So we have an odd setup here. Where I work, we have two Nexus 9k switches running our core network - A and B named respectively, and they have span ports which send traffic to a Catalyst 2960-X which in turn relays to another system for traffic monitoring (which only has one NIC unfortunately)
Initially we were using an intermediate VLAN within the Catalyst switch of VLAN 1000 to try and hand off the traffic in a way that'd be properly detected and passed to the traffic monitoring system, such that ports 46, 46, and 47 all had:
switchport mode access
switchport access vlan 1000
... and this was working. However, after moving to a new datacenter, keeping the port connections identical, this no longer works.
We also attempted to do this as a Catalyst-local SPAN port as this diagram shows, after deconfiguring the switchport access modes to go to just straight SPAN behavior:
Neither the VLAN / access port method nor the SPAN methods seem to work to pass traffic to the monitoring system. The interface statistics from show int gig 1/0/45 or show int gig 1/0/46 on the Catalyst show traffic increase and number of packets received as constantly incrementing with the packet counters. But, this no longer relays traffic over the SPAN in the Cataylst to port 48 - its counters show zero packet activity, and the downstream traffic monitoring system sees no traffic coming over this.
Anyone got any idea in how we can make this work again? The traffic monitoring system is a dedicated appliance that only has one uplink port, so we can't go and throw an extra NIC into the equation to pump traffic direct to the traffic monitor from each switch via individual NICs, unfortunately...
Catalyst span config:
monitor session 1 source int gig 1/0/45 both
monitor session 1 source int gig 1/0/46 both
monitor session 1 dest int gig 1/0/48
Nexus local span config (identical for both, note this is not an RSPAN setup):
monitor session 1
source vlan 20-21,121,150,160,270,300,400,500 both
destination interface Ethernet1/15
no shut
Note that we can confirm based on the 'receive' rates on the Catalyst's ports 45 and 46 that traffic is coming from the NEXUS and reaching ports 45 and 46 on the Catalyst, it's just not passing the traffic along to span port 48 on the Catalyst from those two ports.
ALso note that VLAN 1000 does not exist anywhere else on the network, and is at this point not in play; the access switchport configs were deleted in an attempt to use standard SPAN instead, though neither mechanism works. (VLAN 1000 was used as a straight switch-internal-only VLAN to try and trick the system to pass the packets in untagged from from the Nexuses to the port where the monitoring system was in place)
Requested output of show monitor session 1 detail on the Catalyst:
#show monitor session 1 detail
Session 1
---------
Type : Local Session
Description : -
Source Ports :
RX Only : None
TX Only : None
Both : Gi1/0/45-46
Source VLANs :
RX Only : None
TX Only : None
Both : None
Source RSPAN VLAN : None
Destination Ports : Gi1/0/48
Encapsulation : Native
Ingress : Disabled
Filter VLANs : None
Dest RSPAN VLAN : None
Catalyst 2960-X currently running config show run (partly sanitized to hide sensitive information):
Current configuration : 8036 bytes
!
! Last configuration change at 17:13:19 UTC Thu Apr 4 2019 by admin
! NVRAM config last updated at 16:20:59 UTC Mon Apr 1 2019 by admin
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname catalyst
!
boot-start-marker
boot-end-marker
!
!
[username data snipped]
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default none
aaa authorization commands 15 default local
!
!
!
!
!
!
aaa session-id common
switch 1 provision ws-c2960x-48fps-l
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-2307906176
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2307906176
revocation-check none
rsakeypair TP-self-signed-2307906176
!
!
crypto pki certificate chain TP-self-signed-2307906176
certificate self-signed 01
[SNIP]
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/2
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/5
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/6
description exagrid mgmt
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/7
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/8
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/9
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/10
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/11
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/12
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/13
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/14
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/15
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/16
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/17
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/18
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/19
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/20
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/21
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/22
description WAN Switch
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/23
description Core 9K A
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/24
description Core 9K B
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet1/0/25
description UPLINK TO MGT NETWORK
switchport trunk allowed vlan 255
switchport mode trunk
!
interface GigabitEthernet1/0/26
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/27
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/28
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/29
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/30
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/31
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/32
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/33
description esx500 console
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/34
description esx501 Console
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/35
description esx502 Console
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/36
description esx503 Console
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/37
description esx504 Console
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/38
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/39
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/40
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/41
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/42
switchport access vlan 255
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/43
!
interface GigabitEthernet1/0/44
!
interface GigabitEthernet1/0/45
description Core A Monitor Port
!
interface GigabitEthernet1/0/46
description Core B Monitor Port
!
interface GigabitEthernet1/0/47
!
interface GigabitEthernet1/0/48
description Monitor Ports to Monitoring System
!
interface GigabitEthernet1/0/49
!
interface GigabitEthernet1/0/50
!
interface GigabitEthernet1/0/51
!
interface GigabitEthernet1/0/52
!
interface Vlan1
no ip address
!
interface Vlan255
ip address 10.1.255.21 255.255.255.0
!
interface Vlan1000
description SPAN collection
no ip address
!
ip http server
ip http secure-server
!
!
!
!
!
!
!
line con 0
line vty 0 4
timeout login response 300
transport input telnet ssh
line vty 5 15
timeout login response 300
transport input telnet ssh
!
!
monitor session 1 source interface Gi1/0/45 - 46
monitor session 1 destination interface Gi1/0/48
end
