29-9
Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide
OL-12247-01
Chapter 29 Configuring SPAN and RSPAN
Understanding SPAN and RSPAN
•
If ingress traffic forwarding is enabled for a network security device, the destination port forwards
traffic at Layer 2.
•
It does not participate in any of the Layer 2 protocols (STP, VTP, CDP, DTP, PagP).
•
A destination port that belongs to a source VLAN of any SPAN session is excluded from the source
list and is not monitored.
•
The maximum number of destination ports in a switch or switch stack is 64.
Local SPAN and RSPAN destination ports behave differently regarding VLAN tagging and
encapsulation:
•
For local SPAN, if the encapsulation replicate keywords are specified for the destination port, these
packets appear with the original encapsulation (untagged, ISL, or IEEE 802.1Q). If these keywords
are not specified, packets appear in the untagged format. Therefore, the output of a local SPAN
session with encapsulation replicate enabled can contain a mixture of untagged, ISL, or IEEE
802.1Q-tagged packets.
•
For RSPAN, the original VLAN ID is lost because it is overwritten by the RSPAN VLAN
identification. Therefore, all packets appear on the destination port as untagged.
RSPAN VLAN
The RSPAN VLAN carries SPAN traffic between RSPAN source and destination sessions. It has these
special characteristics:
•
All traffic in the RSPAN VLAN is always flooded.
•
No MAC address learning occurs on the RSPAN VLAN.
•
RSPAN VLAN traffic only flows on trunk ports.
•
RSPAN VLANs must be configured in VLAN configuration mode by using the remote-span VLAN
configuration mode command.
•
STP can run on RSPAN VLAN trunks but not on SPAN destination ports.
•
An RSPAN VLAN cannot be a private-VLAN primary or secondary VLAN.
For VLANs 1 to 1005 that are visible to VLAN Trunking Protocol (VTP), the VLAN ID and its
associated RSPAN characteristic are propagated by VTP. If you assign an RSPAN VLAN ID in the
extended VLAN range (1006 to 4094), you must manually configure all intermediate switches.
It is normal to have multiple RSPAN VLANs in a network at the same time with each RSPAN VLAN
defining a network-wide RSPAN session. That is, multiple RSPAN source sessions anywhere in the
network can contribute packets to the RSPAN session. It is also possible to have multiple RSPAN
destination sessions throughout the network, monitoring the same RSPAN VLAN and presenting traffic
to the user. The RSPAN VLAN ID separates the sessions.
SPAN and RSPAN Interaction with Other Features
SPAN interacts with these features:
•
Routing—SPAN does not monitor routed traffic. VSPAN only monitors traffic that enters or exits
the switch, not traffic that is routed between VLANs. For example, if a VLAN is being
Rx-monitored and the switch routes traffic from another VLAN to the monitored VLAN, that traffic
is not monitored and not received on the SPAN destination port.