These are the guidelines and restrictions to configure Switched Port Analyzer (SPAN):
Use a network analyzer to monitor interfaces.
Do not mix source VLANs and filter VLANs within a SPAN session. Source VLANs and filter VLANs cannot co-exist.
Ensure that EtherChannel interfaces are not SPAN destination interfaces. But, EtherChannel interfaces can be SPAN source interfaces.
Issue the no monitor sessionnumber command with no other parameters in order to clear the SPAN session number.
The no monitor command clears all SPAN sessions.
When no traffic type is specified for source interfaces, the default value both is applicable. Traffic type can be Transmit (Tx), Receive (Rx), or both.
If multiple SPAN source interfaces are specified, the interfaces can belong to different VLANs.
SPAN destinations never participate in any spanning tree instance. SPAN includes Bridge Protocol Data Units (BPDUs) in the monitored traffic. So any BPDUs on the SPAN destination are from the SPAN source.
SPAN is limited to one destination port per session.
You can use an IDS to monitor traffic that passes between two devices. Other than the added traffic passed to the span port, the port is a standard port, which means you can manage the IDS by any machine that can route IP packets to the IDS.A port or interface on any line card of the switch should be on the same VLAN as the sc0 interface of the switch, which is the management interface.
These are the guidelines to configure Remote Switched Port Analyzer (RSPAN):
RSPAN sessions can coexist with SPAN sessions within the limits.
RSPAN configuration allows the distribution of source ports and destination ports across multiple switches in the network.
RSPAN does not support BPDU packet monitoring or other Layer 2 switch protocols.
The RSPAN VLAN is configured only on trunk ports and not on access ports. In order to avoid unwanted traffic in RSPAN VLANs, make sure that all participant switches support the VLAN remote-span feature. Access ports on the RSPAN VLAN are silently disabled.
Create an RSPAN VLAN before the configuration of an RSPAN source or destination session.
If VLAN Trunking Protocol (VTP) and VTP pruning are enabled, RSPAN traffic is pruned in the trunks in order to prevent the unwanted flooding of RSPAN traffic across the network for VLAN IDs that are lower than 1005.
RSPAN traffic travels across a network on an RSPAN VLAN. Therefore, the original VLAN association of the mirrored packets is lost. As a result, RSPAN can only support forwarding of traffic from an IDS device onto a single user-specified VLAN.
Note: The switch does not support a combination of local SPAN and RSPAN in a single session. In other words, an RSPAN source session cannot have a local destination port, an RSPAN destination session cannot have a local source port, and an RSPAN destination session and an RSPAN source session that use the same RSPAN VLAN cannot run on the same switch.
Dears, Hope you all will be fine. I want to ask that if i am setting two parameters (latency 20ms and packet drop percentage 1%) in ipsla configuration to shift traffic from on tunnel to other if any of the tunnel matches criteria. My question is the...
Hi all, I need to implement a collapsed core network in one of my costumers and I'm going with the 9300 to do this but I'm confused with the licenses.In the 3650 I was able to do EIGRP routing using the ipbase license license. I know the ipbase licen...
hello, i am new to cisco physical hardware. I have an L3 switch, I want to do an interface vlan routing between two computers on the pcA (vlan10 192.168.10.10, Windows) and the pcB (vlan20 192.168.20.20, Ubuntu). Pinging from pcB (Ubuntu) to pcA (Windows)...
I am trying to configure a device tracking policy on a switch (C2960X, Version 15.2(7)E4) but the switch doesn't seem to identify the commands: SW1(config)#device-tracking policy test &nbs...
Hi,After upgrading WS-C2960L-SM-48PS to IOS c2960l-universalk9-mz.152-7.E4, it is impossible to connect using SSH.Error is kex_exchange_identification: Connection closed by remote hostSSH is disabled in configuration and this parameter seem...