04-15-2014 09:15 AM - edited 03-07-2019 07:06 PM
04-15-2014 09:58 AM
Of course you can. It will be configured the same as an access port:
monitor session 1 destination int g0/24
However be aware of the following:
Each local SPAN session destination session must have a destination port (also called a monitoring port) that receives a copy of traffic from the source port.
The destination port has these characteristics:
•It must reside on the same switch as the source port (for a local SPAN session).
•It can be any Ethernet physical port.
•It cannot be a source port or a reflector port.
•It cannot be an EtherChannel group or a VLAN.
•It can be a physical port that is assigned to an EtherChannel group, even if the EtherChannel group has been specified as a SPAN source. The port is removed from the group while it is configured as a SPAN destination port.
•The port does not transmit any traffic except that required for the SPAN session.
•If ingress traffic forwarding is enabled for a network security device, the destination port forwards traffic at Layer 2.
•It does not participate in spanning tree while the SPAN session is active.
•When it is a destination port, it does not participate in any of the Layer 2 protocols (STP, VTP, CDP, DTP, PagP, or LACP).
•No address learning occurs on the destination port.
•A destination port receives copies of sent and received traffic for all monitored source ports. If a destination port is oversubscribed, it could become congested. This could affect traffic forwarding on one or more of the source ports.
04-15-2014 10:51 PM
Well, if i did so, the trunk port will goes into "monitoring" mode and i will loose the connectivity to other switches that connects to the trunk port,
So how i configure the trunk port as SPAN destination while i keep the connectivity to other switches through this port active?
05-23-2018 11:36 AM
05-23-2018 12:51 PM
I think the OP meant that the trunk was passing other unrelated vlans other than the one they wanted to be a monitor destination.
At least that is what I was trying to do. I trunk to my mac mini and pass different vlans to different virtual hosts. I was trying to set up one of the vlans as a sniffer interface on the mac mini. In the end, I just ran another wire, used the normal local span from one physical port to another and that got me where I wanted to be.
However, it really would be nice to be able to span into a monitor vlan on a trunk that contains other traffic.
05-28-2018 07:53 AM
04-16-2014 03:01 AM
one more thing i would like to add.
If the monitor session destination port is a trunk, you should also use keyword ‘encapsulation dot1q’. If you do not, packets will be sent on the interface in native format.
c3550(config)#monitor session 1 destination interface fa0/24 encapsulation dot1q
If you configure a SPAN destination as a trunk port, it will be able to capture all vlan tagged data.
"Please rate helpful posts"
05-23-2018 11:02 AM
So the answer seems to be "yes, you can use a trunk port as a destination." However the answer is also, "no you cannot use a trunk port as a destination" if you actually want to use the trunked port for anything else besides monitoring.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide