26-5
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Chapter 26 Configuring SPAN
Understanding SPAN
VLAN Filtering
When you monitor a trunk port as a source port, by default, all VLANs active on the trunk are monitored.
You can limit SPAN traffic monitoring on trunk source ports to specific VLANs by using VLAN
filtering.
•
VLAN filtering applies only to trunk ports or to voice VLAN ports.
•
VLAN filtering applies only to port-based sessions and is not allowed in sessions with VLAN
sources.
•
When a VLAN filter list is specified, only those VLANs in the list are monitored on trunk ports or
on voice VLAN access ports.
•
SPAN traffic coming from other port types is not affected by VLAN filtering; that is, all VLANs are
allowed on other ports.
•
VLAN filtering affects only traffic forwarded to the destination SPAN port and does not affect the
switching of normal traffic.
Destination Port
Each local SPAN session must have a destination port (also called a
monitoring port
) that receives a copy
of traffic from the source ports or VLANs and sends the SPAN packets to the user, usually a network
analyzer.
A destination port has these characteristics:
•
For a local SPAN session, the destination port must reside on the same switch as the source port.
•
When a port is configured as a SPAN destination port, the configuration overwrites the original port
configuration. When the SPAN destination configuration is removed, the port reverts to its previous
configuration. If a configuration change is made to the port while it is acting as a SPAN destination
port, the change does not take effect until the SPAN destination configuration had been removed.
•
If the port was in an EtherChannel group, it is removed from the group while it is a destination port.
•
It can be any Ethernet physical port.
•
It cannot be a secure port.
•
It cannot be a source port.
•
It cannot be an EtherChannel group or a VLAN.
•
It can participate in only one SPAN session at a time (a destination port in one SPAN session cannot
be a destination port for a second SPAN session).
•
When it is active, incoming traffic is disabled. The port does not transmit any traffic except that
required for the SPAN session. Incoming traffic is never learned or forwarded on a destination port.
•
If ingress traffic forwarding is enabled for a network security device, the destination port forwards
traffic at Layer 2.
•
It does not participate in any of the Layer 2 protocols (STP, VTP, CDP, DTP, PagP).
•
A destination port that belongs to a source VLAN of any SPAN session is excluded from the source
list and is not monitored.
•
The maximum number of destination ports in a switch is 64.