Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1835
Views
0
Helpful
2
Replies

CDP and STP over SPAN port

Michal Valach
Level 1
Level 1

‎02-03-2020 04:13 AM

Hello all,

in CISCO book I found that CDP and STP protocol should not be sent over SPAN session. But when we implement SPAN session on 2960 switch and  I see CDP and STP. I need to disable it as it is causing a lot of unwanted traffic.

Thanks in advance for any suggestions...

Labels:
0 Helpful
2 Replies 2

Mark Malone
VIP Alumni
VIP Alumni

‎02-03-2020 04:40 AM

Hi what way is it configured , if replicate is enabled it will show cdp/stp packets , even if you didnt configure it make sure its not set in show run all
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_52_se/configuration/guide/3750scg/swspan.html

The default configuration for local SPAN session ports is to send all packets untagged. SPAN also does not normally monitor bridge protocol data unit (BPDU) packets and Layer 2 protocols, such as Cisco Discovery Protocol (CDP), VLAN Trunk Protocol (VTP), Dynamic Trunking Protocol (DTP), Spanning Tree Protocol (STP), and Port Aggregation Protocol (PAgP). However, when you enter the encapsulation replicate keywords when configuring a destination port, these changes occur:

•Packets are sent on the destination port with the same encapsulation—untagged, Inter-Switch Link (ISL), or IEEE 802.1Q—that they had on the source port.

•Packets of all types, including BPDU and Layer 2 protocol packets, are monitored.

Therefore, a local SPAN session with encapsulation replicate enabled can have a mixture of untagged, ISL, and IEEE 802.1Q tagged packets appear on the destination port.

Switch congestion can cause packets to be dropped at ingress source ports, egress source ports, or SPAN destination ports. In general, these characteristics are independent of one another. For example:

•A packet might be forwarded normally but dropped from monitoring due to an oversubscribed SPAN destination port.

•An ingress packet might be dropped from normal forwarding, but still appear on the SPAN destination port.

•An egress packet dropped because of switch congestion is also dropped from egress SPAN.
0 Helpful

Michal Valach
Level 1
Level 1
In response to Mark Malone

‎02-03-2020 05:21 AM

Hi,

thank you for reply.

Encapsulation replicate is not configured, or exist in sh run all.

We have simple local SPAN: 

 

monitor session 1 source interface Te1/0/1
monitor session 1 destination interface Te1/0/10

 

Behind Te1/0/1 we have access switch where we need to monitor communication. 

0 Helpful
Customers Also Viewed These Support Documents