This was answered in a previous posting, but I am unclear on the answer,
According to Cisco documentation:
"Monitored Traffic Direction
You can configure local SPAN sessions, RSPAN source sessions, and ERSPAN source sessions to monitor ingress traffic (called ingress SPAN), or to monitor egress traffic (called egress SPAN), or to monitor traffic flowing in both directions.
Ingress SPAN copies traffic received by the source ports and VLANs for analysis at the destination port. Egress SPAN copies traffic transmitted from the source ports and VLANs. When you enter the both keyword, SPAN copies the traffic received and transmitted by the source ports and VLANs to the destination port."
I can understand how either direction of traffic on a single port is mirrored to the destination port.
But if you have a layer three switch and you desiginate the direction of traffic like so:
monitor session 1 source vlan 2-20 rx
monitor session 1 destination interface Gi1/1
Is the traffic mirrored from the layer 2 vlan or the SVI of the vlan on the switch?
If it is the layer 2 vlan, what is considered the "rx" direction point of the layer 2 vlan?
Is the inbound traffic to each individual port in vlans 2-20 mirrored to Gi1/1?
If it is the SVI of the vlan, would the mirrored traffic be the traffic received on the SVI from the devices in the vlan using the SVI as a default gateway?
your understanding is correct or at least I share your ideas on this:
>> Is the traffic mirrored from the layer 2 vlan or the SVI of the vlan on the switch?
layer2 broadcast domain
>> Is the inbound traffic to each individual port in vlans 2-20 mirrored to Gi1/1?
when using both you can see multiple copies of each frame on the sniffer trace: one copy as the frame is received on port x and one copy as frame is sent out port y in the same vlan
inter-vlan routing should appear once per vlan but if the packet is sent from vlan2 to vlan3 again you can see two different ethernet frames that actually carry the same IP packet inside (after the packet rewrite)
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...