SPAN selects network traffic for analysis by a Network Analysis Module, a SwitchProbe device, or other RMON probe. SPAN mirrors traffic from one or more source ports (Ethernet, Fast Ethernet, Token Ring, or FDDI) on any VLAN to a destination port for analysis. This is not very different from what a IDS on switch can do. Following link may help you
SPAN is a method of getting copies of network traffic by mirroring it to a specific port. There are often other methods that can be used to accomplish the same thing, depending on the type of switch you're using.
A SPAN session is mutually inclusive with an IDS sensing interface. If the sensing interface of the IDS device is connected to the same switch to which the monitoring interface or vlan is connected to, a local SPAN is needed. If the source is connected to a remote switch then a RSPAN (Remote SPAN) is needed.
IDS sensing interface is connected to switch 1 and I want to monitor traffic from VLAN 10, not just on the local switch but on all switches that have VLAN 10 througout the L2 domain. An RSPAN is needed.
First, create an RSPAN Vlan on all switches, either on your vtp server or manually throughout. The vlan is arbitrary.
Next, create the source and destination sessions on switch 1 which the sensing interface is connected to f0/24.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...