Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2831
Views
25
Helpful
9
Replies

SPAN & RSPAN & Port Security

salemmahara
Level 3
Level 3

‎12-11-2017 02:00 AM - edited ‎03-08-2019 01:03 PM

Hello everyone

I'm studying for 300-115 . Here are some questions. Could you help me to answer them please?

 

1-Which two limitations of LOCAL SPAN are true ? (Choose Two)
A. The source and destination ports must reside in the same switch or switch stack
B. It can monitor only traffic that ingresses or egresses on the source interface or VLAN
C. A SPAN session can support multiple destination ports only if they are on the same VLAN.
D. EACH SPAN session supports only one source VLAN or interface.
E. A switch can support only one local SPAN session at a time.

I think AC

 

2-Which two restrictions of the port security feature are true? (Choose two.)
A. Static port MAC address assignments are not supported.
B. It is not supported on PVLAN ports.
C. It is not supported on EtherChannel port-channel interfaces.
D. A single device can learn a maximum of three sticky MAC addresses.
E. It is supported on destination SPAN ports.

I don't know, all options look wrong :)

Labels:
0 Helpful
9 Replies 9

Mark Malone
VIP Alumni
VIP Alumni

‎12-11-2017 02:24 AM

a and b is first question , can only have 1 destination port
c is right its not support on pos , it does support pvlans and you can statically assign macs , its not supported on destination ports , maybe D after process of removal

salemmahara
Level 3
Level 3
In response to Mark Malone

‎12-11-2017 02:51 AM - edited ‎12-11-2017 02:54 AM

Characteristics of Local SPAN

Destination Ports Each local SPAN session must have at least one destination port (also called a monitoring port) that receives a copy of traffic from the source ports or VLANs.

 

So C looks Okey in question 1 ( At least means it can have one or more )

 

Then: ( https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/config_guide/sup2T/15_1_sy_swcg_2T/port_security.pdf )

Look at Page 2 pleas. Port Security supports access and trunk etherchannel interfaces .

 
0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to salemmahara

‎12-11-2017 02:53 AM

. A SPAN session can support multiple destination ports only if they are on the same VLAN.
You cannot have MULTIPLE destination ports in a LOCAL span its a limitation , multiple sources is fine not multiple destinations , don't believe me try it in cli :)

salemmahara
Level 3
Level 3
In response to Mark Malone

‎12-11-2017 04:18 AM - edited ‎12-11-2017 04:23 AM

Hello again Mark

Thank you for replying .

I send you a link in there port-security supports access and trunk ether-channel

In second picture you can see Local SPAN configuration

 

Both links are from Cisco . I also agree you but it's just making me confuse.

 

I'm a real critic of Cisco documentation and feature navigation for this kind of problems

 

Preview file
321 KB
Preview file
326 KB
0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to salemmahara

‎12-11-2017 04:25 AM

so you have 2 different cisco docs saying 2 opposite things but if you look at the docs the one I provided is 12x and the newer one 15 is saying it does , so it may now be allowed in version 15 ,more recent software and they have altered the feature to work with port-security but you would need to be on a specific v15 image for it to work not 12 , so in your case the question is irrelevant , it works and doesn't work depending on software image but the question does not take that into account , when your taking an exam there is a section where you can raise a concern like that and get them to review it once you specify why you think the question is not fully correct and it does not state what version of software or else the question is old and may be different in current exam

salemmahara
Level 3
Level 3
In response to Mark Malone

‎12-11-2017 08:56 AM - edited ‎12-11-2017 09:49 AM

As you said, here are 2 different documents from Cisco in which, these question can not be answered!

Let's hope the questions are old enough to be removed from exam.

I'll try to find more clear answers in 300-115 E-book .

 

Thanks a million

 

 

UPDATE:

 300-115 says you can have only one destination!

Could you please explain me why you choose B as correct option ( default direction in span is BOTH )

0 Helpful

mattsm3
Cisco Employee
Cisco Employee
In response to salemmahara

‎03-27-2018 08:41 PM

Hi,

 

I work for Cisco and wanted to let you know that the document that you referenced in b.png is for the Nexus 1000 switches. This is a datacenter technology, however the original question is in reference to Switch 300-115 which is a Route/Switch test. R/S questions relate to the catalyst series switches.  This is probably why their is some confusion with certain documents saying one thing and others saying the opposite.

 

A is correct and C is eliminated per:
https://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/10570-41.html#anc11

Characteristics of Destination Port

Each local SPAN session or RSPAN destination session must have a destination port (also called a monitoring port) that receives a copy of traffic from the source ports and VLANs. ( You kind of have to read between the lines but does not indicate VLAN as a destination possibility)

A destination port has these characteristics:

  • A destination port must reside on the same switch as the source port (for a local SPAN session).

  • A destination port can be any Ethernet physical port.

  • A destination port can participate in only one SPAN session at a time. A destination port in one SPAN session cannot be a destination port for a second SPAN session.

  • A destination port cannot be a source port.

  • A destination port cannot be an EtherChannel group.(Can be a port in a channel group but will then will not be used by the EtherChannel as destinations cannot send/ recieve any traffic other than the SPAN traffic)

 

B is incorrect per:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/swspan.html

 

The default configuration for local SPAN session ports is to send all packets untagged. SPAN also does not normally monitor bridge protocol data unit (BPDU) packets and Layer 2 protocols, such as Cisco Discovery Protocol (CDP), VLAN Trunk Protocol (VTP), Dynamic Trunking Protocol (DTP), Spanning Tree Protocol (STP), and Port Aggregation Protocol (PAgP). However, when you enter the encapsulation replicate keywords when configuring a destination port, these changes occur:

 

E is eliminated as the number of SPAN sessions is actually switch dependent:

https://supportforums.cisco.com/t5/network-infrastructure-documents/the-limitations-of-span-and-rspan-on-the-cisco-catalyst-2950/ta-p/3124141

 

 

  • The Cisco Catalyst 2950 switches can only have one SPAN session active at a time. The Cisco Catalyst 2950 switches can monitor only source ports, not VLANs.
         
  • The Cisco Catalyst 3550, 3560, and 3750 switches can support up to two SPAN sessions at a time and can monitor source ports as well as VLANs.

D is the only other answer left and should be correct through process of elimination.

 

mattsm3
Cisco Employee
Cisco Employee
In response to mattsm3

‎03-27-2018 08:48 PM

I was probably reading choice B incorrectly but it is still not a right answer as SPAN sessions can monitor ingress, egress or BOTH at the same time. The way its written implies you can only do one or the other.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card