Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2595
Views
10
Helpful
1
Replies

Capture STP traffic with SPAN

Go to solution
jeff.cook
Level 1
Level 1

‎04-09-2009 12:36 PM - edited ‎03-06-2019 05:06 AM

I am capturing w/ SPAN the ingress and egress traffic for a fiber trunk link. I have noticed that I am not seeing any STP, VTP, or UDLD packets. I'm using Wireshark.

It is acting like the Cisco switch is not passing these layer 2 management protocols to the SPAN port.

Any thoughts?

Thank You

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎04-10-2009 01:51 AM

Hello Jeff,

I've found the following paragraph in C3750 config guide:

The default configuration for local SPAN session ports is to send all packets untagged. SPAN also does not normally monitor bridge protocol data unit (BPDU) packets and Layer 2 protocols, such as Cisco Discovery Protocol (CDP), VLAN Trunk Protocol (VTP), Dynamic Trunking Protocol (DTP), Spanning Tree Protocol (STP), and Port Aggregation Protocol (PAgP). However, when you enter the encapsulation replicate keywords when configuring a destination port, these changes occur:

•Packets are sent on the destination port with the same encapsulation-untagged, Inter-Switch Link (ISL), or IEEE 802.1Q-that they had on the source port.

•Packets of all types, including BPDU and Layer 2 protocol packets, are monitored.

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_44_se/configuration/guide/swspan.html#wp1200733

So you need to add this option to the destination port.

Be aware that if you are using Remote Span this is not enough to see BPDUs

Hope to help

Giuseppe

View solution in original post

1 Reply 1

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎04-10-2009 01:51 AM

Hello Jeff,

I've found the following paragraph in C3750 config guide:

The default configuration for local SPAN session ports is to send all packets untagged. SPAN also does not normally monitor bridge protocol data unit (BPDU) packets and Layer 2 protocols, such as Cisco Discovery Protocol (CDP), VLAN Trunk Protocol (VTP), Dynamic Trunking Protocol (DTP), Spanning Tree Protocol (STP), and Port Aggregation Protocol (PAgP). However, when you enter the encapsulation replicate keywords when configuring a destination port, these changes occur:

•Packets are sent on the destination port with the same encapsulation-untagged, Inter-Switch Link (ISL), or IEEE 802.1Q-that they had on the source port.

•Packets of all types, including BPDU and Layer 2 protocol packets, are monitored.

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_44_se/configuration/guide/swspan.html#wp1200733

So you need to add this option to the destination port.

Be aware that if you are using Remote Span this is not enough to see BPDUs

Hope to help

Giuseppe

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card