What is a monitoring or SPAN Switched Port Analyzer ]) port What is it used for?
Show
[starbox] Last Updated on Sun, 06 Nov 2022 | CCIE Cisco, cam Network Analyzer© 2002, Cisco Systems, Inc. All rights reserved. Cisco CCIE Prep v1.0—Module 5-65 You can analyze network traffic passing through ports or VLANs by using SPAN to send a copy of the traffic to another port on the switch that has been connected to a SwitchProbe device or other Remote Monitoring (RMON) probe. SPAN mirrors received or sent (or both) traffic on a source port and received traffic on one or more source ports or source VLANs, to a destination port for analysis. For example, in the figure above, all traffic on port 5 (the source port) is mirrored to port 10 (the destination port). A network analyzer on port 10 receives all network traffic from port 5 without being physically attached to port 5. Only traffic that enters or leaves source ports or traffic that enters source VLANs can be monitored by using SPAN; traffic that gets routed to ingress source ports or source VLANs cannot be monitored. For example, if incoming traffic is being monitored, traffic that gets routed from another VLAN to the source VLAN is not monitored; however, traffic that is received on the source VLAN and routed to another VLAN is monitored. Creating a SPAN Session and Specifying Ports to Monitor Beginning in privileged EXEC mode, follow these steps to create a SPAN session and specify the source (monitored) and destination (monitoring) ports: Table 5-41: SPAN Session
To remove a source or destination port from the SPAN session, use the no monitor session To remove a source or destination port from the SPAN session, use the no monitor session session number source interface interface-id global configuration command or the no monitor session session number destination interface interface-id global configuration command. To change the encapsulation type back to the default (native), use the monitor session sessionnumber destination interface interface-id without the encapsulation keyword. Specifying VLANs to Monitor VLAN monitoring is similar to port monitoring. Beginning in privileged EXEC mode, follow these steps to specify VLANs to monitor: Table 5-43: VLANs to Monitor
To remove one or more source VLANs or destination ports from the SPAN session, use the no monitor session session_number source vlan vlan-id rx global configuration command or the no monitor session session_number destination interface interface-id global configuration command. Specifying VLANs to Filter Beginning in privileged EXEC mode, follow these steps to limit SPAN source traffic to specific VLANs: Table 5-44: Limit SPAN Source Traffic
To monitor all VLANs on the trunk port, use the no monitor session session _number filter To monitor all VLANs on the trunk port, use the no monitor session session _number filter global configuration command. Remote Switched Port Analyzer (RSPAN) Switch A Switch A Destination Switch (Data Center) Intermediate Switch (Distribution) Source Switch(es) (Access) B1 B2 B3 Destination Switch (Data Center) Intermediate Switch (Distribution) Source Switch(es) (Access) B1 B2 B3 © 2002, Cisco Systems, Inc. All rights reserved Cisco CCIE Prep v1.0—Module 5-66 RSPAN extends SPAN by enabling remote monitoring of multiple switches across your network. The traffic for each RSPAN session is carried over a user-specified RSPAN VLAN that is dedicated for that RSPAN session in all participating switches. The SPAN traffic from the sources is copied onto the RSPAN VLAN through a reflector port and then forwarded over trunk ports that are carrying the RSPAN VLAN to any RSPAN destination sessions monitoring the RSPAN VLAN, as shown in the figure above. First create an RSPAN VLAN that does not exist for the RSPAN session in any of the switches that will participate in RSPAN. With VTP enabled in the network, you can create the RSPAN VLAN in one switch, and VTP propagates it to the other switches in the VTP domain for VLAN-IDs that are lower than 1005. Use VTP pruning to get efficient flow of RSPAN traffic, or manually delete the RSPAN VLAN from all trunks that do not need to carry the RSPAN traffic. After creating the RSPAN VLAN, begin in privileged EXEC mode, and follow these steps to start an RSPAN source session and to specify the source (monitored) ports and the destination RSPAN VLAN.
Removing Ports from an RSPAN Session Beginning in privileged EXEC mode, follow these steps to remove a port as an RSPAN source for a session:
To remove one or more source VLANs from the RSPAN session, use the no monitor session To remove one or more source VLANs from the RSPAN session, use the no monitor session session number source vlan vlan-id rx global configuration command. Specifying VLANs to Filter Beginning in privileged EXEC mode, follow these steps to limit RSPAN source traffic to specific VLANs: Table 5-48: VLANs to Filter
© 2002, CiscoSystems, Inc. All rights reserved. Cisco CCIE Prep v1.0—ModuleS-67 To display the status of the current SPAN or RSPAN configuration, use the show monitor privileged EXEC command. Continue reading here: Fallback Bridging Was this article helpful? What is a monitoring or span port What is it used for?A SPAN port (sometimes called a mirror port) is a software feature built into a switch or router that creates a copy of selected packets passing through the device and sends them to a designated SPAN port. Using software, the administrator can easily configure or change what data is to be monitored.
What is the advantage over switched port analyzer SPAN feature?It operates like SPAN except it gives you the advantage of 100% visibility, no dropped packets and no delay. Another way of increasing SPAN ports is to get a dedicated switch to send the SPAN traffic to; this dedicated switch will then give you the option of creating two more SPAN ports from the single SPAN source.
What is span port on Cisco switch?Cisco Catalyst Switches have a feature called SPAN (Switch Port Analyzer) that lets you copy all traffic from a source port or source VLAN to a destination interface.
What is the purpose of a packet mirroring port SPAN on a switch?SPAN ports, also referred to as Port Mirroring, are dedicated ports on a switch or router that creates copies of selected packets that pass through the device and sends them to a specific destination port.
|