26-6
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Chapter 26 Configuring SPAN
Understanding SPAN
Local SPAN destination ports behave differently regarding VLAN tagging and encapsulation:
•
For local SPAN, if the
encapsulation replicate
keywords are specified for the destination port, these
packets appear with the original encapsulation (untagged or IEEE 802.1Q). If these keywords are
not specified, packets appear in the untagged format. Therefore, the output of a local SPAN session
with
encapsulation replicate
enabled can contain a mixture of untagged or IEEE 802.1Q-tagged
packets.
SPAN Interaction with Other Features
SPAN interacts with these features:
•
STP—A destination port does not participate in STP while its SPAN session is active. The
destination port can participate in STP after the SPAN session is disabled. On a source port, SPAN
does not affect the STP status.
•
CDP—A SPAN destination port does not participate in CDP while the SPAN session is active. After
the SPAN session is disabled, the port again participates in CDP.
•
VLAN and trunking—You can modify VLAN membership or trunk settings for source or
destination ports at any time. However, changes in VLAN membership or trunk settings for a
destination port do not take effect until you remove the SPAN destination configuration. Changes in
VLAN membership or trunk settings for a source port immediately take effect, and the respective
SPAN sessions automatically adjust accordingly.
•
EtherChannel—You can configure an EtherChannel group as a source port but not as a SPAN
destination port. When a group is configured as a SPAN source, the entire group is monitored.
If a physical port is added to a monitored EtherChannel group, the new port is added to the SPAN
source port list. If a port is removed from a monitored EtherChannel group, it is automatically
removed from the source port list.
A physical port that belongs to an EtherChannel group can be configured as a SPAN source port and
still be a part of the EtherChannel. In this case, data from the physical port is monitored as it
participates in the EtherChannel. However, if a physical port that belongs to an EtherChannel group
is configured as a SPAN destination, it is removed from the group. After the port is removed from
the SPAN session, it rejoins the EtherChannel group. Ports removed from an EtherChannel group
remain members of the group, but they are in the
inactive
or
suspended
state.
If a physical port that belongs to an EtherChannel group is a destination port and the EtherChannel
group is a source, the port is removed from the EtherChannel group and from the list of monitored
ports.
•
Multicast traffic can be monitored. For egress and ingress port monitoring, only a single unedited
packet is sent to the SPAN destination port. It does not reflect the number of times the multicast
packet is sent.
•
A secure port cannot be a SPAN destination port.
For SPAN sessions, do not enable port security on ports with monitored egress when ingress
forwarding is enabled on the destination port.
•
An IEEE 802.1x port can be a SPAN source port. You can enable IEEE 802.1x on a port that is a
SPAN destination port; however, IEEE 802.1x is disabled until the port is removed as a SPAN
destination.
For SPAN sessions, do not enable IEEE 802.1x on ports with monitored egress when ingress
forwarding is enabled on the destination port.