TIM not able to decode Cisco Fabric Switch traffic.

Document ID : KB000030178
Last Modified Date : 14/02/2018
Show Technical Document Details


Explains why the TIM is unable to decode traffic when the Cisco Fabric Switch functionality is enabled.


Certain switches enable or put switch-specific headers on top of a Layer 2 frame.

For example, with the Cisco Fabric Switch, it encapsulates a Layer 2 frame with a FabricPath header and this is shown below:





This custom header uses a new Cisco proprietary traffic protocol (0x8903/DCE protocol, Data Center Ethernet)  instead of TCP protocol traffic. Unless a tool/software has the capability to interpret/understand this DCE protocol traffic, it will not be able to extract/decrypt the HTTP/HTTPS data. 

With TIM/MTP, it sees the traffic as unidirectional. However when the traffic is decoded, it is really bi-directional.



Disable the Cisco Fabric Switch functionality or upgrade the Nexus switch software to a release not having this issue.