I am including the entire configuration of the switch.   The plan is to use a feed from another vendor switch but the test configuration has the device generating the IEEE 802.3 packets connected to directly to port 0/22 and I have configured the monitor session to take the data on port 0/22 and monitor out to port 0/3.  I am wondering if this is a flowcontrol issue or a QoS issue.

I also attached a copy of the packet format that I am having trouble with.

Wayne

monitor session 1 source interface Gi0/22 rx

monitor session 1 destination interface Gi0/3 encapsulation replicate

Well, you're taking receive traffic from gi0/22 and putting it to gi0/3.

interface GigabitEthernet0/22

media-type rj45

spanning-tree bpdufilter enable

spanning-tree guard none

I noticed that there was not a 'switchport mode access' command on this port. I also don't see a vlan assigned to this port.

interface GigabitEthernet0/3

description lontest1 span

switchport mode access

no keepalive

spanning-tree portfast

spanning-tree bpdufilter enable

I don't see any vlan assigned to this port.

Can you put the output of 'show int trunk' as well.

Yes input on 22 and output on 3.   3 is a monitor destination port - VLAN configuraiton would seem to be irrelevant but, when in mode access the default VLAN is 1.   I did have port 22 with a 'switchport mode access' command but that didn't make any difference - will test it again.  Note that the 'encapsulation replicate' didn't make a difference but I left it there.  Attached is the interface trunk information.

Wayne

Port        Vlans in spanning tree forwarding state and not pruned

Gi0/24      85,811,830

Lab2960-ms1#

vlan 950

name TEST_RSPAN

remote-span

It looks like the RSPAN VLAN is not configured to go across gi0/24 which is the only trunk that is up and operational.

interface GigabitEthernet0/21

description UL test link

switchport trunk allowed vlan 950

switchport mode access

media-type rj45

I noticed this as well. It's configured with the 'switchport trunk allowed' command but it's set to 'switchport mode access'

I apologize if I wasn't clear.   I am not using RSPAN for this effort.  I am using straight monitor to span the input to port 22 to port 3 in this case.  RSPAN would be used if I was accepting a remote RSPAN VLAN from another switch.  This test does not do that.  The future planned implementation would just have the output of another vendors mirror port sent to an input port of the Cisco 2960.   The 'switchport trunk allowed vlan 950' is just a residule command from when I was testing in a different configuration.   It is in mode 'access' so the trunk command has not effect... .or shouldn't as I understand it.

Wayne

I see what you mean. From looking at the monitor session configuration, everything seems ok.

What device do you have connected to gi0/3 that is reading the data from this port?

Currently have a workstation that is running wireshark.  Works for Ethernet II but not for IEEE 802.3.

Do you see anything at all when you choose IEEE 802.3 ?

Where would I select IEEE 802.3?  The workstation records whatever it receives, Ethernet II, IEEE 802.3, etc....  The problem is the data is not coming out the destination port when the source is IEEE 802.3.

Ive used wireshark before, but I cant see anything changing it from 802.3 to ethernet ll. Maybe wireshark is reading it as ll even though its 802.3.

The primary difference between an 802.3 packet and an Ethernet II packet is that two bytes after the source mac address are the 'type' bytes (typically 0800 for IPv4) for Ethernet II or Length bytes if 802.3 (05CD or less) for 802.3.

http://www.wireshark.org/lists/wireshark-users/200803/msg00089.html

Check that out w-morse.