1. Capture packets on the PC connected to the mirroring port. The packets sent from the S3900 to the server do not carry VLAN tags and the packets received from the server carry VLAN tags, as shown in the following figure.
The TAG attributes of the two ends of the OSN 3500 on the Tx side are set to Access on the external port and Tag Aware on the internal port. The external port with Access discards the packets with VLAN tags and adds the default VLAN tags to the packets without VLAN tags.
2. Analyze the packets on the mirroring port of the S3900. When mirroring the packets sent from the S3900 to the server, the port strips the VLAN tags of the packets. When mirroring the packets received from the server, the port adds the default VLAN 109 to the packets. The captured packets shown in the figures prove this.
In conclusion, when the packets on the mirroring port are those received from the server, the packets carrying VLAN tags are discarded by the transmit port whose TAG attribute is access. Therefore, the detection software connected to the transmission device cannot detect the packets received from the server.
Set the TAG attribute of the external port on the EFS0 board of the OSN 3500 to Hybrid, or disable the entry detection function.