cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

675
Views
0
Helpful
3
Replies
payala
Beginner

EAPoL not showing in RSPAN session

Hello,

I hope that you can help me figuring out why am I not able to see any EAPoL messages on my remote SPAN port configuration, this is my scenario:

Laptop (authenticating) -- Switch1 -- Switch2 -- Laptop (Monitor)

For more detail scenario
Laptop -- <port g0/2> Switch1 (Cisco 3560-CG) <port g0/10> -- <port g1/0/15> Switch2 (Cisco 3750G) <port g2/0/2>

The configuration from switch1:
monitor session 1 source interface Gi0/1 - 7
monitor session 1 destination remote vlan 101

The configuration from Switch2:
monitor session 2 destination interface Gi2/0/2
monitor session 2 source remote vlan 101

AS you can see I'm using remote span configuration and using remote vlan 101 to carry all my traffic.

When I turn on tshark or wireshark and make a filter eapol or eth.type == 0x888e I can't see anything, no packets coming to that port.

Now what's important to mention is that if I use a local port on the 3560-CG, without any remote span am able to see all the packets, eapol and eth.type... What am I missing, should the cisco SPAN port forward all packets? There are no other commands for the cisco to configure special fields.

Thanks and I hope that someone can help me.

Regards

1 ACCEPTED SOLUTION

Accepted Solutions

Hi

See the following Cisco documenmtation:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swspan.html#wp1073772

It states that "RSPAN does not support BPDU packet monitoring or other Layer 2 switch protocols." whereas SPAN does

EAPOL would fall under this category so wouldn't be supported by RSPAN. Better explantion of this can be seen in the following blog:

https://mellowd.co.uk/ccie/?p=2403

hth
Andy

View solution in original post

3 REPLIES 3
jan.nielsen
Rising star

As far as i know EAP packets, are not captured on switch ports at all. At least not when i last tried it. you probably will need to use another "hub" between the switch and the device.

Actually you can, only if I connect the SPAN port in the same switch, attached is the screenshots from the captures:

Hi

See the following Cisco documenmtation:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swspan.html#wp1073772

It states that "RSPAN does not support BPDU packet monitoring or other Layer 2 switch protocols." whereas SPAN does

EAPOL would fall under this category so wouldn't be supported by RSPAN. Better explantion of this can be seen in the following blog:

https://mellowd.co.uk/ccie/?p=2403

hth
Andy

View solution in original post

Content for Community-Ad