Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5029
Views
0
Helpful
8
Replies

SPAN port on 6500 series switch

Go to solution
spnlloyd
Level 1
Level 1

‎06-12-2017 10:01 PM - edited ‎03-05-2019 08:42 AM

Hello,

I need to configure a SPAN port on a 6500 series switch in order to mirror traffic from all other ports to a single port connected to a DLP monitoring server. Could someone please advise on the best way to do this.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Julio E. Moisa
VIP
VIP

‎06-13-2017 05:45 AM

Hi

An easy way is use a range on the span session:

monitor session 1 source interface G 1/1 - 15  both  ('both' is default and it represent TX and RX, you can use that twice only)
monitor session 1 destination interface G1/24

Hope it is useful

:-) 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

0 Helpful

Go to solution
Julio E. Moisa
VIP
VIP
In response to spnlloyd

‎06-13-2017 09:52 PM

Hi

The 6500 model series are robust switches, it should not create any impact on the performance. May I know the reason to monitor all the ports?

SPAN Sessions

Based on the architecture of Catalyst 6000/6500 Series Switches, SPAN sessions do not affect the performance of the switch, but, if the SPAN session includes a high traffic / uplink port or an EtherChannel, it can increase the load on the processor. If it then singles out a specific VLAN, it increases the workload even more. If there is bad traffic on the link, that can further increase the workload.

In some scenarios, the RSPAN feature can cause loops, and the load on the processor shoots up.

Reference: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/63992-6k-high-cpu.html#span

Also, section Why Does the SPAN Session Create a Bridging Loop?: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/10570-41.html#anc61

I recommend implement the SPAN session during a maintenance window and monitor the CPU, also during business hours. The SPAN cannot create loops. Take in consideration the amount of traffic passing through the interfaces that you are going to monitor. The loops are more related to RSPAN but it is not the case. 

A time ago I configure a SPAN for an IPS implementation where all the vlans were included (a lot of traffic) and it worked like a charm. 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

0 Helpful
8 Replies 8

Go to solution
johnd2310
Level 8
Level 8

‎06-12-2017 11:06 PM

Hi, 

Have  a look at following doc:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/span.html

Thanks

John

**Please rate posts you find helpful**
0 Helpful

Go to solution
spnlloyd
Level 1
Level 1
In response to johnd2310

‎06-19-2017 03:11 AM

Hi John,

Thanks for the level of detail. It was quite helpful especially when in understanding feature incompatibilities and impacts when implementing SPAN configuration.

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎06-12-2017 11:15 PM

Hello,

for CatOS:

set span 6/1,6/3-7 6/8

6/8 is the destination port, 6/1 and 6/3 thru 6/7 are the destination ports.

for IOS:

monitor session 1 source interface fastethernet 4/1
monitor session 1 source interface fastethernet 4/2
monitor session 1 destination interface fastethernet 4/3

Catalyst Switched Port Analyzer (SPAN) Configuration Example

http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/10570-41.html#anc26

0 Helpful

Go to solution
spnlloyd
Level 1
Level 1
In response to Georg Pauwen

‎06-19-2017 03:09 AM

Hi Georg,

Thanks for the response, the CatOS option was also a big help.

0 Helpful

Go to solution
Julio E. Moisa
VIP
VIP

‎06-13-2017 05:45 AM

Hi

An easy way is use a range on the span session:

monitor session 1 source interface G 1/1 - 15  both  ('both' is default and it represent TX and RX, you can use that twice only)
monitor session 1 destination interface G1/24

Hope it is useful

:-) 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Go to solution
spnlloyd
Level 1
Level 1
In response to Julio E. Moisa

‎06-13-2017 09:27 PM

Thanks Julio,

From the documentation I have noticed that this could significantly increase the load on the switching fabric and at times cause switching loops. Is there a way to minimize this?

0 Helpful

Go to solution
Julio E. Moisa
VIP
VIP
In response to spnlloyd

‎06-13-2017 09:52 PM

Hi

The 6500 model series are robust switches, it should not create any impact on the performance. May I know the reason to monitor all the ports?

SPAN Sessions

Based on the architecture of Catalyst 6000/6500 Series Switches, SPAN sessions do not affect the performance of the switch, but, if the SPAN session includes a high traffic / uplink port or an EtherChannel, it can increase the load on the processor. If it then singles out a specific VLAN, it increases the workload even more. If there is bad traffic on the link, that can further increase the workload.

In some scenarios, the RSPAN feature can cause loops, and the load on the processor shoots up.

Reference: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/63992-6k-high-cpu.html#span

Also, section Why Does the SPAN Session Create a Bridging Loop?: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/10570-41.html#anc61

I recommend implement the SPAN session during a maintenance window and monitor the CPU, also during business hours. The SPAN cannot create loops. Take in consideration the amount of traffic passing through the interfaces that you are going to monitor. The loops are more related to RSPAN but it is not the case. 

A time ago I configure a SPAN for an IPS implementation where all the vlans were included (a lot of traffic) and it worked like a charm. 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Go to solution
mdsk0905
Level 1
Level 1

‎07-02-2020 06:59 AM

Configuration for Extended Session: SPAN Configuration ========================================================= Configuration for Extended Session: SPAN Configuration ========================================================= Nexus(config)# interface Nexus(config-if)# switchport Nexus(config-if)# switchport mode trunk Nexus(config-if)# switchport monitor Nexus(config-if)# monitor session 3 Nexus(config-monitor)# mode extended Nexus(config-monitor)# source interface Nexus(config-monitor)# destination interface Nexus(config-monitor)# no shut ======================================================== Nexus(config-monitor)# sh monitor Session State Reason Description ------- ----------- ---------------------- -------------------------------- 1 up The session is up 2 up The session is up 3 up The session is up ======================================================== Nexus(config-monitor)# sh monitor session all ========================================================
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card