11-23-2010 01:53 AM - edited 03-06-2019 02:10 PM
Hi all,
I have cisco catalyst 3750.
I have noticed that when i connect the sniffer - wireshark to the port mirroring instaed of teh original port, i do not see all the packets
for example BPDU , VLANS ..
any suggestions ?
BR,
Yoram
Solved! Go to Solution.
11-23-2010 01:56 AM
Hello Yoram,
You need to use the SPAN and define the destination port using the optional encapsulation replicate keywords. This is an excerpt from Cat3560 IOS Configuration Guide (applies to 3750 as well):
The default configuration for local SPAN session ports is to send all packets untagged. SPAN also does not normally monitor bridge protocol data unit (BPDU) packets and Layer 2 protocols, such as Cisco Discovery Protocol (CDP), VLAN Trunk Protocol (VTP), Dynamic Trunking Protocol (DTP), Spanning Tree Protocol (STP), and Port Aggregation Protocol (PAgP). However, when you enter the encapsulation replicate keywords when configuring a destination port, these changes occur:
Packets are sent on the destination port with the same encapsulation—untagged, Inter-Switch Link (ISL), or IEEE 802.1Q—that they had on the source port.
Packets of all types, including BPDU and Layer 2 protocol packets, are monitored.
Therefore, a local SPAN session with encapsulation replicate enabled can have a mixture of untagged, ISL, and IEEE 802.1Q tagged packets appear on the destination port.
See http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_55_se/configuration/guide/swspan.html#wp1204187 for further info.
Best regards,
Peter
11-23-2010 01:56 AM
Hello Yoram,
You need to use the SPAN and define the destination port using the optional encapsulation replicate keywords. This is an excerpt from Cat3560 IOS Configuration Guide (applies to 3750 as well):
The default configuration for local SPAN session ports is to send all packets untagged. SPAN also does not normally monitor bridge protocol data unit (BPDU) packets and Layer 2 protocols, such as Cisco Discovery Protocol (CDP), VLAN Trunk Protocol (VTP), Dynamic Trunking Protocol (DTP), Spanning Tree Protocol (STP), and Port Aggregation Protocol (PAgP). However, when you enter the encapsulation replicate keywords when configuring a destination port, these changes occur:
Packets are sent on the destination port with the same encapsulation—untagged, Inter-Switch Link (ISL), or IEEE 802.1Q—that they had on the source port.
Packets of all types, including BPDU and Layer 2 protocol packets, are monitored.
Therefore, a local SPAN session with encapsulation replicate enabled can have a mixture of untagged, ISL, and IEEE 802.1Q tagged packets appear on the destination port.
See http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_55_se/configuration/guide/swspan.html#wp1204187 for further info.
Best regards,
Peter
11-23-2010 02:19 AM
Hi Peter,
Thanks a lot, it works
BR,
Yoram
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide