468
Configuring SPAN and RSPAN
Information About SPAN and RSPAN
There can be more than one source session and more than one destination session active in the same RSPAN VLAN.
There can also be intermediate switches separating the RSPAN source and destination sessions. These switches need
not be capable of running RSPAN, but they must respond to the requirements of the RSPAN VLAN (see
).
Traffic monitoring in a SPAN session has these restrictions:
Sources can be ports or VLANs, but you cannot mix source ports and source VLANs in the same session.
The switch supports up to 4 source sessions (local SPAN and RSPAN source sessions). You can run both a local
SPAN and an RSPAN source session in the same switch. The switch supports a total of 68 source and RSPAN
destination sessions.
You can have multiple destination ports in a SPAN session, but no more than 64 destination ports.
You can configure two separate SPAN or RSPAN source sessions with separate or overlapping sets of SPAN source
ports and VLANs. Both switched and routed ports can be configured as SPAN sources and destinations.
SPAN sessions do not interfere with the normal operation of the switch. However, an oversubscribed SPAN
destination, for example, a 10-Mb/s port monitoring a 100-Mb/s port, can result in dropped or lost packets.
When RSPAN is enabled, each packet being monitored is transmitted twice, once as normal traffic and once as a
monitored packet. Therefore monitoring a large number of ports or VLANs could potentially generate large amounts
of network traffic.
You can configure SPAN sessions on disabled ports; however, a SPAN session does not become active unless you
enable the destination port and at least one source port or VLAN for that session.
The switch does not support a combination of local SPAN and RSPAN in a single session. That is, an RSPAN source
session cannot have a local destination port, an RSPAN destination session cannot have a local source port, and an
RSPAN destination session and an RSPAN source session that are using the same RSPAN VLAN cannot run on the
same switch.
Monitored Traffic Types for SPAN Sessions
Receive (Rx) SPAN—The goal of receive (or ingress) SPAN is to monitor as much as possible all the packets received
by the source interface or VLAN before any modification or processing is performed by the switch. A copy of each
packet received by the source is sent to the destination port for that SPAN session.
Packets that are modified because of routing or quality of service (QoS)—for example, modified Differentiated
Services Code Point (DSCP)—are copied before modification.
Features that can cause a packet to be dropped during receive processing have no effect on ingress SPAN; the
destination port receives a copy of the packet even if the actual incoming packet is dropped. These features include
IP standard and extended input access control lists (ACLs), ingress QoS policing, VLAN ACLs, and egress QoS
policing.
Transmit (Tx) SPAN—The goal of transmit (or egress) SPAN is to monitor as much as possible all the packets sent by
the source interface after all modification and processing is performed by the switch. A copy of each packet sent by
the source is sent to the destination port for that SPAN session. The copy is provided after the packet is modified.
Packets that are modified because of routing—for example, with modified time-to-live (TTL), MAC-address, or QoS
values—are duplicated (with the modifications) at the destination port.
Features that can cause a packet to be dropped during transmit processing also affect the duplicated copy for SPAN.
These features include IP standard and extended output ACLs and egress QoS policing.
Both—In a SPAN session, you can also monitor a port or VLAN for both received and sent packets. This is the default.
Summary of Contents for IE 4000
Page 12: ...8 Configuration Overview Default Settings After Initial Switch Configuration ...
Page 52: ...48 Configuring Interfaces Monitoring and Maintaining the Interfaces ...
Page 108: ...104 Configuring Switch Clusters Additional References ...
Page 128: ...124 Performing Switch Administration Additional References ...
Page 130: ...126 Configuring PTP ...
Page 140: ...136 Configuring CIP Additional References ...
Page 146: ...142 Configuring SDM Templates Configuration Examples for Configuring SDM Templates ...
Page 192: ...188 Configuring Switch Based Authentication Additional References ...
Page 244: ...240 Configuring IEEE 802 1x Port Based Authentication Additional References ...
Page 298: ...294 Configuring VLANs Additional References ...
Page 336: ...332 Configuring STP Additional References ...
Page 408: ...404 Configuring DHCP Additional References ...
Page 450: ...446 Configuring IGMP Snooping and MVR Additional References ...
Page 490: ...486 Configuring SPAN and RSPAN Additional References ...
Page 502: ...498 Configuring Layer 2 NAT ...
Page 770: ...766 Configuring IPv6 MLD Snooping Related Documents ...
Page 930: ...926 Configuring IP Unicast Routing Related Documents ...
Page 976: ...972 Configuring Cisco IOS IP SLAs Operations Additional References ...
Page 978: ...974 Dying Gasp ...
Page 990: ...986 Configuring Enhanced Object Tracking Monitoring Enhanced Object Tracking ...
Page 994: ...990 Configuring MODBUS TCP Displaying MODBUS TCP Information ...
Page 996: ...992 Ethernet CFM ...
Page 1066: ...1062 Using an SD Card SD Card Alarms ...