Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SPAN port not seeing all of the traffic

I have 2 6500 hybrid MSFC3 with span ports configured for Surf Control. Specifically the span ports are monitoring the inside interfaces of the PIX firewalls and mirroring the traffic to the monitoring interface of the Surf Control appliance.

Here is the following span configuration:

Destination : Port 2/37

Admin Source : Port 2/4

Oper Source : Port 2/4

Direction : transmit/receive

Incoming Packets: disabled

Learning : enabled

Multicast : enabled

Filter : -

The Surf Control is not seeing the return packet from the PIX for devices not directly routed out the L3 vlan.


Re: SPAN port not seeing all of the traffic

The SPAN feature was introduced on switches because of a fundamental difference that switches have with hubs. When a hub receives a packet on one port, the hub sends out a copy of that packet on all ports except on the one where the hub received the packet. After a switch boots, it starts to build up a Layer 2 forwarding table on the basis of the source MAC address of the different packets that the switch receives. After this forwarding table is built, the switch forwards traffic that is destined for a MAC address directly to the corresponding port