cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5026
Views
0
Helpful
8
Replies

SPAN port on 6500 series switch

spnlloyd
Level 1
Level 1

Hello,

I need to configure a SPAN port on a 6500 series switch in order to mirror traffic from all other ports to a single port connected to a DLP monitoring server. Could someone please advise on the best way to do this.

2 Accepted Solutions

Accepted Solutions

Hi

An easy way is use a range on the span session:

monitor session 1 source interface G 1/1 - 15  both  ('both' is default and it represent TX and RX, you can use that twice only)
monitor session 1 destination interface G1/24

Hope it is useful

:-) 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

Hi

The 6500 model series are robust switches, it should not create any impact on the performance. May I know the reason to monitor all the ports?

SPAN Sessions

Based on the architecture of Catalyst 6000/6500 Series Switches, SPAN sessions do not affect the performance of the switch, but, if the SPAN session includes a high traffic / uplink port or an EtherChannel, it can increase the load on the processor. If it then singles out a specific VLAN, it increases the workload even more. If there is bad traffic on the link, that can further increase the workload.

In some scenarios, the RSPAN feature can cause loops, and the load on the processor shoots up.

Reference: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/63992-6k-high-cpu.html#span

Also, section Why Does the SPAN Session Create a Bridging Loop?: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/10570-41.html#anc61

I recommend implement the SPAN session during a maintenance window and monitor the CPU, also during business hours. The SPAN cannot create loops. Take in consideration the amount of traffic passing through the interfaces that you are going to monitor. The loops are more related to RSPAN but it is not the case. 

A time ago I configure a SPAN for an IPS implementation where all the vlans were included (a lot of traffic) and it worked like a charm. 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

8 Replies 8

johnd2310
Level 8
Level 8

Hi, 

Have  a look at following doc:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/span.html

Thanks

John

**Please rate posts you find helpful**

Hi John,

Thanks for the level of detail. It was quite helpful especially when in understanding feature incompatibilities and impacts when implementing SPAN configuration.

Hello,

for CatOS:

set span 6/1,6/3-7 6/8

6/8 is the destination port, 6/1 and 6/3 thru 6/7 are the destination ports.

for IOS:

monitor session 1 source interface fastethernet 4/1
monitor session 1 source interface fastethernet 4/2
monitor session 1 destination interface fastethernet 4/3

Catalyst Switched Port Analyzer (SPAN) Configuration Example

http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/10570-41.html#anc26

Hi Georg,

Thanks for the response, the CatOS option was also a big help.

Hi

An easy way is use a range on the span session:

monitor session 1 source interface G 1/1 - 15  both  ('both' is default and it represent TX and RX, you can use that twice only)
monitor session 1 destination interface G1/24

Hope it is useful

:-) 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Thanks Julio,

From the documentation I have noticed that this could significantly increase the load on the switching fabric and at times cause switching loops. Is there a way to minimize this?

Hi

The 6500 model series are robust switches, it should not create any impact on the performance. May I know the reason to monitor all the ports?

SPAN Sessions

Based on the architecture of Catalyst 6000/6500 Series Switches, SPAN sessions do not affect the performance of the switch, but, if the SPAN session includes a high traffic / uplink port or an EtherChannel, it can increase the load on the processor. If it then singles out a specific VLAN, it increases the workload even more. If there is bad traffic on the link, that can further increase the workload.

In some scenarios, the RSPAN feature can cause loops, and the load on the processor shoots up.

Reference: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/63992-6k-high-cpu.html#span

Also, section Why Does the SPAN Session Create a Bridging Loop?: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/10570-41.html#anc61

I recommend implement the SPAN session during a maintenance window and monitor the CPU, also during business hours. The SPAN cannot create loops. Take in consideration the amount of traffic passing through the interfaces that you are going to monitor. The loops are more related to RSPAN but it is not the case. 

A time ago I configure a SPAN for an IPS implementation where all the vlans were included (a lot of traffic) and it worked like a charm. 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

mdsk0905
Level 1
Level 1
Configuration for Extended Session: SPAN Configuration ========================================================= Configuration for Extended Session: SPAN Configuration ========================================================= Nexus(config)# interface Nexus(config-if)# switchport Nexus(config-if)# switchport mode trunk Nexus(config-if)# switchport monitor Nexus(config-if)# monitor session 3 Nexus(config-monitor)# mode extended Nexus(config-monitor)# source interface Nexus(config-monitor)# destination interface Nexus(config-monitor)# no shut ======================================================== Nexus(config-monitor)# sh monitor Session State Reason Description ------- ----------- ---------------------- -------------------------------- 1 up The session is up 2 up The session is up 3 up The session is up ======================================================== Nexus(config-monitor)# sh monitor session all ========================================================
Review Cisco Networking for a $25 gift card