You can analyze network traffic passing through ports by using Switched Port Analyzer (SPAN). This sends a copy of the traffic to another port on the switch that has been connected to a SwitchProbe device, another Remote Monitoring (RMON) probe or security device. SPAN mirrors receive or transmit (or both) traffic on one or more source ports to a destination port for analysis.
Remote SPAN (RSPAN) extends SPAN by enabling RMON of multiple switches across your network. The traffic for each RSPAN session is carried over a user-specified RSPAN VLAN that is dedicated for that RSPAN session in all participating switches. The SPAN traffic from the sources is copied onto the RSPAN VLAN through a reflector port and then forwarded over trunk ports carrying the RSPAN VLAN to any RSPAN destination session monitoring the RSPAN VLAN.
SPAN and RSPAN do not affect the switching of network traffic on source ports. A copy of the packets received or sent by the source interfaces are sent to the destination interface. Except for traffic that is required for the SPAN or RSPAN session, reflector ports and destination ports do not receive or forward traffic.
These are configuration examples:
This example shows how to set up a SPAN session (session 1) for monitoring source port traffic to a destination port. First, any existing SPAN configuration for session 1 is cleared and then bidirectional traffic is mirrored from source port 1 to destination port 10:
This example shows how to configure the destination port for ingress traffic on VLAN 5 by using a security device that does not support 802.1q encapsulation: Switch(config)# monitor session 1 destination interface Fa 0/5 ingress vlan 5
This example shows how to configure the destination port for ingress traffic on VLAN 5 by using a security device that supports 802.1q encapsulation:
This example shows how to disable ingress traffic forwarding on the destination port:
Switch(config)# monitor session 1 destination interface Fa 0/5 encapsulation dot1q
This example shows how to clear any existing RSPAN configuration for session 1, configure RSPAN session 1 to monitor multiple source interfaces, and configure the destination RSPAN VLAN and the reflector-port:
I read this post that back in 2019 that said ZTP server probably doesn't support cEdges, only vEdges. https://community.cisco.com/t5/sd-wan-and-cloud-networking/demonstrate-on-prem-ztp-server/td-p/3912768 When I turn on my ASR, it reaches out to...
I'm looking for a router for my house. Right now i have a Juniper SRX300. Does cisco have something with around the same specs? I have started down the ccna/ccnp route and just want my home network to be Cisco.
Hi all,I'm trying out the CML sandbox. Is it ok to install software on the DevBox that will communicate outside of the sandbox to another internet host? Specifically, I want to install a ServiceNow mid-server to connect to a ServiceNow Personal Developmen...
Hello team, I want to redirect ssh traffic to a server for analyzing and reviewing (to PAM server), before go to real switches.for example when I ssh to 10.10.88.1, traffic go to PAM server and then go to 10.10.88.1;;I write an ACL for filtering ssh traff...