Thanks for the link Mahmood. I have followed the procedure as described in that document but that document does not describe if the port that will be monitoring the traffic needs to be configured in any certain way which is what I am really trying to figure out. Thanks again for the useful link but it just does not give me the information I am looking for.

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12225see/scg/swspan.htm

Destination Port

Each local SPAN session or RSPAN destination session must have a destination port (also called a monitoring port) that receives a copy of traffic from the source ports or VLANs and sends the SPAN packets to the user, usually a network analyzer.

A destination port has these characteristics:

For a local SPAN session, the destination port must reside on the same switch as the source port. For an RSPAN session, it is located on the switch containing the RSPAN destination session. There is no destination port on a switch running only an RSPAN source session.

When a port is configured as a SPAN destination port, the configuration overwrites the original port configuration. When the SPAN destination configuration is removed, the port reverts to its previous configuration. If a configuration change is made to the port while it is acting as a SPAN destination port, the change does not take effect until the SPAN destination configuration had been removed.

If the port was in an EtherChannel group, it is removed from the group while it is a destination port. If it was a routed port, it is no longer a routed port.

It can be any Ethernet physical port.

It cannot be a secure port.

It cannot be a source port.

It cannot be an EtherChannel group or a VLAN.

It can participate in only one SPAN session at a time (a destination port in one SPAN session cannot be a destination port for a second SPAN session).

When it is active, incoming traffic is disabled. The port does not transmit any traffic except that required for the SPAN session. Incoming traffic is never learned or forwarded on a destination port.

If ingress traffic forwarding is enabled for a network security device, the destination port forwards traffic at Layer 2.

It does not participate in any of the Layer 2 protocols (STP, VTP, CDP, DTP, PagP).

A destination port that belongs to a source VLAN of any SPAN session is excluded from the source list and is not monitored.

The maximum number of destination ports in a switch is 64.

Local SPAN and RSPAN destination ports behave differently regarding VLAN tagging and encapsulation:

For local SPAN, if the encapsulation replicate keywords are specified for the destination port, these packets appear with the original encapsulation (untagged, ISL, or IEEE 802.1Q). If these keywords are not specified, packets appear in the untagged format. Therefore, the output of a local SPAN session with encapsulation replicate enabled can contain a mixture of untagged, ISL, or IEEE 802.1Q-tagged packets.

For RSPAN, the original VLAN ID is lost because it is overwritten by the RSPAN VLAN identification. Therefore, all packets appear on the destination port as untagged.

Thank you for the suggestion with this. I have removed the trunk configuration from the port and will see how that goes. Do you think that I should remove the port from VLAN 10 as well? From the other help I have gotten here it looks like it does not make any difference so it really should not matter but it's always good to g et a second opinion. Thanks again.

be sure you remove the trunk config from interface. i would get rid of the qos config, too.

for best practice, i would create a null vlan99 and assign the span port to this vlan.

to answer your question....the destination port can be in any vlan.

Thanks for the information. I have modified the interface so that it is no longer configured as a trunk, and removed the qos configuration as well. I will need to hold off on creating a null VLAN that I could assign the port to due to our change control but I will give that a shot. thanks again for the advice.