SPAN ports and VLAN

dwhaga · ‎01-15-2002

I am looking at the 2900 and 3500 series Cisco

switches.

The documentation says that any number of SPAN ports

can be defined which monitor any number of other

ports as long as they are in the same VLAN.

The documentation says/implies that a SPAN port

cannot monitor ports on different VLANs.

Hopefully my understanding thus far is correct.

Since I want to separate the ports into 4 VLANs, and

want a single LAN analyzer to be able to capture data

from one or more of these VLAN's, could I ...

1) define a SPAN port in each of the 4 VLAN's which

monitors all other ports in the VLAN

2) hook each SPAN port to 4 other switch ports that

are assigned to VLAN 5

3) configure an additional port on VLAN 5 to be a

SPAN port monitoring all other VLAN 5 ports.

4) hook a LAN analyzer up to VLAN 5 SPAN port and

monitor traffic from all other VLAN's.

5) via configuring the switch, add/subtract any

of the original 4 VLAN's traffic to the VLAN 5

SPAN port.

Will this goofy configuration work? I know it

does not scale well for an enterprise network but I

am not deploying an enterprise network. I have a

fixed segment network consisting of 4 IP LAN

segments and need to monitor one or more of the

segments simultaneously

catfisch · ‎01-15-2002

SPANing Tree is just a protocol to prevent network loops, which i take you allready know.. as far a sniffing traffic from multiple VLAN's .. you need to do port mirroring.. just make one port on your switch (let's say port f0/1)a mirror port for all ports in all VLAN's. This will send a copy of all traffic from all ports in all VLANS to port f0/1. Plug your sniffer in port one and you should see traffic.. you perform this task in #config int mode its called (port monitor FastEthernet0/1, '' f0/2, etc etc etc..)let me know how it goes. I am doing the same thing on my network.. it works like a champ.. Good Luck -Catfisch

catfisch1@hotmail.com

dwhaga · ‎01-16-2002

Hi catfisch,

I don't have the switch yet. I am researching for

a switch that will meet my needs. The switch CLI

commands you show are what is needed to setup SPAN

ports. However, the Cisco documentation for the

2900 and 3500 series routers say a SPAN port cannot

monitor ports across VLANs. see below

Is your switch configured with more than one VLAN?

Cisco excerpt follows ...

Enabling SPAN

You can use Switch Port Analyzer (SPAN) to monitor traffic on a given port by forwarding incoming and outgoing traffic on the port to another port in the same VLAN. A SPAN port cannot monitor ports in a different VLAN, and a SPAN port must be a static-access port. You can define any number of ports as SPAN ports, and any combination of ports can be monitored.

For the restrictions that apply to SPAN ports, see the “Avoiding Configuration Conflicts” section on page 9-2.

patoil · ‎01-27-2002

Hi,

He didn´t talk about spanning tree.

SPAN is the Catalyst Switched Port Analyzer feature.

SPANning spanned ports sounds like a great idea!! Please tell me if it works

Regards,

Patricio

mark.lambe · ‎01-28-2002

If you want to monitor traffic over multiple VLANs use the RSPAN function. I use it to aggregate traffic from multiple VLAN's into a destination port that is attached to a sniffer.

First set up an RSPAN VLAN, then you can insert ports or VLANs that you want to monitor into this. I am using this on the Cat 6509 platform.

Do a SET RSPAN and workl from there, or look on the cisco site for more config info.

Best regards.

milan.kulik · ‎01-28-2002

There is no SET SPAN or SET RSPAN on Cat2900/3500. They are IOS based, the command is port monitor - very simple comparing to SPAN possibilities.

Regards,

MIlan

milan.kulik · ‎01-28-2002

Yes,

this should work. The only additional thing necessary is to make f0/1 multivlan port (switchport mode multi and switchport multi vlan ...).

Regards,

Milan