Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1010
Views
0
Helpful
2
Replies

Port Mirror does not pass all data frames

Go to solution
yoram12345
Level 1
Level 1

‎11-23-2010 01:53 AM - edited ‎03-06-2019 02:10 PM

Hi all,

I have cisco catalyst 3750.

I have noticed that when i connect the sniffer - wireshark to the port mirroring instaed of teh original port, i do not see all the packets

for example BPDU , VLANS ..

any suggestions ?

BR,

Yoram

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎11-23-2010 01:56 AM

Hello Yoram,

You need to use the SPAN and define the destination port using the optional encapsulation replicate keywords. This is an excerpt from Cat3560 IOS Configuration Guide (applies to 3750 as well):

The default configuration for local SPAN session ports is to send all  packets untagged. SPAN also does not normally monitor bridge protocol  data unit (BPDU) packets and Layer 2 protocols, such as Cisco Discovery  Protocol (CDP), VLAN Trunk Protocol (VTP), Dynamic Trunking Protocol  (DTP), Spanning Tree Protocol (STP), and Port Aggregation Protocol  (PAgP). However, when you enter the encapsulation replicate keywords when configuring a destination port, these changes occur:

  • Packets  are sent on the destination port with the same encapsulation—untagged,  Inter-Switch Link (ISL), or IEEE 802.1Q—that they had on the source  port.

  • Packets of all types, including BPDU and Layer 2 protocol packets, are monitored.

Therefore, a local SPAN session with encapsulation replicate enabled can  have a mixture of untagged, ISL, and IEEE 802.1Q tagged packets appear  on the destination port.

See http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_55_se/configuration/guide/swspan.html#wp1204187 for further info.

Best regards,

Peter

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎11-23-2010 01:56 AM

Hello Yoram,

You need to use the SPAN and define the destination port using the optional encapsulation replicate keywords. This is an excerpt from Cat3560 IOS Configuration Guide (applies to 3750 as well):

The default configuration for local SPAN session ports is to send all  packets untagged. SPAN also does not normally monitor bridge protocol  data unit (BPDU) packets and Layer 2 protocols, such as Cisco Discovery  Protocol (CDP), VLAN Trunk Protocol (VTP), Dynamic Trunking Protocol  (DTP), Spanning Tree Protocol (STP), and Port Aggregation Protocol  (PAgP). However, when you enter the encapsulation replicate keywords when configuring a destination port, these changes occur:

  • Packets  are sent on the destination port with the same encapsulation—untagged,  Inter-Switch Link (ISL), or IEEE 802.1Q—that they had on the source  port.

  • Packets of all types, including BPDU and Layer 2 protocol packets, are monitored.

Therefore, a local SPAN session with encapsulation replicate enabled can  have a mixture of untagged, ISL, and IEEE 802.1Q tagged packets appear  on the destination port.

See http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_55_se/configuration/guide/swspan.html#wp1204187 for further info.

Best regards,

Peter

0 Helpful

Go to solution
yoram12345
Level 1
Level 1
In response to Peter Paluch

‎11-23-2010 02:19 AM

Hi Peter,

Thanks a lot, it works

BR,

Yoram

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card