Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
86
Views
0
Helpful
2
Replies

Allowing ingress traffic on a SPAN destination port

Mitrixsen
Level 1
Level 1

‎03-10-2025 06:14 AM

Hello, everyone.

I am studying SPAN for ENCOR and from what I understand, when you configure a port as a SPAN destination port, this port will lose any configuration that was on it and will be only used to send SPAN traffic out of. You cannot ping this port, you cannot send any traffic to it at all because it blocks ingress traffic and everything that was configured on it before (IP addresses, VLANs, STP) are effectively removed.

The OCGs mention an example where allowing ingress traffic would be required

Normally, the SPAN destination port only sends traffic and drops ingress traffic. However,
in some scenarios, connectivity to the traffic analyzer might be required. For example, if the
traffic analyzer is a Windows PC and is accessed using RDP, the port must be able to send
and receive traffic for the Windows PC in addition to the traffic from the SPAN session

Then they gave the following example:

monitor session session-id destination interface interface-id ingress {dot1q vlan
vlan-id | untagged vlan vlan-id}

Selecting the dot1q keyword requires the packets to be encapsulated with the specified
VLAN ID. Selecting the untagged keyword accepts incoming packets and associates them to
the specified VLAN ID.

 

What I don't quite understand is the following:

Why should I use this command with SPAN

monitor session 1 destination interface g0/1 ingress dot1q vlan 20

Instead of

monitor session 1 destination interface g0/1 ingress untagged vlan 20

The end-result would be the same, would it not? Either way, that traffic would be associated with VLAN 20. So when does one make more sense to use over the other one?

Thank you.

David

Labels:
0 Helpful
2 Replies 2

M02@rt37
VIP
VIP

‎03-10-2025 06:25 AM - edited ‎03-10-2025 06:31 AM

Hello David,

As I know, ingress untagged vlan 20 command: for any traffic entering the SPAN destination port must be tagged with VLAN 20. This is useful if the analyzer needs to see the VLAN tagging. If the connected device does not support VLAN tagging, it may drop the traffic because it doesn't recognize 802.1Q tags.

For that command command ingress dot1q vlan 20, any traffic entering the SPAN destination port will be treated as untagged and assigned to vlan 20. This is useful when the analyzer device is on an access port and doesn’t understand VLAN tagging. The device will see the trafic as if it’s coming from a normal acces vlan.

--

So when use one command or the other ? 

- if your analyzer supports vlan taging and you want to preserve VLAN information :: ingress dot1q vlan xx

- if your analyzer is on an access port and doesn't support VLAN tags :: ingress untagged vlan xx

 

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎03-10-2025 06:26 AM

I haven't checked the documentation but it appears the difference would be whether the ingress traffic for VLAN 20 is expected to be tagged or not.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card