Im trying to span a trunk port and capture the dot1q headers on the destination. I'm positive I have it configured right (encap replicate) but wireshark just isn't seeing them. Im trying to capture them on a seperate NIC on my Windows 7 64bit pro box. The NIC is a realtek RTL8169 and it just won't capture the headers. I've also tried the built-in motherboard NIC (which is also a realtek) with the same results.
View 19 RepliesI have configured SPAN session on 2960 switch, source port being a VLAN and destination being one of the fastethernet ports. All I see in the capture is control traffic (HSRP, RIP, Syslog, DNS..etc). However I dont see any real data traffic being captured. Below is how I have SPAN configured..
monitor session 1 source vlan <vlan_id> both
monitor session 1 destination interface fa0/42
I have configured Span port on our 4510. We have an application 5view server to monitor trafic connected to G9/17 Since we have changed the network connection from physical Giga port and add a Port-channel instead, we don't see any more trafic from the new Port-channel to G9/17
We have the configuration below on our 4510 :
monitor session 1 source interface Gi4/6
monitor session 1 source interface Po20
monitor session 1 filter vlan 311 - 312 , 375
monitor session 1 destination interface Gi9/17
From the commands show, we don't see the trafic duplication from the source to the destination port :
Port Source
4510-5567#sh int po20
Port-channel20 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 0016.9de2.a818 (bia 0016.9de2.a818)
[Code].....
I am having some problems creating a SPAN port on my Cisco 871 (running IOS 12.4-11T). My 871 is connected to a DSL modem, and uses "IP Negotiated" to get its dynamic ip address.I want to monitor the WAN port (FastEthernet4) using SPAN, but when I type "monitor session 1 source interface FastEthernet4" into the cli, it is rejected. I can successfully use any of the other FastEthernet ports, as well as Vlan1 as a source for the SPAN session. I have tried to use Dialer0 instead of FastEthernet4, but it still doesnt work.
View 5 Replies View RelatedI need to find the headers of different protocols like ETH_IP, ETH_IPv6_IP, ETH_MPLS_IP, ETH_VLAN_IP , ETH_MPLS_ETH_IP , ETH_MPLS_MPLS_IP, PPPC_IP_TCPnUDP and many more.
I dnt know how to find. some one told me about wireshark , i installed that software and started capturing the packets but didnt find any of above except ip.
Quick question. I have a site - site tunnel that is up and running between a Pix 515E and a 3050 appliance.Tunnel is up and running but on the pix side I dont see traffic from a couple of subnets behind the inside interface.On the vpnallow access list there are no hits So I setup a capture on the inside interface to see if the packets is making it to the inside interface and nothing. There is some traffic making it thru the tunnel that would have to hit the inside int first and even that doesnt showup in the capture.
View 1 Replies View Relatedi've just installed a new software called commview for wifi, it has a problem in slow capturing packets for a specific SSID & it stops at a certain amount of packets (10,000). I contacted their support & tried some solutins, at last they asked me to run it in debug mode & send them the log file, i'm not sure how to do it but i googled, when i try any command from the cmd it gives me that it isn't recongnized as an internal or external command, operable program or patch file.
View 1 Replies View RelatedI have two 1841 routers running different IOS versions:R1 running 15.0(1)M3 Advanced IP ServicesR2 running 15.1(4)M2 Advanced IP Services R1 supports the encapsulation dot1q second-dot1q on FastEthernet subinterfaces. Surprisingly, R2 with the newer IOS (of the same feature set) does not have the second-dot1q command option. I've done my Feature Navigator homework but I did not see any significant differences between these two IOS versions that would explain why the second-dot1q command is not available on R2. Am I missing something? Has the syntax changed, or a different feature set is needed for 15.1M and higher to get the second-dot1q command back?
View 2 Replies View RelatedI am monitoring 2 or more source interfaces which are running 1G traffic on each interface. Destination is 10G interface.There are 2 kinds of traffic running through the source interfaces: icmp and regular IP traffic. I am only interested in capturing icmp traffic. How can I achieve my goal?I don’t have any vlan traffic at all. Router is c6500.
source (1G) destination (10G)
------------------------- Router --------------------------------------Linux
|
| source (1G)
|
|
How to successfully run the dot1q tunneling on Cat4500 with Sup7L-E? I tried that on IOS XE 3.3 and newest 3.4. It is in feature navigator but i am not able to connect two access switching using trunk - only native vlan is translated. Apparently STP BPDU frames are dropped somewhere. I have the same configuration on 3750X with ip services licence and this works well.
View 2 Replies View RelatedI am trying to config a 2620 Cisco router to perform subintreface (F0/0.1) for Vlan Trunk Protocol, however when I try to configure the encapsulation dot1q, I continue to receive error massage with ^ symbol below the 'c' See below, the platform version is a 12.3(26) which should be acceptable to perform an (encapsulation dot1q). The Ethernet is a fast-Ethernet 10/100 port. I also try the ISL, I receive the same massage.
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int f0/0
[Code]....
Ive just downloaded wireshark just to mess around and ive noticed that even when ive got nothing open its still capturing packets. It gives me a choice of interfaces i want to choose to monitor and i would of thought it be "Realtek PCIe Family Controller" as this is normally the default one (im using wireless) but its saying no packets are being captured from this interface its the "Microsoft" Interface thats capturing the packets. Ive attached a screenshot, i know this isnt nothing bad but was just wondering 1) why isnt my Realtek PCIe interface capturing anything (even when i have youtube open it doesnt capture anything) and 2) why is Microsoft capturing packets? what is this microsoft interface and why is it capturing packets when nothing is open.
View 2 Replies View Relatedcapturing high-quality audio (44.1 kHz, 12+ bits) and send it over WiFi to a receiver.
Microphone->[Audio module+Transmitter] -> Wireless Link -> Receiver
Is it possible to do dot1q-tunneling on the new Cisco Calalyst 2960 Compact series switches? I know that the 3560 series support it, but im unable to find any information about the 2960C series, personally i doubt it as the standard 2960 series don't support it.
View 2 Replies View RelatedPrior to upgrade AIR AP1142-N (Version 12.4(25d)JA1) everything worked fine! After upgrade IOS (to new Version 15.2(2)JA) without any config modification, management interface (encapsulation dot1q 33) or any IP interface with encapsulation dot1q became unreachable... If set IP on SVI (or BVI) with native VLAN (encapsulation dot1q 4094 native), this IP is reachable. Probably, there are bug in new IOS and Dot1q encapsulation? (see 'tech-support' in attached files)
View 3 Replies View RelatedAt present we are having a 4900 series switch where we are running one monitor session.Additionaly we are in need of capturing VLAN traffic and set the destination to 2 * GE ports , both are in the same switch.Due to the limitation of two monitor sessions per switch , we thought of putting the destination ports as port channel but it looks like it is not supported.
View 1 Replies View RelatedI am aware that the 3750 switches are not able to support Netflows, so I have created a SPAN port and spanning traffic from a specific port. I would like to create a seperate VLAN and trunk the traffic from the SPAN port down to the 6509 switch and then capture all the traffic for that VLAN on the 6509.
View 4 Replies View RelatedI have a RSPAN session configured between a Cisco 3750 and Cisco 2950 switches and I dont see the traffic I am expecting to see on the destination port. I only see broadcast traffic .. HRSP hellos etc. Below is what I have configured on both switches.
3750 (gi1/0/33)----TRUNK------(fa0/47)2950(fa0/4)-----windows server
3750
---------
monitor session 1 source interface gi1/0/18
monitor session 1 destination remote vlan 901
[code].....
i'm desperately trying to get LACP working over a dot1q Tunnel. The "Service Provider" Switches are two 4506-E Switches with SUP7-E connected via a 10G Link, running on cat4500e-universalk9.SPA.03.03.00.SG.151-1.SG
sample config:
dot1q tag vlan native
interface GigabitEthernet3/1
switchport access vlan 2001
[Code].....
If you have a router with multiple direct vanilla FE (non trunked) interfaces on a switch trying to send QOS tagged packets to a wifi bridge several switches away does the trunking in the switched infrastructure mess with the qos tags if no qos is configured on the switches.
Does it depend on the switch? We have new 2960's running 12.2 and a few older 2950's running 12.1
enable dot1q encapsulation on two ethernet ports on a 1721 router. I am able to configure it on the built in fastethernet port, but not on any interface provided by a WIC-1ENET or a WIC-4ESW. I have an application that requires two physical ethernet ports that support dot1q encapsulation.
View 4 Replies View RelatedI have a Catalyst 4500 L3 Switch Software (cat4500e UNIVERSAL-M), Version 03.02.00.XO RELEASE SOFTWARE (fc2). So I just wanted to verify that the switch only does dot1q encapsulation because the switchport trunk encapsulation dot1q command does not work.
View 3 Replies View RelatedIn fact i receive traffic on a one client per vlan basis (traffic is PPPoE), i receive all this traffic on a router, collecting all these vlan on a bridge where the pppoe packets are treated.When I use a transeiver to convert operator fiber arrival to my router copper media interface, i have no problem....
When I use dot1q-tunnel to make the same on my 3750, packets seems to be corrupted.I get PPPoE timeouts and packet loss, not regulary, totally stochastic...
I made dozen of tests and different settings, without success I first thougt of MTU issues. [code] I made tests with system MTU and/or system jumbo MTU above 1500, without success.I didn't found any known caveats on 3750 running Version 12.2(25r)SEE4 related to dot1q-tunnel.
I'm setting up a new 4900m running cat4500e-ipbase-mz.122-53.SG5.bin. I'm attempting to create Port-Channels as a Trunk for uplink to a 4503 running cat4500-ipbase-mz.122-37.SG1.bin.When I attempt the command "switchport trunk encapsulation dot1q" it errors out.
View 3 Replies View RelatedI am trying to configure a 4507 R chassis with Dual SUP but i cannot see teh switchpot mode trunk encapsulation dot1q?
I have typed:
interface GigabitEthernet5/1
description DOWNLINK toxxxxxx
switchport mode trunk
channel-group 11 mode on
!
I have have searched all other commands and sub-commands but could only find dot1q-tunnel which I beleive is for QINQ or some QoS featues and lot for L2 encapsulations?
the puzzling is:
XXX-Core4507#sh int gi5/1 trunk
Port Mode Encapsulation Status Native vlan
Gi5/1 off 802.1q notrnk-bndl 1
(Po11)
when I connect the dostribution switch a 3507 to this int gi 5/1, both interfaces do come up?
Example config
int g2/24
service-policy output test
#and/OR
int g2/24.10
encap dot1q 10
ip address 10.1.1.1 255.255.255.0
service-policy output test
We have a Cisco 2811 running ITP IOS. On that router we run the SMPP service. A client on the network connects to this service, and we need to capture the traffic for debug.
I've tried traffic-export, but I cannot see any outbound traffic.I'm guessing that this is due to the fact that the outbound SMPP traffic is not transit traffic as it is generated by the router itself.
Is there any way to capture the outbound traffic?
Two buildings on same farm property 660 feet apart. Cable internet to one building does not reach 660 feet to second building and the cable company will not put it in. Wireless between the buildings is not out of the question; but, I've never done anything this distance before and I am concerned that signal loss over 660 feet might degrade throughput.
So, what is a feasible way of getting the signal from the first building 660 feet to the second building?
I have a situation where the site-to-site tunnel is already established using PPTP IPSec VPN with non Cisco Gateways terminating the link on each end. These non Cisco Gateways do not support L2TP tunneling, and there is no plan to change them.Beyond the Gateways on both ends, we have a Cisco 4500 series switch. We need to forward the 802.1q tagged VLANs between the two sites. Is it possible to use 802.1Q tunneling in this case, going via a PPTP tunnel ?
Cisco's setup uses dot1q-tunnel over a L2protocol-tunnel to preserve the original client VLAN tagging, so does this mean that the only option we have is to setup a L2TP tunnel at the Cisco device endpoints, and have that tunnel go through the existing PPTP tunnel (established between the 2 non Cisco VPN Gateways) ?
I am hoping you can provide me with some opinions, feedback, thoughts on the following. We have some Cisco 6509 switches in our environment currently hitting around 60% usage on the Router overall statistics.
Now we are looking at implementing an intrusion detection system but by being as least invasive as possible to the network. Our thoughts are to utilize a SPAN port on the switches to send traffic to the NIDS device but we have concerns of the following. The limitations of SPAN sessions on 6509's . The overhead on the switch of turning a SPAN session on and leaving it on permanently.
I am trying to configure RSPAN for one of my client. They have Server-Client VTP architecture. Voice Recording Server is connected to C4507. Agents are connected to C2960 and C3750. I got 2 sessions configured and the connectivity is a as follows:
1. Voice Recording Server-----C4507-----C2960-----C2960-----Agent IP Phones (Session 1)
2. Voice Recording Server-----C4507-----C3750-----Agent IP Phones (Session 2)
Recording works with Session-2 but not with Session-1. I understand the problem could be due to multiple reasons: 1.1. C2960 is working in client VTP mode so i cannot add remote span command under the vlan configuration. 1.2. C2960 has LANLITE IOS image which i am not sure if it supports Remote Span.
I have CISCO catalyst with VLANs (VLAN ID 33, 36, 40-53) configured. I need to configure port mirroring in Switch 3750 for NAC (Network Access Control). I need to Monitor all the VLANs. Here is the SPAN configuration of switch: [code] Monitor session 1 source vlan 33 , 36 , 40 – 53.Monitor Session 1 destination interface fa 1/0/8 (here I am not able to set encapsulation dot1q ) because the error occurred saying %one or more dest port do not support the encapsulation%.
View 5 Replies View RelatedI currently have IOS image cat4500e-entservices-mz.122-53.SG5.bin. According to my research it appears SPAN is supported on this OS. However, after looking at procedure notes using websites like here:
[url]... I cannot find and obviously not figure out how to use the SPAN command. My main objective is to simply setup a port mirror on one of my TenGigabitEthnet interfaces and from what I read SPAN is the best way to setup a tap interface on a cisco switch.