Subscribe Subscribe | Subscribe Comments RSS
Subscribe in Bloglines

Add to netvibes
Add to Google Reader or Homepage

Cisco SPAN port is a SwitchPort ANalyzer on the cisco catalyst that allows to select and span or copy traffic from one or more source switchports or source VLANs onto one or more destination ports. The destination port(s) runs a sniffing or a packet capture program like Ethereal, Wireshark or TCPDump.

Cisco IOS support Local SPAN and Remote SPAN (RSPAN).

A local SPAN is the one where the source VLANs, source switchports and the destination switchports are on the same physical switch.

Remote SPAN (RSPAN) A remote SPAN is the one where the source VLANs, Switchports and Destination ports can be on a different switches on the network.

The following procedure configures a SPAN session with SPAN Source and Destination:

1. Set the Source Interface/Vlan to SPAN from Global Configuration mode:

CiscoSwitch(config)# monitor session 1 source interface fa0/1 both

2. Set the Destination Interface for the SPAN

CiscoSwitch(config)# monitor session 1 destination interface fa0/2

The above configures SPAN Source port on fastethernet0/1 for ingress and egress traffic in step 1. All traffic here will be copied to the SPAN destination port fastEthernet0/2 configured on step 2.

The source can a single interface, a range of interfaces, a list of interfaces or a single VLAN, range of VLANs and list of VLANs.

The destination can be an interface, a range of intrerfaces or a list of interfaces where a sniffer or a packet capture device is capturing traffic.

Traffic copied on the source port can be ingress only, egress only or both.

To verify the setup of SPAN sessions:

CiscoSwitch# show monitor session 1

or

CiscoSwitch# show monitor session 1 detail

To configure a range of source interfaces for only ingress traffic (traffic received)

CiscoSwitch(config)# monitor session 1 source interface fa0/1-5 rx

To configure a list of source interfaces for egress traffic (traffic outbound):

CiscoSwitch(config)# monitor session 1 source interface fa0/1, 0/7 tx

To configure a list of destination SPAN ports:

CiscoSwitch(config)# monitor session 1 destination interface fa0/11, 0/17

For more information and official cisco documentation, please click here 

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

1 Comment so far »

  1. by Ciscozine, on November 18 2008 @ 5:21 am

     

    EtherChannel bundles individual Ethernet links into a single logical link that provides bandwidth up to 1600 Mbps (Fast EtherChannel, full duplex) or 16 Gbps (Gigabit EtherChannel) between two Cisco Catalyst switches. All interfaces in each EtherChannel must be the same speed and duplex, and both ends of the channel must be configured as either a Layer 2 or Layer 3 interface.

    If a link within the EtherChannel bundle fails, traffic previously carried over the failed link is carried over the remaining links within the EtherChannel.

    There are two protocols used for the link aggregation:

    Cisco’s proprietary Port Aggregation Protocol (PAgP).
    IEEE standard Link Aggregation Protocol (LACP)

    Info on http://www.ciscozine.com/2008/11/04/configuring-link-aggregation-with-etherchannel/

Comment RSS · TrackBack URI

Leave a comment

Name: (Required)

eMail: (Required)

Website:

Comment: