15-5
Catalyst 3550 Multilayer Switch Software Configuration Guide
78-11194-03
Chapter 15 Configuring SPAN
Understanding SPAN
VLAN-Based SPAN
VLAN-based SPAN (VSPAN) is the analysis of the network traffic in one or more VLANs. You can
configure VSPAN to monitor only received (Rx) traffic, which applies to all the ports for that VLAN.
Use these guidelines for VSPAN sessions:
•
Trunk ports are included as source ports for VSPAN sessions.
•
Only traffic with the monitored VLAN number is sent to the destination port.
•
If a destination port belongs to a source VLAN, it is excluded from the source list and is not
monitored.
•
If ports are added to or removed from the source VLANs, they are added to or removed from the
source ports being monitored.
•
VLAN pruning and the VLAN allowed list have no effect on SPAN monitoring.
•
VSPAN only monitors traffic that enters the switch, not traffic that is routed between VLANs. For
example, if a VLAN is being Rx-monitored and the multilayer switch routes traffic from another
VLAN to the monitored VLAN, that traffic is not monitored and is not received on the SPAN
destination port.
SPAN Traffic
You can use SPAN to monitor all network traffic, including multicast and bridge protocol data unit
(BPDU) packets, and CDP, VTP, DTP, STP, and PagP packets. Multicast packet monitoring is enabled
by default.
In some SPAN configurations, multiple copies of the same source packet are sent to the SPAN
destination port. For example, a bidirectional (both Rx and Tx) SPAN session is configured for sources
a1 and a2 to a destination port d1. If a packet enters the switch through a1 and is switched to a2, both
incoming and outgoing packets are sent to destination port d1. Both packets are the same (unless a
Layer-3 rewrite occurs, in which case the packets are different because of the added Layer 3
information).
SPAN Interaction with Other Features
SPAN interacts with these features:
•
Routing—Ingress SPAN does not monitor routed traffic. VSPAN only monitors traffic that enters
the switch, not traffic that is routed between VLANs. For example, if a VLAN is being
Rx-monitored and the multilayer switch routes traffic from another VLAN to the monitored VLAN,
that traffic is not monitored and not received on the SPAN destination port.
•
Spanning Tree Protocol (STP)—A destination port does not participate in STP while its SPAN
session is active. The destination port can participate in STP after the SPAN session is disabled. On
a source port, SPAN does not affect the STP status.
Caution
Make sure there are no potential loops in the network topology when you enable incoming traffic for
a destination port.
•
Cisco Discovery Protocol (CDP)—A SPAN destination port does not participate in CDP while the
SPAN session is active. After the SPAN session is disabled, the port again participates in CDP