Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
700
Views
0
Helpful
2
Replies

Span VLAN Question?

Go to solution
david
Level 1
Level 1

‎08-05-2015 08:17 AM

Question regarding Spanning a vlan.  If you span a vlan on a switch, does it span all traffic to the span port?  for example, if computer A is connected to interface 1 / vlan 100 and is talking to a computer B on interface 2 / vlan 100 and you span vlan 100 to interface 48, will you see the conversation between computer A and computer B or only the broadcasts? 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Martin Hruby
Level 1
Level 1

‎08-10-2015 06:47 AM

Hello David

If you configure VLAN-based SPAN (VSPAN) with VLAN 100 as the source and you send the monitored traffic to a destination port, then you will see all traffic traversing VLAN 100, not just the broadcasts. VLAN-based SPAN is just a convenient way to enable traffic monitoring on all ports belonging to a particular VLAN with just one command. You can specify whether you want to monitor ingress frames, egress frames or both. Consider the following example:

monitor session 1 source vlan 100 rx
monitor session 1 destination interface GigabitEthernet1/48

Assuming you have two active switchports in VLAN 100, one for computer A and the other for computer B, you will be able to monitor all the traffic they exchange. Frames sent from A to B will be monitored on the 1st port as ingress (but not on 2nd as egress) and replies from B to A will be monitored on the 2nd port as ingress (but not on 1st as egress). All monitored frames will be sent out interface GigabitEthernet1/48.

You can always verify your configuration with: show monitor session 1

Please note: the SPAN destination port (GigabitEthernet1/48 in our example) will go into UP/DOWN state and will not be able to forward conventional traffic.

Have a look here for more information: www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/10570-41.html#anc10

Best regards,
Martin

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Martin Hruby
Level 1
Level 1

‎08-10-2015 06:47 AM

Hello David

If you configure VLAN-based SPAN (VSPAN) with VLAN 100 as the source and you send the monitored traffic to a destination port, then you will see all traffic traversing VLAN 100, not just the broadcasts. VLAN-based SPAN is just a convenient way to enable traffic monitoring on all ports belonging to a particular VLAN with just one command. You can specify whether you want to monitor ingress frames, egress frames or both. Consider the following example:

monitor session 1 source vlan 100 rx
monitor session 1 destination interface GigabitEthernet1/48

Assuming you have two active switchports in VLAN 100, one for computer A and the other for computer B, you will be able to monitor all the traffic they exchange. Frames sent from A to B will be monitored on the 1st port as ingress (but not on 2nd as egress) and replies from B to A will be monitored on the 2nd port as ingress (but not on 1st as egress). All monitored frames will be sent out interface GigabitEthernet1/48.

You can always verify your configuration with: show monitor session 1

Please note: the SPAN destination port (GigabitEthernet1/48 in our example) will go into UP/DOWN state and will not be able to forward conventional traffic.

Have a look here for more information: www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/10570-41.html#anc10

Best regards,
Martin

0 Helpful

Go to solution
david
Level 1
Level 1
In response to Martin Hruby

‎08-10-2015 08:33 AM

Awesome, thanks for the detailed response Martin!  

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card