SPAN:
SwitchPort Analyser copies traffic from one or more CPUs, ports, Ether-channels,
VLANs, and sends the copied traffic to one or more destinations for analysis by
a network analyser such as a Switch Probe device or other Remote Monitoring
(RMON) probe or packet capture/protocol analyser.
· Local SPAN session is an association of source ports and source VLANs with one or
more destinations. You configure a local SPAN session on a single switch. Local
SPAN does not have separate source and destination sessions. Each local SPAN session
can have either port or VLAN as source, but not both
·
Remote SPAN supports source ports,
source VLANs, and destinations on different (remote) switches, which provides
remote monitoring of multiple switches across your network. RSPAN uses a Layer 2 VLAN to carry SPAN
traffic between switches. Each RSPAN source session can have either ports or
VLANs as sources, but not both. The RSPAN source session
copies traffic from the source ports or source VLANs and switches the traffic
over the RSPAN VLAN to the RSPAN destination session. The RSPAN destination
session switches the traffic to the final destinations.
· Encapsulated Remote SPAN configures
source session on one switch and you associate a set of source ports or VLANs
with a destination IP address, ERSPAN ID number, and optionally with a VRF
name. To configure an ERSPAN destination session on another switch, you
associate the destinations with the source IP address, ERSPAN ID number, and
optionally with a VRF name. Each
ERSPAN source session can have either ports or VLANs as sources, but not both. The ERSPAN source session copies traffic from the source
ports or source VLANs and forwards the traffic using routable GRE-encapsulated packets to the
ERSPAN destination session. The ERSPAN destination session switches the traffic
to the destinations.
· By default, local SPAN and ERSPAN monitor all
traffic, including multicast and bridge protocol data unit (BPDU) frames. RSPAN
does not support BPDU monitoring.
·
You can configure both
Layer 2 and Layer 3 ports and Ether-channels as SPAN
sources. SPAN can monitor one or more source ports or Ether-channels in
a single SPAN session. You can configure ports or Ether-channels in any VLAN as
SPAN sources. Trunk ports or Ether-channels can be configured as sources and
mixed with non-trunk sources.
·
A SPAN
destination is a Layer 2 or Layer 3 port or, with Release 12.2(33)SXH
and later releases, an Ether-channel, to which local SPAN, RSPAN, or ERSPAN
sends traffic for analysis. When you configure a port or Ether-channel as a
SPAN destination, it is dedicated for use only by the SPAN feature. Destination Ether-channels do
not support the Port Aggregation Control Protocol (PAgP) or Link Aggregation
Control Protocol (LACP) Ether-channel protocols; only the on mode is supported, with
all Ether-channel protocol support disabled.
·
You can configure trunks as
destinations, which allows trunk destinations to transmit encapsulated traffic.
You can use allowed VLAN lists to configure destination trunk VLAN filtering.
·
These features are
incompatible with SPAN destinations:
o
Private VLANs
o
IEEE 802.1X port-based
authentication
o
Port security
o
Spanning Tree Protocol
(STP) and related features: PortFast, PortFast BPDU filtering, BPDU Guard,
o
UplinkFast, BackboneFast, Ether-channel
Guard, Root Guard, Loop Guard.
o
VLAN trunk protocol (VTP)
o
Dynamic trunking protocol
(DTP)
o
IEEE 802.1Q tunnelling
·
This example shows (LOCAL)
how to configure session 1 to monitor ingress traffic from Gigabit Ethernet port 1/1
and configure Gigabit Ethernet port 1/2 as the destination:
Router(config)# monitor session 1 type local
Router(config-mon-local)# source interface
gigabitethernet 1/1 rx
Router(config-mon-local)# destination
interface gigabitethernet 1/2
·
This example shows (RSPAN)
how to configure session 1 to monitor bidirectional traffic from Gigabit Ethernet
port 1/1:
Router(config)# monitor session 1 type rspan-source
Router(config-mon-rspan-src)# source
interface gigabitethernet 1/1
Router(config-mon-rspan-src)# destination
remote vlan 2
·
This example shows how to
configure session 3 to monitor bidirectional traffic from Gigabit Ethernet port
4/1:
Router(config)# monitor session 3 type erspan-source
Router(config-mon-erspan-src)# source
interface gigabitethernet 4/1
Router(config-mon-erspan-src)# destination
Router(config-mon-erspan-src-dst)# ip address
10.1.1.1
Router(config-mon-erspan-src-dst)# origin
ip address 20.1.1.1
Router(config-mon-erspan-src-dst)#
erspan-id 101
·
This example shows how to
monitor VLANs 1 through 5 and VLAN 9 when the source is a trunk port:
Router(config)# monitor session 2 filter
vlan 1 - 5 , 9
No comments:
Post a Comment