I have a 24 port Cisco 3560G switch that I'm using to try and pass broadcasted Ethernet packets. I have a computer plugged into one port, and a IEC-61850 GOOSE publisher plugged into another port. Both devices have an IP address assigned, and I can ping each from the other. However, when I run tcpdump on the computer I'm not seeing the broadcasted GOOSE messages from the publisher device.
If I directly connect the two machines, I can see the GOOSE messages with tcpdump. I can also replace the Cisco switch with a simple NetGear 4-port switch and still see the GOOSE packets.
I need to use the Cisco switch such that I can leverage VLANs to eventually get the GOOSE packets to machines connected to other switches, but first I need to get this simple test case working.
Any ideas?
Best Answer
That would suggest this traffic is actually within a VLAN. So even if it is broadcast (or multicast), it's only going to go where that VLAN goes.
tcpdumphas a rather annoying feature of not showing vlan tags unless you get rather verbose with it. Use wireshark (ortshark) and look at the complete contents (every. single. bit.) in each frame. Also note, many modern NICs process the vlan tag internally, so the OS doesn't normally see them -- the interface must be in promiscuous mode to turn that off. (and some drivers continue to eat them even then.)