469
Configuring SPAN and RSPAN
Information About SPAN and RSPAN
The default configuration for local SPAN session ports is to send all packets untagged. SPAN also does not normally
monitor bridge protocol data unit (BPDU) packets and Layer 2 protocols, such as Cisco Discovery Protocol (CDP), VLAN
Trunk Protocol (VTP), Dynamic Trunking Protocol (DTP), Spanning Tree Protocol (STP), and Port Aggregation Protocol
(PAgP). However, when you enter the
encapsulation replicate
keywords when configuring a destination port, these
changes occur:
Packets are sent on the destination port with the same encapsulation—untagged or IEEE 802.1Q—that they had on
the source port.
Packets of all types, including BPDU and Layer 2 protocol packets, are monitored.
Therefore, a local SPAN session with encapsulation replicate enabled can have a mixture of untagged and IEEE 802.1Q
tagged packets appear on the destination port.
Switch congestion can cause packets to be dropped at ingress source ports, egress source ports, or SPAN destination
ports. In general, these characteristics are independent of one another. For example:
A packet might be forwarded normally but dropped from monitoring due to an oversubscribed SPAN destination
port.
An ingress packet might be dropped from normal forwarding, but still appear on the SPAN destination port.
An egress packet dropped because of switch congestion is also dropped from egress SPAN.
In some SPAN configurations, multiple copies of the same source packet are sent to the SPAN destination port. For
example, a bidirectional (both Rx and Tx) SPAN session is configured for the Rx monitor on port A and Tx monitor on
port B. If a packet enters the switch through port A and is switched to port B, both incoming and outgoing packets are
sent to the destination port. Both packets are the same (unless a Layer-3 rewrite occurs, in which case the packets are
different because of the packet modification).
Source Ports
A source port (also called a
monitored port
) is a switched or routed port that you monitor for network traffic analysis. In
a local SPAN session or RSPAN source session, you can monitor source ports or VLANs for traffic in one or both
directions. The switch supports any number of source ports (up to the maximum number of available ports on the switch)
and any number of source VLANs (up to the maximum number of VLANs supported). However, the switch supports a
maximum of two sessions (local or RSPAN) with source ports or VLANs, and you cannot mix ports and VLANs in a single
session.
A source port has these characteristics:
It can be monitored in multiple SPAN sessions.
Each source port can be configured with a direction (ingress, egress, or both) to monitor.
It can be any port type (for example, EtherChannel, Gigabit Ethernet, and so forth).
For EtherChannel sources, you can monitor traffic for the entire EtherChannel or individually on a physical port as it
participates in the port channel.
It can be an access port, trunk port, routed port, or voice VLAN port.
It cannot be a destination port.
Source ports can be in the same or different VLANs.
You can monitor multiple source ports in a single session.
Summary of Contents for IE 4000
Page 12: ...8 Configuration Overview Default Settings After Initial Switch Configuration ...
Page 52: ...48 Configuring Interfaces Monitoring and Maintaining the Interfaces ...
Page 108: ...104 Configuring Switch Clusters Additional References ...
Page 128: ...124 Performing Switch Administration Additional References ...
Page 130: ...126 Configuring PTP ...
Page 140: ...136 Configuring CIP Additional References ...
Page 146: ...142 Configuring SDM Templates Configuration Examples for Configuring SDM Templates ...
Page 192: ...188 Configuring Switch Based Authentication Additional References ...
Page 244: ...240 Configuring IEEE 802 1x Port Based Authentication Additional References ...
Page 298: ...294 Configuring VLANs Additional References ...
Page 336: ...332 Configuring STP Additional References ...
Page 408: ...404 Configuring DHCP Additional References ...
Page 450: ...446 Configuring IGMP Snooping and MVR Additional References ...
Page 490: ...486 Configuring SPAN and RSPAN Additional References ...
Page 502: ...498 Configuring Layer 2 NAT ...
Page 770: ...766 Configuring IPv6 MLD Snooping Related Documents ...
Page 930: ...926 Configuring IP Unicast Routing Related Documents ...
Page 976: ...972 Configuring Cisco IOS IP SLAs Operations Additional References ...
Page 978: ...974 Dying Gasp ...
Page 990: ...986 Configuring Enhanced Object Tracking Monitoring Enhanced Object Tracking ...
Page 994: ...990 Configuring MODBUS TCP Displaying MODBUS TCP Information ...
Page 996: ...992 Ethernet CFM ...
Page 1066: ...1062 Using an SD Card SD Card Alarms ...