Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

How to configure port monitoring (SPAN) on a Catalyst 2940, 2950, 2955, 2970, 3550 or 3750 series switch

Labels:
467744
Views
20
Helpful
0
Comments
TCC_2
TCC_2 Engager
‎06-22-2009 03:36 PM
edited on: ‎03-01-2019 ‎03:50 PM

Resolution

You can analyze network traffic passing through ports by using Switched Port Analyzer (SPAN). This sends a copy of the traffic to another port on the switch that has been connected to a SwitchProbe device, another Remote Monitoring (RMON) probe or security device. SPAN mirrors receive or transmit (or both) traffic on one or more source ports to a destination port for analysis.

Remote SPAN (RSPAN) extends SPAN by enabling RMON of multiple switches across your network. The traffic for each RSPAN session is carried over a user-specified RSPAN VLAN that is dedicated for that RSPAN session in all participating switches. The SPAN traffic from the sources is copied onto the RSPAN VLAN through a reflector port and then forwarded over trunk ports carrying the RSPAN VLAN to any RSPAN destination session monitoring the RSPAN VLAN.

SPAN and RSPAN do not affect the switching of network traffic on source ports. A copy of the packets received or sent by the source interfaces are sent to the destination interface. Except for traffic that is required for the SPAN or RSPAN session, reflector ports and destination ports do not receive or forward traffic.

These are configuration examples:

  • This example shows how to set up a SPAN session (session 1) for monitoring source port traffic to a destination port. First, any existing SPAN configuration for session 1 is cleared and then bidirectional traffic is mirrored from source port 1 to destination port 10:  

    Switch(config)# no monitor session 1
    Switch(config)# monitor session 1 source interface fastEthernet0/1
    Switch(config)# monitor session 1 destination interface fastEthernet0/10 encapsulation dot1q
    Switch(config)# end
           
  • This example shows how to configure the destination port for ingress traffic on VLAN 5 by using a security device that does not support 802.1q encapsulation: 

    Switch(config)# monitor session 1 destination interface Fa 0/5 ingress vlan 5  

  • This example shows how to configure the destination port for ingress traffic on VLAN 5 by using a security device that supports 802.1q encapsulation:  

    Switch(config)# monitor session 1 destination interface Fa 0/5 encapsulation dot1q ingress vlan 5
           
  • This example shows how to disable ingress traffic forwarding on the destination port:  

    Switch(config)# monitor session 1 destination interface Fa 0/5 encapsulation dot1q
           
  • This example shows how to clear any existing RSPAN configuration for session 1, configure RSPAN session 1 to monitor multiple source interfaces, and configure the destination RSPAN VLAN and the reflector-port:  

    Switch(config)# no monitor session 1
    Switch(config)# monitor session 1 source interface fastEthernet0/10 tx
    Switch(config)# monitor session 1 source interface fastEthernet0/2 rx
    Switch(config)# monitor session 1 source interface fastEthernet0/3 rx
    Switch(config)# monitor session 1 source interface port-channel 102 rx
    Switch(config)# monitor session 1 destination remote vlan 901 reflector-port fastEthernet0/1
    Switch(config)# end
           
  • This example shows how to configure VLAN 901 as the source remote VLAN and port 5 as the destination interface:  

    Switch(config)# monitor session 1 source remote vlan 901
    Switch(config)# monitor session 1 destination interface fastEthernet0/5
    Switch(config)# end
       

For more information about configuring SPAN, refer to these documents:

Latest Contents
Can't manage switch via web interface
Created by Hassaan on 12-14-2019 04:39 AM
1
0
1
0
Hi all, I am in the process of replacing a whole network with 9000 switches. For the initial setup I tried to follow the guide here: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9500/hardware/install/b_catalyst_9500_hig/b_catalyst_... view more
DNAT and NAT on a cisco router
Created by MikeSv on 12-14-2019 02:38 AM
0
0
0
0
Hello, I work on a cisco router 891W (router + switch + ap) and I'd like to create a DNAT with the source being 192.168.250.1, the destination being 10.35.78.11 and the relay being 192.168.250.144.I looked around and came to the conclusion that I sho... view more
Cisco IPSEC - Ubiquity USG
Created by xXAzazelXx on 12-13-2019 10:54 PM
3
0
3
0
Hey Guys, Can you please help me troubleshoot this?I'm trying to setup IPSEC tunnel between Cisco 887VAMG2 (LAB) and Ubiquity USG. crypto isakmp policy 10 encr aes hash md5 authentication pre-share group 14 lifetime 28800 crypto isak... view more
BGP mutual advertisement for the same prefix
Created by gongya001 on 12-13-2019 10:16 PM
3
0
3
0
if tow routers advertise the same prefix to each other, which router is selected to advertise first ?  Router1 and Router2 advertise 192.168.1.0/24 to each other,  which one will advertise it?  Can I control it ? thanks !!
Trouble setting up ACL within Gui for SG350XG
Created by GS47874 on 12-13-2019 10:11 PM
1
0
1
0
Hi All,Looking for any ideas on this issue i'm currently having.  It is very similar to this issues here:   https://community.cisco.com/t5/small-business-switches/help-me-to-create-ipv4-based-acls-for-vlans-using-gui/td-p/2645142 I tho... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
FusionCharts will render here