Ok, gotcha! the 3rd party is the one sending to core2. I think that answers your question. 3rd party is the one sending to core2 which should be blocking on 3rd party. Why? 3rd party should tell us.
"Packets are sent on the destination port with the same encapsulation-untagged, Inter-Switch Link (ISL), or IEEE 802.1Q-that they had on the source port."If source is dot1q trunk, then destination should be dot1q trunk. makes sense?
The core1 forwarding traffic to only to blocked port sounds strange core1 is the root all the ports from it going downstream should be forwarding. ARP if sent with broadcast destination would be flooded, maybe you are sniffing the cisco only but in...
How about if I give you the bug tool kit link and you can see the detail of the bug and you can use the same link for any future bugs that you like to see details on.Here is the link:http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searc...
Yes, "encapsulation replicate" should send tagged packets on destination port but the destination port should have the same encap as source, see below.The default configuration for local SPAN session ports is to send all packets untagged. SPAN also d...