What?

There is nothing coming from port 4.  Port 4 is the destination of the mirror with network analyzer attached.  Traffic of port 8 is mirrored TO port 4 to be probed by the network analyzer.

Why should port 8 not have a VLAN membership?  Doesn't it have too in order to participate in the VLAN 99? How else would packets get from ports 6 & 7 to port 8 if it is not a member of VLAN 99?

It is my misinterpretation. I read it as port 4 is the port you are monitoring.

You should still see vlan 99 advertisement even if it is an untagged member.

-Tom
Please mark answered for helpful posts

But what I want to see is what is actually being put out on the wire.  Which is untagged.  Otherwise it is indicating that tagged packtes are being sent out and is missleading.

That is untrue and impossible. The reason is, 802.1q will always include the vlan id unless it is a member of the default vlan. Vlan 99 although untagged is NOT the default vlan.

-Tom
Please mark answered for helpful posts

Don't think that is correct.  The point of the port being an untagged member of a VLAN is so that the VLAN tag gets stripped from packets going out onto the wire.  Which it is.  Verified by hanging a true HUB off of port 8 with a network analyzer.  There is no VLAN tag present.  But yet the VLAN is still present on the probe port.

Okay, please explain this scenario-

Router is 192.168.100.1.

Switch is 192.168.100.2

Host A is 192.168.100.3

Host B is 192.168.100.4

Host A is a member of vlan 1 untagged

Host B is a member of vlan 2 untagged

Both host A and B are in the same subnet and share the same default gateway but are in the different vlans.

Does Host A and Host B communicate to each other?

-Tom
Please mark answered for helpful posts

No. Because the switch does not forward vlan 1 packets to vlan 2 member ports nor vlan 2 packets to vlan 1 member ports.
Not because the packets are tagged or untagged upon egress.
If the switch ports host A and B are conected to are untagged members of their respective VLAN (1 & 2) then the packets will be untagged up on egress.  And if you run a sniffer on them you won't see the vlan tags.

Assuming 802.1q (General mode), not Trunked or Access.

What are the size of the packets you see when comparing to a hub vs the SPAN?

-Tom
Please mark answered for helpful posts

4 bytes less.  The size of VLAN tags.  Amazing coincidence eh.

I am having a fun conversation on the side and here is how I justify what you're seeing. This is exactly a snippit of our IM conversation-

Tom Watts:

if what he says is true then yes

-Tom
Please mark answered for helpful posts

No.  Port 4 mirror target does not have impact on what is going out on port 8 wire.  Think you are still misunderstanding.  Don't make is so complex.  It is a very simple setup.

Port 8 is an untagged member of vlan 99 with a PVID of 99 and in "general mode" (802.1q).  Not trunk nor access mode. And is not a member of any other vlans.

Port 8 is source port of mirror to destination on port 4.

Traffic egress form port 8 onto the wire has no vlan tag.  That is as expected.

However, the traffic being analyzed from the mirror destination port 4 does have the vlan 99 tag.  But I don't what it to because that then does not reflect what actually went out on the wire connected to port 8.

I know. Thats what the conversation is about. Why would a neutral monitor port have a vlan id affixed? The only explanation is that the port 4 is following rules of 802.1q while it shouldn't.

-Tom
Please mark answered for helpful posts

The neutral monitor port should have the same vlan id affixed as the source port on wire traffic.  So in the case of a tagged vlan it would be expected to vlan id affixed to the packets.  But in this case the monitor source port is an untagged member and therefor the packets should not have a vlain id affixed.