Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
591760
Views
35
Helpful
2
Comments

How to configure port monitoring (SPAN) on a Catalyst 2940, 2950, 2955, 2970, 3550 or 3750 series switch

TCC_2
Level 10
Level 10

‎06-22-2009 03:36 PM - edited ‎03-01-2019 03:50 PM

Resolution

You can analyze network traffic passing through ports by using Switched Port Analyzer (SPAN). This sends a copy of the traffic to another port on the switch that has been connected to a SwitchProbe device, another Remote Monitoring (RMON) probe or security device. SPAN mirrors receive or transmit (or both) traffic on one or more source ports to a destination port for analysis.

Remote SPAN (RSPAN) extends SPAN by enabling RMON of multiple switches across your network. The traffic for each RSPAN session is carried over a user-specified RSPAN VLAN that is dedicated for that RSPAN session in all participating switches. The SPAN traffic from the sources is copied onto the RSPAN VLAN through a reflector port and then forwarded over trunk ports carrying the RSPAN VLAN to any RSPAN destination session monitoring the RSPAN VLAN.

SPAN and RSPAN do not affect the switching of network traffic on source ports. A copy of the packets received or sent by the source interfaces are sent to the destination interface. Except for traffic that is required for the SPAN or RSPAN session, reflector ports and destination ports do not receive or forward traffic.

These are configuration examples:

  • This example shows how to set up a SPAN session (session 1) for monitoring source port traffic to a destination port. First, any existing SPAN configuration for session 1 is cleared and then bidirectional traffic is mirrored from source port 1 to destination port 10:  

    Switch(config)# no monitor session 1
    Switch(config)# monitor session 1 source interface fastEthernet0/1
    Switch(config)# monitor session 1 destination interface fastEthernet0/10 encapsulation dot1q
    Switch(config)# end
           
  • This example shows how to configure the destination port for ingress traffic on VLAN 5 by using a security device that does not support 802.1q encapsulation: 

    Switch(config)# monitor session 1 destination interface Fa 0/5 ingress vlan 5  

  • This example shows how to configure the destination port for ingress traffic on VLAN 5 by using a security device that supports 802.1q encapsulation:  

    Switch(config)# monitor session 1 destination interface Fa 0/5 encapsulation dot1q ingress vlan 5
           
  • This example shows how to disable ingress traffic forwarding on the destination port:  

    Switch(config)# monitor session 1 destination interface Fa 0/5 encapsulation dot1q
           
  • This example shows how to clear any existing RSPAN configuration for session 1, configure RSPAN session 1 to monitor multiple source interfaces, and configure the destination RSPAN VLAN and the reflector-port:  

    Switch(config)# no monitor session 1
    Switch(config)# monitor session 1 source interface fastEthernet0/10 tx
    Switch(config)# monitor session 1 source interface fastEthernet0/2 rx
    Switch(config)# monitor session 1 source interface fastEthernet0/3 rx
    Switch(config)# monitor session 1 source interface port-channel 102 rx
    Switch(config)# monitor session 1 destination remote vlan 901 reflector-port fastEthernet0/1
    Switch(config)# end
           
  • This example shows how to configure VLAN 901 as the source remote VLAN and port 5 as the destination interface:  

    Switch(config)# monitor session 1 source remote vlan 901
    Switch(config)# monitor session 1 destination interface fastEthernet0/5
    Switch(config)# end
       

For more information about configuring SPAN, refer to these documents:

Labels:
Comments
mdsk0905
Level 1
Level 1
‎07-02-2020 06:57 AM
Configuration for Extended Session: SPAN Configuration ========================================================= Nexus(config)# interface Nexus(config-if)# switchport Nexus(config-if)# switchport mode trunk Nexus(config-if)# switchport monitor Nexus(config-if)# monitor session 3 Nexus(config-monitor)# mode extended Nexus(config-monitor)# source interface Nexus(config-monitor)# destination interface Nexus(config-monitor)# no shut ======================================================== Nexus(config-monitor)# sh monitor Session                       State                   Reason                 Description ------- ----------- ---------------------- -------------------------------- 3                                   up                   The session is up ======================================================== Nexus(config-monitor)# sh monitor session all ========================================================
prominentseo2
Level 1
Level 1
‎04-13-2024 12:27 PM

That's a great explanation of how to configure port monitoring (SPAN) on Cisco Catalyst switches! Here are the key points:

SPAN (Switched Port Analyzer): Copies traffic from source ports to a destination port for monitoring.
RSPAN (Remote SPAN): Extends SPAN functionality across multiple switches using a dedicated VLAN.


Configuration Steps:


Clear any existing configuration for the desired session.
Define the source port(s) and traffic direction (ingress, egress, or both).
Define the destination port and encapsulation (if using a security device).
(Optional) Disable ingress traffic forwarding on the destination port.


RSPAN Configuration:


Specify source interfaces and traffic direction.
Define the destination RSPAN VLAN and reflector port.
Remember to refer to the specific documentation for your switch model (Catalyst 2940, 2950, 2955, 2970, 3550, or 3750) for detailed instructions and additional features.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card