15-4
Catalyst 3550 Multilayer Switch Software Configuration Guide
78-11194-03
Chapter 15 Configuring SPAN
Understanding SPAN
Source Port
A source port (also called a monitored port) is a switched or routed port that you monitor for network
traffic analysis. In a single SPAN session, you can monitor source port traffic such as received (Rx),
transmitted (Tx), or bidirectional (both); however, on a VLAN, you can monitor only received traffic.
The switch supports any number of source ports (up to the maximum number of available ports on the
switch) and any number of source ingress VLANs (up to the maximum number of VLANs supported).
A source port has these characteristics:
•
It can be any port type (for example, EtherChannel, Fast Ethernet, Gigabit Ethernet, and so forth).
•
It can be monitored in multiple SPAN sessions.
•
It cannot be a destination port.
•
Each source port can be configured with a direction (ingress, egress, or both) to monitor. For
EtherChannel sources, the monitored direction would apply to all the physical ports in the group.
•
Source ports can be in the same or different VLANs.
For VLAN SPAN (VSPAN), all active ports in the source VLAN are included as source ports.
You can configure a trunk port as a source port. By default, all VLANs active on the trunk are monitored
on a trunk source port. You can limit SPAN traffic monitoring on trunk source ports to specific VLANs
by using trunk VLAN filtering, which is the analysis of network traffic on a selected set of VLANs on
source trunk ports. Only switched traffic in the selected VLANs is sent to the destination port. This
feature affects only traffic forwarded to the destination SPAN port and does not affect the switching of
normal traffic. This feature is not applicable for VLAN SPAN sessions.
Destination Port
Each SPAN session must have a destination port (also called a monitoring port) that receives a copy of
traffic from the source port.
The destination port has these characteristics:
•
It must reside on the same switch as the source port.
•
It can be any Ethernet physical port.
•
It can participate in only one SPAN session at a time (a destination port in one SPAN session cannot
be a destination port for a second SPAN session).
•
It cannot be a source port.
•
It cannot be an EtherChannel port or a VLAN.
•
When it is active, incoming traffic is disabled; it does not forward any traffic except that required
for the SPAN session.
•
It does not participate in spanning tree while the SPAN session is active.
•
When it is an active destination port, it does not participate in any of the Layer 2 protocols (STP,
VTP, CDP, DTP, PagP).
•
A destination port that belongs to a source VLAN of any SPAN session is excluded from the source
list and is not monitored.
•
No address learning occurs on the destination port.