cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
582885
Views
35
Helpful
1
Comments
TCC_2
Level 10
Level 10

Resolution

You can analyze network traffic passing through ports by using Switched Port Analyzer (SPAN). This sends a copy of the traffic to another port on the switch that has been connected to a SwitchProbe device, another Remote Monitoring (RMON) probe or security device. SPAN mirrors receive or transmit (or both) traffic on one or more source ports to a destination port for analysis.

Remote SPAN (RSPAN) extends SPAN by enabling RMON of multiple switches across your network. The traffic for each RSPAN session is carried over a user-specified RSPAN VLAN that is dedicated for that RSPAN session in all participating switches. The SPAN traffic from the sources is copied onto the RSPAN VLAN through a reflector port and then forwarded over trunk ports carrying the RSPAN VLAN to any RSPAN destination session monitoring the RSPAN VLAN.

SPAN and RSPAN do not affect the switching of network traffic on source ports. A copy of the packets received or sent by the source interfaces are sent to the destination interface. Except for traffic that is required for the SPAN or RSPAN session, reflector ports and destination ports do not receive or forward traffic.

These are configuration examples:

  • This example shows how to set up a SPAN session (session 1) for monitoring source port traffic to a destination port. First, any existing SPAN configuration for session 1 is cleared and then bidirectional traffic is mirrored from source port 1 to destination port 10: 

    Switch(config)# no monitor session 1
    Switch(config)# monitor session 1 source interface fastEthernet0/1
    Switch(config)# monitor session 1 destination interface fastEthernet0/10 encapsulation dot1q
    Switch(config)# end
           
  • This example shows how to configure the destination port for ingress traffic on VLAN 5 by using a security device that does not support 802.1q encapsulation: 

    Switch(config)# monitor session 1 destination interface Fa 0/5 ingress vlan 5  

  • This example shows how to configure the destination port for ingress traffic on VLAN 5 by using a security device that supports 802.1q encapsulation: 

    Switch(config)# monitor session 1 destination interface Fa 0/5 encapsulation dot1q ingress vlan 5
           
  • This example shows how to disable ingress traffic forwarding on the destination port: 

    Switch(config)# monitor session 1 destination interface Fa 0/5 encapsulation dot1q
           
  • This example shows how to clear any existing RSPAN configuration for session 1, configure RSPAN session 1 to monitor multiple source interfaces, and configure the destination RSPAN VLAN and the reflector-port: 

    Switch(config)# no monitor session 1
    Switch(config)# monitor session 1 source interface fastEthernet0/10 tx
    Switch(config)# monitor session 1 source interface fastEthernet0/2 rx
    Switch(config)# monitor session 1 source interface fastEthernet0/3 rx
    Switch(config)# monitor session 1 source interface port-channel 102 rx
    Switch(config)# monitor session 1 destination remote vlan 901 reflector-port fastEthernet0/1
    Switch(config)# end
           
  • This example shows how to configure VLAN 901 as the source remote VLAN and port 5 as the destination interface: 

    Switch(config)# monitor session 1 source remote vlan 901
    Switch(config)# monitor session 1 destination interface fastEthernet0/5
    Switch(config)# end
       

For more information about configuring SPAN, refer to these documents:

Comments
mdsk0905
Level 1
Level 1
Configuration for Extended Session: SPAN Configuration ========================================================= Nexus(config)# interface Nexus(config-if)# switchport Nexus(config-if)# switchport mode trunk Nexus(config-if)# switchport monitor Nexus(config-if)# monitor session 3 Nexus(config-monitor)# mode extended Nexus(config-monitor)# source interface Nexus(config-monitor)# destination interface Nexus(config-monitor)# no shut ======================================================== Nexus(config-monitor)# sh monitor Session                       State                   Reason                 Description ------- ----------- ---------------------- -------------------------------- 3                                   up                   The session is up ======================================================== Nexus(config-monitor)# sh monitor session all ========================================================
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: