[Ian Schorr <ethereal@xxxxxxxxxxxxx>]

Hi Terry,

By "router" I'm assuming you mean "switch (that has routing 
capabilities)", since I'm not aware of any router that supports SPAN 
sessions (definitely not any that run mainline IOS).

If you're not seeing any evidence that the VLAN tags are actually *in* 
the packets that you're looking at, then it's probably not an Ethereal 
issue per se.  Since you're not indicating otherwise, I'm assuming 
you're capturing using the WinXP PC running Ethereal.  I have no idea 
if you can capture/retain 802.1q tags or 802.1q-tagged frames with 
Winpcap+Windows+VLAN-aware NIC (or a non-VLAN-aware NIC for that 
matter), maybe someone else has experience with this.

Otherwise, the tags may just not be handed to your packet capture box.  
The SPAN session *should* preserve the VLAN tags if they originally 
existed when arriving at/leaving the port that you're spanning.  
However, are you sure that the tags are being generated?

Even if you have a port defined as a dot1q trunk, that doesn't 
necessarily mean that all frames will be tagged.  If your environment 
makes use (intentionally or not) of the "native VLAN" or "default VLAN" 
concepts, it's very possible that you regularly send frames across 
"tagging" trunks that are untagged.

Ian

On Nov 3, 2004, at 12:39 PM, tblankenship wrote:

> Hi Ian,
> The packets I'm seeing look like regular ethernet packets. I am using a
> Windows XP based laptop running Ethereal 0.10.7. I'm analyzing a trunk 
> on a
> Cisco router by using a span session to monitor the defined dot1q 
> trunk. I do
> not have a sample capture at this time. Thanks. Terry
>
>
> ------ Original Message ------
> Received: Wed, 03 Nov 2004 10:33:43 AM MST
> From: Ian Schorr <ethereal@xxxxxxxxxxxxx>
> To: Ethereal user support <ethereal-users@xxxxxxxxxxxx>
> Subject: Re: [Ethereal-users] VLAN information
>
> ..And you're sure that the router/session controller are using 802.1q
> tagging?  How was the capture taken?  It's possible that the tags are
> being stripped off before being delivered to the capture device (or
> that the capture device is stripping off the tags itself).
>
> If they're actually *in* the frames that were captured and just not
> being decoded by Ethereal for some reason, you most likely would see
> some evidence that they're there - bytes that aren't being decoded,
> entire packets not being decoded correctly, etc.
>
> Can you share an example capture?
>
> Ian
>
> On Nov 3, 2004, at 12:18 PM, tblankenship wrote:
>
> > Hi Ian,
> > I'm not seeing the 802.1q tags being decoded by Ethereal. Terry
> >
> > ------ Original Message ------
> > Received: Wed, 03 Nov 2004 10:04:06 AM MST
> > From: Ian Schorr <ethereal@xxxxxxxxxxxxx>
> > To: Ethereal user support <ethereal-users@xxxxxxxxxxxx>
> > Subject: Re: [Ethereal-users] VLAN information
> >
> > Hi,
> >
> > Can you give a few more details on what you're looking for?  Are you
> > looking for technical information on 802.1q tagging?  Or you're not
> > seeing 802.1q tags being decoded by Ethereal?  Or something else?
> >
> > Ian
> >
> > On Nov 3, 2004, at 11:01 AM, tblankenship wrote:
> >
> > > I am running Ethereal 0.10.7 and am having a difficult time seeing
> > > (finding)
> > > any VLAN (dot1q) information.  I am analyzing a link between a Cisco
> > > router
> > > and a session controller.  Any help would be greatly appreciated.
> > >
> > > tblankenship@xxxxxxx
> >
> > _______________________________________________
> > Ethereal-users mailing list
> > Ethereal-users@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-users
> >
> >
> >
> >
> > _______________________________________________
> > Ethereal-users mailing list
> > Ethereal-users@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-users
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users