Port Mirroring with tagged destination

[alcatelletacla]

Hello guys,

Great forum you guys have going here. I have a particular problem I wish to share with you guys in the hopes of finding a solution. I need to capture frames from an IP Touch phone connected to a 6850. The phone tags packets with the voice VLAN and the switch port is accordingly 802.1q-tagged for the same voice VLAN and it is this 802.1q header that I need to capture to see if the phone is marking frames with the correct 802.1p value. You might think this would be quite simple using port mirroring but unfortunately that's not the case. The problem is that the switch doesn't allow the port mirroring destination port to be a 802.1q tagged port. In other words, the destination port must belong to a default VLAN. That defeats the whole purpose of capturing packets from a 802.1q source port! When I try to set up this port mirroring, I see the packets from the phone but the 802.1q header is stripped because my PC which is connected to an access port on the switch, which strips the 802.1q header before sending the mirrored packets to my PC. Mind you, I have set up my PC and wireshark to see 802.1q packets so this is not a problem with my NIC or a software issue.

How can I capture 802.1q packets? Is it possible to connect a PC to the phone and capture packets like that? Again, I don't think this would work because the PC is connected to an access port on the phone which doesn't support 802.1q. It would be the same problem as above? How can I do this? Is it even possible to capture 802.1q headers?

Any help is greatly appreciated!

[one6f]

Hi,
assume the sniffer is connected to 1/48 and you want to sniff 1/19 with attached IP phone (802.1q configured port):

Code: Select all

port mirroring 1 destination 1/48
port mirroring 1 source 1/19 bidirectional

Destination port 1/48 do not need to be 802.1q configured! The port mirroring feature in AOS switches currently works only on "per port" basis and all frames on port 1/19 are forwarded to 1/48.
in Windows whether you see VLAN tags in Wireshark or not will depend on the network adapter you have and on what its and its driver do with VLAN tags. Probably you need to enabling VLAN tag capture for your Ethernet Adapter. For Linux it works per default.