C H A P T E R
26-1
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
26
Configuring SPAN
This chapter describes how to configure Switched Port Analyzer (SPAN) and on the Catalyst 2928
switch.
Note
For complete syntax and usage information for the commands used in this chapter, see the command
reference for this release.
•
•
•
Displaying SPAN Status, page 26-13
Understanding SPAN
You can analyze network traffic passing through ports or VLANs by using SPAN to send a copy of the
traffic to another port on the switch or on another switch that has been connected to a network analyzer
or other monitoring or security device. SPAN copies (or mirrors) traffic received or sent (or both) on
source ports or source VLANs to a destination port for analysis. SPAN does not affect the switching of
network traffic on the source ports or VLANs. You must dedicate the destination port for SPAN use.
Except for traffic that is required for the SPAN session, destination ports do not receive or forward
traffic.
Only traffic that enters or leaves source ports or traffic that enters or leaves source VLANs can be
monitored by using SPAN; traffic routed to a source VLAN cannot be monitored. For example, if
incoming traffic is being monitored, traffic that gets routed from another VLAN to the source VLAN
cannot be monitored; however, traffic that is received on the source VLAN and routed to another VLAN
can be monitored.
You can use the SPAN destination port to inject traffic from a network security device. For example, if
you connect a Cisco Intrusion Detection System (IDS) sensor appliance to a destination port, the IDS
device can send TCP reset packets to close down the TCP session of a suspected attacker.
These sections contain this conceptual information:
•
•
SPAN Concepts and Terminology, page 26-2
•