 的 Catalyst 交換機中使用中間 VLAN 來嘗試以一種可以正確檢測並傳遞給流量監控系統的方式傳遞流量,這樣埠 46、46 和 47 都具有:
switchport mode access switchport access vlan 1000……這很有效。但是,在移動到新的數據中心後,保持埠連接相同,這不再有效。
我們還嘗試將其作為 Catalyst 本地 SPAN 埠,如圖所示,在取消配置交換機埠訪問模式以直接進入 SPAN 行為之後:
VLAN/訪問埠方法和 SPAN 方法似乎都無法將流量傳遞到監控系統。來自
show int gig 1/0/45或show int gig 1/0/46在 Catalyst 上的介面統計數據顯示流量增加和接收的數據包數量隨著數據包計數器的不斷增加而增加。但是,這不再通過 Cataylst 中的 SPAN 將流量中繼到埠 48 - 它的計數器顯示零數據包活動,並且下游流量監控系統發現沒有流量通過該埠。任何人都知道我們如何讓這項工作再次發揮作用?流量監控系統是一種專用設備,只有一個上行鏈路埠,因此我們不能在方程式中添加額外的 NIC,以通過單獨的 NIC 將流量從每個交換機直接泵送到流量監控器,不幸的是……
催化劑跨度配置:
monitor session 1 source int gig 1/0/45 both monitor session 1 source int gig 1/0/46 both monitor session 1 dest int gig 1/0/48Nexus 本地跨度配置(兩者相同,請注意這不是 RSPAN 設置):
monitor session 1 source vlan 20-21,121,150,160,270,300,400,500 both destination interface Ethernet1/15 no shut請注意,我們可以根據 Catalyst 埠 45 和 46 上的“接收”速率確認流量來自NEXUS 並到達 Catalyst 上的埠 45 和 46,它只是沒有將流量傳遞到 Catalyst 上的跨埠 48從這兩個埠。
另請注意,VLAN 1000 不存在於網路上的其他任何地方,並且此時不可用;交換機埠配置被刪除以
access嘗試使用標準 SPAN,儘管這兩種機制都不起作用。(VLAN 1000 被用作純交換機內部 VLAN,試圖欺騙系統將未標記的數據包從 Nexuses 傳遞到監控系統所在的埠)
show monitor session 1 detail在催化劑上請求的輸出:#show monitor session 1 detail Session 1 --------- Type : Local Session Description : - Source Ports : RX Only : None TX Only : None Both : Gi1/0/45-46 Source VLANs : RX Only : None TX Only : None Both : None Source RSPAN VLAN : None Destination Ports : Gi1/0/48 Encapsulation : Native Ingress : Disabled Filter VLANs : None Dest RSPAN VLAN : None目前執行的 Catalyst 2960-X 配置
show run(部分清理以隱藏敏感資訊):Current configuration : 8036 bytes ! ! Last configuration change at 17:13:19 UTC Thu Apr 4 2019 by admin ! NVRAM config last updated at 16:20:59 UTC Mon Apr 1 2019 by admin ! version 15.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname catalyst ! boot-start-marker boot-end-marker ! ! [username data snipped] aaa new-model ! ! aaa authentication login default local aaa authentication enable default none aaa authorization commands 15 default local ! ! ! ! ! ! aaa session-id common switch 1 provision ws-c2960x-48fps-l ! ! ! ! ! ! ! ! ! crypto pki trustpoint TP-self-signed-2307906176 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2307906176 revocation-check none rsakeypair TP-self-signed-2307906176 ! ! crypto pki certificate chain TP-self-signed-2307906176 certificate self-signed 01 [SNIP] quit spanning-tree mode pvst spanning-tree extend system-id ! ! ! ! vlan internal allocation policy ascending ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0 no ip address ! interface GigabitEthernet1/0/1 switchport access vlan 255 switchport mode access ! interface GigabitEthernet1/0/2 switchport access vlan 255 switchport mode access ! interface GigabitEthernet1/0/3 switchport access vlan 255 switchport mode access ! interface GigabitEthernet1/0/4 switchport access vlan 255 switchport mode access ! interface GigabitEthernet1/0/5 switchport access vlan 255 switchport mode access ! interface GigabitEthernet1/0/6 description exagrid mgmt switchport access vlan 255 switchport mode access ! interface GigabitEthernet1/0/7 switchport access vlan 255 switchport mode access ! interface GigabitEthernet1/0/8 switchport access vlan 255 switchport mode access ! interface GigabitEthernet1/0/9 switchport access vlan 255 switchport mode access ! interface GigabitEthernet1/0/10 switchport access vlan 255 switchport mode access ! interface GigabitEthernet1/0/11 switchport access vlan 255 switchport mode access ! interface GigabitEthernet1/0/12 switchport access vlan 255 switchport mode access ! interface GigabitEthernet1/0/13 switchport access vlan 255 switchport mode access ! interface GigabitEthernet1/0/14 switchport access vlan 255 switchport mode access ! interface GigabitEthernet1/0/15 switchport access vlan 255 switchport mode access ! interface GigabitEthernet1/0/16 switchport access vlan 255 switchport mode access ! interface GigabitEthernet1/0/17 switchport access vlan 255 switchport mode access ! interface GigabitEthernet1/0/18 switchport access vlan 255 switchport mode access ! interface GigabitEthernet1/0/19 switchport access vlan 255 switchport mode access ! interface GigabitEthernet1/0/20 switchport access vlan 255 switchport mode access ! interface GigabitEthernet1/0/21 switchport access vlan 255 switchport mode access ! interface GigabitEthernet1/0/22 description WAN Switch switchport access vlan 255 switchport mode access ! interface GigabitEthernet1/0/23 description Core 9K A switchport access vlan 255 switchport mode access ! interface GigabitEthernet1/0/24 description Core 9K B switchport access vlan 255 switchport mode access ! interface GigabitEthernet1/0/25 description UPLINK TO MGT NETWORK switchport trunk allowed vlan 255 switchport mode trunk ! interface GigabitEthernet1/0/26 switchport access vlan 255 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/27 switchport access vlan 255 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/28 switchport access vlan 255 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/29 switchport access vlan 255 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/30 switchport access vlan 255 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/31 switchport access vlan 255 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/32 switchport access vlan 255 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/33 description esx500 console switchport access vlan 255 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/34 description esx501 Console switchport access vlan 255 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/35 description esx502 Console switchport access vlan 255 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/36 description esx503 Console switchport access vlan 255 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/37 description esx504 Console switchport access vlan 255 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/38 switchport access vlan 255 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/39 switchport access vlan 255 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/40 switchport access vlan 255 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/41 switchport access vlan 255 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/42 switchport access vlan 255 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/43 ! interface GigabitEthernet1/0/44 ! interface GigabitEthernet1/0/45 description Core A Monitor Port ! interface GigabitEthernet1/0/46 description Core B Monitor Port ! interface GigabitEthernet1/0/47 ! interface GigabitEthernet1/0/48 description Monitor Ports to Monitoring System ! interface GigabitEthernet1/0/49 ! interface GigabitEthernet1/0/50 ! interface GigabitEthernet1/0/51 ! interface GigabitEthernet1/0/52 ! interface Vlan1 no ip address ! interface Vlan255 ip address 10.1.255.21 255.255.255.0 ! interface Vlan1000 description SPAN collection no ip address ! ip http server ip http secure-server ! ! ! ! ! ! ! line con 0 line vty 0 4 timeout login response 300 transport input telnet ssh line vty 5 15 timeout login response 300 transport input telnet ssh ! ! monitor session 1 source interface Gi1/0/45 - 46 monitor session 1 destination interface Gi1/0/48 end
根據評論,您似乎沒有在交換機的 VLAN 數據庫中創建 VLAN。
不使用 global
vlan命令為獨立交換機創建 VLAN 是常見的問題來源。使用中繼的交換機通常啟用 VTP,並且 VLAN 數據庫將由 VTP 填充。對於獨立交換機和 VTP 透明模式的交換機,您需要確保創建交換機上使用的 VLAN。這似乎解決了你的問題。