30-7
Cisco IE 3000 Switch Software Configuration Guide
OL-13018-03
Chapter 30 Configuring SPAN and RSPAN
Understanding SPAN and RSPAN
A destination port has these characteristics:
•
For a local SPAN session, the destination port must reside on the same switch as the source port. For
an RSPAN session, it is located on the switch containing the RSPAN destination session. There is
no destination port on a switch running only an RSPAN source session.
•
When a port is configured as a SPAN destination port, the configuration overwrites the original port
configuration. When the SPAN destination configuration is removed, the port reverts to its previous
configuration. If a configuration change is made to the port while it is acting as a SPAN destination
port, the change does not take effect until the SPAN destination configuration had been removed.
•
If the port was in an EtherChannel group, it is removed from the group while it is a destination port.
•
It can be any Ethernet physical port.
•
It cannot be a secure port.
•
It cannot be a source port.
•
It cannot be an EtherChannel group or a VLAN.
•
It can participate in only one SPAN session at a time (a destination port in one SPAN session cannot
be a destination port for a second SPAN session).
•
When it is active, incoming traffic is disabled. The port does not transmit any traffic except that
required for the SPAN session. Incoming traffic is never learned or forwarded on a destination port.
•
If ingress traffic forwarding is enabled for a network security device, the destination port forwards
traffic at Layer 2.
•
It does not participate in any of the Layer 2 protocols (STP, VTP, CDP, DTP, PagP).
•
A destination port that belongs to a source VLAN of any SPAN session is excluded from the source
list and is not monitored.
•
The maximum number of destination ports in a switch is 64.
Local SPAN and RSPAN destination ports behave differently regarding VLAN tagging and
encapsulation:
•
For local SPAN, if the
encapsulation replicate
keywords are specified for the destination port,
these packets appear with the original encapsulation (untagged or IEEE 802.1Q). If these keywords
are not specified, packets appear in the untagged format. Therefore, the output of a local SPAN
session with
encapsulation replicate
enabled can contain a mixture of untagged or IEEE
802.1Q-tagged packets.
•
For RSPAN, the original VLAN ID is lost because it is overwritten by the RSPAN VLAN
identification. Therefore, all packets appear on the destination port as untagged.
RSPAN VLAN
The RSPAN VLAN carries SPAN traffic between RSPAN source and destination sessions. It has these
special characteristics:
•
All traffic in the RSPAN VLAN is always flooded.
•
No MAC address learning occurs on the RSPAN VLAN.
•
RSPAN VLAN traffic only flows on trunk ports.
•
RSPAN VLANs must be configured in VLAN configuration mode by using the
remote-span
VLAN
configuration mode command.
•
STP can run on RSPAN VLAN trunks but not on SPAN destination ports.