Cisco 2960 X Owners Manual
Have a look at the manual Cisco 2960 X Owners Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
SPAN Sessions SPANsessions(localorremote)allowyoutomonitortrafficononeormoreports,oroneormoreVLANs, andsendthemonitoredtraffictooneormoredestinationports. AlocalSPANsessionisanassociationofadestinationportwithsourceportsorsourceVLANs,allona singlenetworkdevice.LocalSPANdoesnothaveseparatesourceanddestinationsessions.LocalSPAN sessionsgatherasetofingressandegresspacketsspecifiedbytheuserandformthemintoastreamofSPAN data,whichisdirectedtothedestinationport. RSPANconsistsofatleastoneRSPANsourcesession,anRSPANVLAN,andatleastoneRSPANdestination session.YouseparatelyconfigureRSPANsourcesessionsandRSPANdestinationsessionsondifferent networkdevices.ToconfigureanRSPANsourcesessiononadevice,youassociateasetofsourceportsor sourceVLANswithanRSPANVLAN.TheoutputofthissessionisthestreamofSPANpacketsthatare senttotheRSPANVLAN.ToconfigureanRSPANdestinationsessiononanotherdevice,youassociatethe destinationportwiththeRSPANVLAN.ThedestinationsessioncollectsallRSPANVLANtrafficandsends itouttheRSPANdestinationport. AnRSPANsourcesessionisverysimilartoalocalSPANsession,exceptforwherethepacketstreamis directed.InanRSPANsourcesession,SPANpacketsarerelabeledwiththeRSPANVLANIDanddirected overnormaltrunkportstothedestinationswitch. AnRSPANdestinationsessiontakesallpacketsreceivedontheRSPANVLAN,stripsofftheVLANtagging, andpresentsthemonthedestinationport.ThesessionpresentsacopyofallRSPANVLANpackets(except Layer2controlpackets)totheuserforanalysis. MorethanonesourcesessionandmorethanonedestinationsessioncanbeactiveinthesameRSPANVLAN. IntermediateswitchesalsocanseparatetheRSPANsourceanddestinationsessions.Theseswitchesareunable torunRSPAN,buttheymustrespondtotherequirementsoftheRSPANVLAN. TrafficmonitoringinaSPANsessionhastheserestrictions: •SourcescanbeportsorVLANs,butyoucannotmixsourceportsandsourceVLANsinthesamesession. •TheswitchsupportsuptotwolocalSPANorRSPANsourcesessions. ◦YoucanrunbothalocalSPANandanRSPANsourcesessioninthesameswitchorswitchstack. Theswitchorswitchstacksupportsatotalof64sourceandRSPANdestinationsessions. ◦YoucanconfiguretwoseparateSPANorRSPANsourcesessionswithseparateoroverlapping setsofSPANsourceportsandVLANs.BothswitchedandroutedportscanbeconfiguredasSPAN sourcesanddestinations. •YoucanhavemultipledestinationportsinaSPANsession,butnomorethan64destinationportsper switchstack. •SPANsessionsdonotinterferewiththenormaloperationoftheswitch.However,anoversubscribed SPANdestination,forexample,a10-Mb/sportmonitoringa100-Mb/sport,canresultindroppedor lostpackets. •WhenSPANorRSPANisenabled,eachpacketbeingmonitoredissenttwice,onceasnormaltraffic andonceasamonitoredpacket.ThereforemonitoringalargenumberofportsorVLANscouldpotentially generatelargeamountsofnetworktraffic. •YoucanconfigureSPANsessionsondisabledports;however,aSPANsessiondoesnotbecomeactive unlessyouenablethedestinationportandatleastonesourceportorVLANforthatsession. •TheswitchdoesnotsupportacombinationoflocalSPANandRSPANinasinglesession. Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX OL-29044-0171 Configuring SPAN and RSPAN SPAN and RSPAN
◦AnRSPANsourcesessioncannothavealocaldestinationport. ◦AnRSPANdestinationsessioncannothavealocalsourceport. ◦AnRSPANdestinationsessionandanRSPANsourcesessionthatareusingthesameRSPAN VLANcannotrunonthesameswitchorswitchstack. Related Topics CreatingaLocalSPANSession,onpage78 CreatingaLocalSPANSessionandConfiguringIncomingTraffic,onpage80 Example:ConfiguringLocalSPAN,onpage93 Monitored Traffic SPANsessionscanmonitorthesetraffictypes: •Receive(Rx)SPAN—Receive(oringress)SPANmonitorsasmuchaspossibleallofthepacketsreceived bythesourceinterfaceorVLANbeforeanymodificationorprocessingisperformedbytheswitch.A copyofeachpacketreceivedbythesourceissenttothedestinationportforthatSPANsession. Packetsthataremodifiedbecauseofroutingorqualityofservice(QoS)—forexample,modified DifferentiatedServicesCodePoint(DSCP)—arecopiedbeforemodification. FeaturesthatcancauseapackettobedroppedduringreceiveprocessinghavenoeffectoningressSPAN; thedestinationportreceivesacopyofthepacketeveniftheactualincomingpacketisdropped.These featuresincludeIPstandardandextendedinputaccesscontrollists(ACLs),ingressQoSpolicing,VLAN ACLs,andegressQoSpolicing. •Transmit(Tx)SPAN—Transmit(oregress)SPANmonitorsasmuchaspossibleallofthepacketssent bythesourceinterfaceafterallmodificationandprocessingisperformedbytheswitch.Acopyofeach packetsentbythesourceissenttothedestinationportforthatSPANsession.Thecopyisprovided afterthepacketismodified. Packetsthataremodifiedbecauseofrouting(forexample,withmodifiedtime-to-live(TTL),MAC address,orQoSvalues)areduplicated(withthemodifications)atthedestinationport. Featuresthatcancauseapackettobedroppedduringtransmitprocessingalsoaffecttheduplicatedcopy forSPAN.ThesefeaturesincludeIPstandardandextendedoutputACLsandegressQoSpolicing. •Both—InaSPANsession,youcanalsomonitoraportorVLANforbothreceivedandsentpackets. Thisisthedefault. ThedefaultconfigurationforlocalSPANsessionportsistosendallpacketsuntagged.SPANalsodoesnot normallymonitorbridgeprotocoldataunit(BPDU)packetsandLayer2protocols,suchasCiscoDiscovery Protocol(CDP),VLANTrunkProtocol(VTP),DynamicTrunkingProtocol(DTP),SpanningTreeProtocol (STP),andPortAggregationProtocol(PAgP).However,whenyouentertheencapsulationreplicatekeywords whenconfiguringadestinationport,thesechangesoccur: •Packetsaresentonthedestinationportwiththesameencapsulation(untagged,Inter-SwitchLink(ISL), orIEEE802.1Q)thattheyhadonthesourceport. •Packetsofalltypes,includingBPDUandLayer2protocolpackets,aremonitored. Therefore,alocalSPANsessionwithencapsulationreplicateenabledcanhaveamixtureofuntagged,ISL, andIEEE802.1Qtaggedpacketsappearonthedestinationport. Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX 72OL-29044-01 Configuring SPAN and RSPAN SPAN and RSPAN
Switchcongestioncancausepacketstobedroppedatingresssourceports,egresssourceports,orSPAN destinationports.Ingeneral,thesecharacteristicsareindependentofoneanother.Forexample: •ApacketmightbeforwardednormallybutdroppedfrommonitoringduetoanoversubscribedSPAN destinationport. •Aningresspacketmightbedroppedfromnormalforwarding,butstillappearontheSPANdestination port. •AnegresspacketdroppedbecauseofswitchcongestionisalsodroppedfromegressSPAN. InsomeSPANconfigurations,multiplecopiesofthesamesourcepacketaresenttotheSPANdestination port.Forexample,abidirectional(bothRxandTx)SPANsessionisconfiguredfortheRxmonitoronport AandTxmonitoronportB.IfapacketenterstheswitchthroughportAandisswitchedtoportB,both incomingandoutgoingpacketsaresenttothedestinationport.BothpacketsarethesameunlessaLayer3 rewriteoccurs,inwhichcasethepacketsaredifferentbecauseofthepacketmodification. Source Ports Asourceport(alsocalledamonitoredport)isaswitchedorroutedportthatyoumonitorfornetworktraffic analysis.InalocalSPANsessionorRSPANsourcesession,youcanmonitorsourceportsorVLANsfor trafficinoneorbothdirections.Theswitchsupportsanynumberofsourceports(uptothemaximumnumber ofavailableportsontheswitch)andanynumberofsourceVLANs(uptothemaximumnumberofVLANs supported).However,theswitchsupportsamaximumof(localorRSPAN)withsourceportsorVLANs.You cannotmixportsandVLANsinasinglesession. Asourceporthasthesecharacteristics: •ItcanbemonitoredinmultipleSPANsessions. •Eachsourceportcanbeconfiguredwithadirection(ingress,egress,orboth)tomonitor. •Itcanbeanyporttype(forexample,EtherChannel,GigabitEthernet,andsoforth). •ForEtherChannelsources,youcanmonitortrafficfortheentireEtherChannelorindividuallyona physicalportasitparticipatesintheportchannel. •Itcanbeanaccessport,trunkport,routedport,orvoiceVLANport. •Itcannotbeadestinationport. •SourceportscanbeinthesameordifferentVLANs. •Youcanmonitormultiplesourceportsinasinglesession. Source VLANs VLAN-basedSPAN(VSPAN)isthemonitoringofthenetworktrafficinoneormoreVLANs.TheSPAN orRSPANsourceinterfaceinVSPANisaVLANID,andtrafficismonitoredonalltheportsforthatVLAN. VSPANhasthesecharacteristics: •AllactiveportsinthesourceVLANareincludedassourceportsandcanbemonitoredineitherorboth directions. •Onagivenport,onlytrafficonthemonitoredVLANissenttothedestinationport. •IfadestinationportbelongstoasourceVLAN,itisexcludedfromthesourcelistandisnotmonitored. Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX OL-29044-0173 Configuring SPAN and RSPAN SPAN and RSPAN
•IfportsareaddedtoorremovedfromthesourceVLANs,thetrafficonthesourceVLANreceivedby thoseportsisaddedtoorremovedfromthesourcesbeingmonitored. •YoucannotusefilterVLANsinthesamesessionwithVLANsources. •YoucanmonitoronlyEthernetVLANs. VLAN Filtering Whenyoumonitoratrunkportasasourceport,bydefault,allVLANsactiveonthetrunkaremonitored. YoucanlimitSPANtrafficmonitoringontrunksourceportstospecificVLANsbyusingVLANfiltering. •VLANfilteringappliesonlytotrunkportsortovoiceVLANports. •VLANfilteringappliesonlytoport-basedsessionsandisnotallowedinsessionswithVLANsources. •WhenaVLANfilterlistisspecified,onlythoseVLANsinthelistaremonitoredontrunkportsoron voiceVLANaccessports. •SPANtrafficcomingfromotherporttypesisnotaffectedbyVLANfiltering;thatis,allVLANsare allowedonotherports. •VLANfilteringaffectsonlytrafficforwardedtothedestinationSPANportanddoesnotaffectthe switchingofnormaltraffic. Destination Port EachlocalSPANsessionorRSPANdestinationsessionmusthaveadestinationport(alsocalledamonitoring port)thatreceivesacopyoftrafficfromthesourceportsorVLANsandsendstheSPANpacketstotheuser, usuallyanetworkanalyzer. Adestinationporthasthesecharacteristics: •ForalocalSPANsession,thedestinationportmustresideonthesameswitchorswitchstackasthe sourceport.ForanRSPANsession,itislocatedontheswitchcontainingtheRSPANdestinationsession. ThereisnodestinationportonaswitchorswitchstackrunningonlyanRSPANsourcesession. •WhenaportisconfiguredasaSPANdestinationport,theconfigurationoverwritestheoriginalport configuration.WhentheSPANdestinationconfigurationisremoved,theportrevertstoitsprevious configuration.IfaconfigurationchangeismadetotheportwhileitisactingasaSPANdestinationport, thechangedoesnottakeeffectuntiltheSPANdestinationconfigurationhadbeenremoved. WhenQoSisconfiguredontheSPANdestinationport,QoStakeseffectimmediately.Note •IftheportwasinanEtherChannelgroup,itisremovedfromthegroupwhileitisadestinationport.If itwasaroutedport,itisnolongeraroutedport. •ItcanbeanyEthernetphysicalport. •Itcannotbeasecureport. •Itcannotbeasourceport. •ItcannotbeanEtherChannelgrouporaVLAN. Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX 74OL-29044-01 Configuring SPAN and RSPAN SPAN and RSPAN
•ItcanparticipateinonlyoneSPANsessionatatime(adestinationportinoneSPANsessioncannotbe adestinationportforasecondSPANsession). •Whenitisactive,incomingtrafficisdisabled.Theportdoesnottransmitanytrafficexceptthatrequired fortheSPANsession.Incomingtrafficisneverlearnedorforwardedonadestinationport. •Ifingresstrafficforwardingisenabledforanetworksecuritydevice,thedestinationportforwardstraffic atLayer2. •ItdoesnotparticipateinanyoftheLayer2protocols(STP,VTP,CDP,DTP,PagP). •AdestinationportthatbelongstoasourceVLANofanySPANsessionisexcludedfromthesourcelist andisnotmonitored. •Themaximumnumberofdestinationportsinaswitchorswitchstackis64. LocalSPANandRSPANdestinationportsfunctiondifferentlywithVLANtaggingandencapsulation: •ForlocalSPAN,iftheencapsulationreplicatekeywordsarespecifiedforthedestinationport,these packetsappearwiththeoriginalencapsulation(untagged,ISL,orIEEE802.1Q).Ifthesekeywordsare notspecified,packetsappearintheuntaggedformat.Therefore,theoutputofalocalSPANsessionwith encapsulationreplicateenabledcancontainamixtureofuntagged,ISL,orIEEE802.1Q-taggedpackets. •ForRSPAN,theoriginalVLANIDislostbecauseitisoverwrittenbytheRSPANVLANidentification. Therefore,allpacketsappearonthedestinationportasuntagged. RSPAN VLAN TheRSPANVLANcarriesSPANtrafficbetweenRSPANsourceanddestinationsessions.RSPANVLAN hasthesespecialcharacteristics: •AlltrafficintheRSPANVLANisalwaysflooded. •NoMACaddresslearningoccursontheRSPANVLAN. •RSPANVLANtrafficonlyflowsontrunkports. •RSPANVLANsmustbeconfiguredinVLANconfigurationmodebyusingtheremote-spanVLAN configurationmodecommand. •STPcanrunonRSPANVLANtrunksbutnotonSPANdestinationports. •AnRSPANVLANcannotbeaprivate-VLANprimaryorsecondaryVLAN. ForVLANs1to1005thatarevisibletoVLANTrunkingProtocol(VTP),theVLANIDanditsassociated RSPANcharacteristicarepropagatedbyVTP.IfyouassignanRSPANVLANIDintheextendedVLAN range(1006to4094),youmustmanuallyconfigureallintermediateswitches. ItisnormaltohavemultipleRSPANVLANsinanetworkatthesametimewitheachRSPANVLANdefining anetwork-wideRSPANsession.Thatis,multipleRSPANsourcesessionsanywhereinthenetworkcan contributepacketstotheRSPANsession.ItisalsopossibletohavemultipleRSPANdestinationsessions throughoutthenetwork,monitoringthesameRSPANVLANandpresentingtraffictotheuser.TheRSPAN VLANIDseparatesthesessions. Related Topics CreatinganRSPANSourceSession,onpage85 CreatinganRSPANDestinationSession,onpage88 Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX OL-29044-0175 Configuring SPAN and RSPAN SPAN and RSPAN
CreatinganRSPANDestinationSessionandConfiguringIncomingTraffic,onpage90 Examples:CreatinganRSPANVLAN,onpage94 SPAN and RSPAN Interaction with Other Features SPANinteractswiththesefeatures: •Routing—SPANdoesnotmonitorroutedtraffic.VSPANonlymonitorstrafficthatentersorexitsthe switch,nottrafficthatisroutedbetweenVLANs.Forexample,ifaVLANisbeingRx-monitoredand theswitchroutestrafficfromanotherVLANtothemonitoredVLAN,thattrafficisnotmonitoredand notreceivedontheSPANdestinationport. •STP—AdestinationportdoesnotparticipateinSTPwhileitsSPANorRSPANsessionisactive.The destinationportcanparticipateinSTPaftertheSPANorRSPANsessionisdisabled.Onasourceport, SPANdoesnotaffecttheSTPstatus.STPcanbeactiveontrunkportscarryinganRSPANVLAN. •CDP—ASPANdestinationportdoesnotparticipateinCDPwhiletheSPANsessionisactive.After theSPANsessionisdisabled,theportagainparticipatesinCDP. •VTP—YoucanuseVTPtopruneanRSPANVLANbetweenswitches. •VLANandtrunking—YoucanmodifyVLANmembershiportrunksettingsforsourceordestination portsatanytime.However,changesinVLANmembershiportrunksettingsforadestinationportdo nottakeeffectuntilyouremovetheSPANdestinationconfiguration.ChangesinVLANmembership ortrunksettingsforasourceportimmediatelytakeeffect,andtherespectiveSPANsessionsautomatically adjustaccordingly. •EtherChannel—YoucanconfigureanEtherChannelgroupasasourceportbutnotasaSPANdestination port.WhenagroupisconfiguredasaSPANsource,theentiregroupismonitored. IfaphysicalportisaddedtoamonitoredEtherChannelgroup,thenewportisaddedtotheSPANsource portlist.IfaportisremovedfromamonitoredEtherChannelgroup,itisautomaticallyremovedfrom thesourceportlist. AphysicalportthatbelongstoanEtherChannelgroupcanbeconfiguredasaSPANsourceportand stillbeapartoftheEtherChannel.Inthiscase,datafromthephysicalportismonitoredasitparticipates intheEtherChannel.However,ifaphysicalportthatbelongstoanEtherChannelgroupisconfigured asaSPANdestination,itisremovedfromthegroup.AftertheportisremovedfromtheSPANsession, itrejoinstheEtherChannelgroup.PortsremovedfromanEtherChannelgroupremainmembersofthe group,buttheyareintheinactiveorsuspendedstate. IfaphysicalportthatbelongstoanEtherChannelgroupisadestinationportandtheEtherChannelgroup isasource,theportisremovedfromtheEtherChannelgroupandfromthelistofmonitoredports. •Multicasttrafficcanbemonitored.Foregressandingressportmonitoring,onlyasingleuneditedpacket issenttotheSPANdestinationport.Itdoesnotreflectthenumberoftimesthemulticastpacketissent. •Aprivate-VLANportcannotbeaSPANdestinationport. •AsecureportcannotbeaSPANdestinationport. ForSPANsessions,donotenableportsecurityonportswithmonitoredegresswheningressforwarding isenabledonthedestinationport.ForRSPANsourcesessions,donotenableportsecurityonanyports withmonitoredegress. •AnIEEE802.1xportcanbeaSPANsourceport.YoucanenableIEEE802.1xonaportthatisaSPAN destinationport;however,IEEE802.1xisdisableduntiltheportisremovedasaSPANdestination. Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX 76OL-29044-01 Configuring SPAN and RSPAN SPAN and RSPAN
ForSPANsessions,donotenableIEEE802.1xonportswithmonitoredegresswheningressforwarding
isenabledonthedestinationport.ForRSPANsourcesessions,donotenableIEEE802.1xonanyports
thatareegressmonitored.
SPAN and RSPAN and Device Stacks
Becausethestackofswitchesrepresentsonelogicalswitch,localSPANsourceportsanddestinationports
canbeindifferentswitchesinthestack.Therefore,theadditionordeletionofswitchesinthestackcanaffect
alocalSPANsession,aswellasanRSPANsourceordestinationsession.Anactivesessioncanbecome
inactivewhenaswitchisremovedfromthestackoraninactivesessioncanbecomeactivewhenaswitchis
addedtothestack.
Default SPAN and RSPAN Configuration
Table 12: Default SPAN and RSPAN Configuration
Default SettingFeature
Disabled.SPANstate(SPANandRSPAN)
Bothreceivedandsenttraffic(both).Sourceporttraffictomonitor
Nativeform(untaggedpackets).Encapsulationtype(destinationport)
Disabled.Ingressforwarding(destinationport)
Onatrunkinterfaceusedasasourceport,allVLANsare
monitored.
VLANfiltering
Noneconfigured.RSPANVLANs
Configuration Guidelines
SPAN Configuration Guidelines
•ToremoveasourceordestinationportorVLANfromtheSPANsession,usethenomonitorsession
session_numbersource{interfaceinterface-id|vlanvlan-id}globalconfigurationcommandortheno
monitorsessionsession_numberdestinationinterfaceinterface-idglobalconfigurationcommand.
Fordestinationinterfaces,theencapsulationoptionsareignoredwiththenoformofthecommand.
•TomonitorallVLANsonthetrunkport,usethenomonitorsessionsession_numberfilterglobal
configurationcommand.
Related Topics
CreatingaLocalSPANSession,onpage78
Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX
OL-29044-0177
Configuring SPAN and RSPAN
Default SPAN and RSPAN Configuration
CreatingaLocalSPANSessionandConfiguringIncomingTraffic,onpage80
Example:ConfiguringLocalSPAN,onpage93
RSPAN Configuration Guidelines
•AlltheSPANconfigurationguidelinesapplytoRSPAN.
•AsRSPANVLANshavespecialproperties,youshouldreserveafewVLANsacrossyournetworkfor
useasRSPANVLANs;donotassignaccessportstotheseVLANs.
•YoucanapplyanoutputACLtoRSPANtraffictoselectivelyfilterormonitorspecificpackets.Specify
theseACLsontheRSPANVLANintheRSPANsourceswitches.
•ForRSPANconfiguration,youcandistributethesourceportsandthedestinationportsacrossmultiple
switchesinyournetwork.
•Accessports(includingvoiceVLANports)ontheRSPANVLANareputintheinactivestate.
•YoucanconfigureanyVLANasanRSPANVLANaslongastheseconditionsaremet:
◦ThesameRSPANVLANisusedforanRSPANsessioninalltheswitches.
◦AllparticipatingswitchessupportRSPAN.
Related Topics
CreatinganRSPANSourceSession,onpage85
CreatinganRSPANDestinationSession,onpage88
CreatinganRSPANDestinationSessionandConfiguringIncomingTraffic,onpage90
Examples:CreatinganRSPANVLAN,onpage94
How to Configure SPAN and RSPAN
Creating a Local SPAN Session
BeginninginprivilegedEXECmode,followthesestepstocreateaSPANsessionandspecifythesource
(monitored)portsorVLANsandthedestination(monitoring)ports.
SUMMARY STEPS
1.configureterminal
2.nomonitorsession{session_number|all|local|remote}
3.monitorsessionsession_numbersource{interfaceinterface-id|vlanvlan-id}[,|-][both|rx|tx]
4.monitorsessionsession_numberdestination{interfaceinterface-id[,|-][encapsulationreplicate]}
5.end
Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX
78OL-29044-01
Configuring SPAN and RSPAN
How to Configure SPAN and RSPAN
DETAILED STEPS
PurposeCommand or Action
Enterstheglobalconfigurationmode.configureterminal
Example:
Switch#configureterminal
Step 1
RemovesanyexistingSPANconfigurationforthesession.nomonitorsession{session_number|
all|local|remote}
Step 2
•Forsession_number,therangeis1to66.
Example:
Switch(config)#nomonitorsessionall
•all—RemovesallSPANsessions.
•local—Removesalllocalsessions.
•remote—RemovesallremoteSPANsessions.
SpecifiestheSPANsessionandthesourceport(monitoredport).monitorsessionsession_numbersource
{interfaceinterface-id|vlanvlan-id}
[,|-][both|rx|tx]
Step 3
•Forsession_number,therangeis1to66.
Example:
Switch(config)#monitorsession1
•Forinterface-id,specifythesourceportorthesourceVLANtomonitor.
•Forsourceinterface-id,specifythesourceporttomonitor.Onlyphysical
interfacesarevalid.sourceinterfacegigabitethernet1/0/1•Forvlan-id,specifythesourceVLANtomonitor.Therangeis1to4094
(excludingtheRSPANVLAN).
Asinglesessioncanincludemultiplesources(portsorVLANs)
definedinaseriesofcommands,butyoucannotcombinesource
portsandsourceVLANsinonesession.
Note
•(Optional)[,|-]Specifiesaseriesorrangeofinterfaces.Enteraspacebefore
andafterthecomma;enteraspacebeforeandafterthehyphen.
•(Optional)Specifiesthedirectionoftraffictomonitor.Ifyoudonotspecify
atrafficdirection,theSPANmonitorsbothsentandreceivedtraffic.
•both—Monitorsbothsentandreceivedtraffic.Thisisthedefault.
•rx—Monitorsreceivedtraffic.
•tx—Monitorssenttraffic.
Youcanusethemonitorsessionsession_numbersourcecommand
multipletimestoconfiguremultiplesourceports.
Note
SpecifiestheSPANsessionandthedestinationport(monitoringport).monitorsessionsession_number
destination{interfaceinterface-id[,|
-][encapsulationreplicate]}
Step 4
ForlocalSPAN,youmustusethesamesessionnumberforthesource
anddestinationinterfaces.
Note
Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX
OL-29044-0179
Configuring SPAN and RSPAN
Creating a Local SPAN Session
PurposeCommand or Action
•Forsession_number,specifythesessionnumberenteredinstep3.
Example:
Switch(config)#monitorsession1
•Forinterface-id,specifythedestinationport.Thedestinationinterfacemust
beaphysicalport;itcannotbeanEtherChannel,anditcannotbeaVLAN.
destinationinterface•(Optional)[,|-]Specifiesaseriesorrangeofinterfaces.Enteraspacebefore
andafterthecomma;enteraspacebeforeandafterthehyphen.gigabitethernet1/0/2encapsulationreplicate
(Optional)encapsulationreplicatespecifiesthatthedestinationinterface
replicatesthesourceinterfaceencapsulationmethod.Ifnotselected,thedefault
istosendpacketsinnativeform(untagged).
Youcanusemonitorsessionsession_numberdestinationcommand
multipletimestoconfiguremultipledestinationports.
Note
ReturnstoprivilegedEXECmode.end
Example:
Switch(config)#end
Step 5
Related Topics
LocalSPAN,onpage68
SPANSessions,onpage71
SPANConfigurationGuidelines,onpage77
Creating a Local SPAN Session and Configuring Incoming Traffic
BeginninginprivilegedEXECmode,followthesestepstocreateaSPANsession,tospecifythesourceports
orVLANsandthedestinationports,andtoenableincomingtrafficonthedestinationportforanetwork
securitydevice(suchasaCiscoIDSSensorAppliance).
SUMMARY STEPS
1.configureterminal
2.nomonitorsession{session_number|all|local|remote}
3.monitorsessionsession_numbersource{interfaceinterface-id|vlanvlan-id}[,|-][both|rx|tx]
4.monitorsessionsession_numberdestination{interfaceinterface-id[,|-][encapsulationreplicate]
[ingress{dot1qvlanvlan-id|isl|untaggedvlanvlan-id|vlanvlan-id}]}
5.end
Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX
80OL-29044-01
Configuring SPAN and RSPAN
Creating a Local SPAN Session and Configuring Incoming Traffic