Table Of Contents
Extended VLAN ID
Contents
Prerequisites for Extended VLAN ID
Restrictions for Extended VLAN ID
Information About Extended VLAN ID
VLAN Number Space Management
Default Ethernet VLAN Configuration
VLAN Trunking Protocol Guidelines
Other Extended VLAN ID Guidelines
How to Configure an Extended VLAN ID
Configuring an Extended VLAN
Prerequisites
Restrictions
Troubleshooting Tips
Configuring an Extended-Range VLAN Using an Internal VLAN ID
Deleting an Extended VLAN
Prerequisites
Configuration Examples for Extended VLAN ID
Configuring an Extended VLAN ID: Example
Deleting an Extended VLAN ID: Example
Additional References
Related Documents
Standards
MIBs
RFCs
Technical Assistance
Command Reference
monitor session
show mac-address-table
show spanning-tree
spanning-tree vlan
switchport trunk
vlan (global configuration mode)
Feature Information for Extended VLAN ID
Extended VLAN ID
First Published: June 28, 2007
Last Updated: June 28, 2007
The IEEE 802.1Q standard provides for support of up to 4096 VLANs. Beginning with Cisco IOS Release 12.4(15)T, you can configure VLAN IDs in the range from 1006 to 4094 on specified routers.
Finding Feature Information in This Module
Your Cisco IOS software release may not support all of the features documented in this module. To reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the "Feature Information for Extended VLAN ID" section.
Finding Support Information for Platforms and Cisco IOS and Catalyst OS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•
Prerequisites for Extended VLAN ID
•Restrictions for Extended VLAN ID
•Information About Extended VLAN ID
•How to Configure an Extended VLAN ID
•Configuration Examples for Extended VLAN ID
•Additional References
•Command Reference
•Feature Information for Extended VLAN ID
Prerequisites for Extended VLAN ID
These are the prerequisites for configuring extended VLAN ID:
•You should understand how to configure VLANs. For information on configuring VLANs, see the "Configuring a LAN with DHCP and VLANs" chapter in the Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide.
•The reduced MAC address feature is required to support 4000 VLANs. Cisco IOS Release 12.1(14)E1 and later releases support chassis with 64 or 1024 MAC addresses. For chassis with 64 MAC addresses, Spanning Tree Protocol (STP) uses the extended system ID (which is the VLAN ID) plus a MAC address to make the bridge ID unique for each VLAN. (Without the reduced MAC address support, 4096 VLANs would require 4096 MAC addresses on the switch.)
•The spanning-tree extended system-ID feature must be enabled. For information on enabling the extended system ID, see the "Enabling the Extended System ID" section in the "Configuring Spanning Tree and IEEE 802.1s MST" chapter in the Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.1E.
Note The spanning-tree extended system ID is enabled permanently on chassis that support 64 MAC addresses.
The following Cisco routers support the Extended VLAN ID feature:
•Cisco 800 series routers, including models 851, 857, 871, 876, 877, 878
•Cisco 1700 series routers, including models 1711, 1712, 1751, 1751V, 1760
•Cisco 1800 series routers, including models 1801, 1802, 1803, 1811, 1812, 1841
•Cisco 2600 series routers, including models 2610XM, 2611XM, 2620XM, 2621XM, 2650XM, 2651XM, 2691
•Cisco 2800 series routers, including models 2801, 2811, 2821, 2851
•Cisco 3600 series routers, including models 3620, 3640, 3640A, 3660
•Cisco 3700 series routers, including models 3725, 3745
•Cisco 3800 series routers, including models 3825, 3845
Restrictions for Extended VLAN ID
These are the restrictions for configuring normal and extended VLANs:
•VLAN 1 and VLANs 1002-1005 are default VLANs. Default VLANs are created automatically and cannot be configured or deleted by users.
•VLANs 0 and 4095 are reserved by the IEEE 802.1Q standard and you cannot create, delete, or modify them. These VLANs are not displayed.
•You cannot create a VLAN in the extended range when the reduced MAC address feature is disabled.
•You cannot disable the reduced MAC address feature while a user-configured VLAN in the extended range is configured.
•The vlan database mode does not support extended VLAN configuration.
Information About Extended VLAN ID
Before you configure an extended VLAN ID, you should understand the following concepts:
•VLAN Number Space Management
•Default Ethernet VLAN Configuration
•VLAN Trunking Protocol Guidelines
•Other Extended VLAN ID Guidelines
VLAN Number Space Management
Before Cisco IOS Release 12.4(15)T, users were permitted to configure VLANs numbered from 2 to 1001. The remaining VLANs (numbered from 1006 to 4094) were reserved for use as internal VLANs configured by applications. Beginning with Cisco IOS Release 12.4(15)T, all VLAN numbers except those reserved for default and reserved VLANs are available for user configuration. The result is that users and applications share the VLAN number space from 1006 to 4094. To manage this number space effectively, follow these guidelines:
•Internal VLAN numbers begin with 1006 and use the next higher number for each additional VLAN.
•Users should configure extended VLAN ID numbers beginning with 4094 and use the next lower number for each additional VLAN.
•A first-come, first-served policy governs the allocation of numbers to internal VLANs and user-configured VLANs in the extended VLAN number space.
Note During system bootup, internal VLANs required for the features in the startup-configuration file are allocated numbers first, followed by user-configured VLANs in the startup configuration.
•Before configuring extended-range VLANs, enter the show vlan internal usage privileged EXEC command to see which VLANs have been allocated as internal VLANs.
•If you configure a VLAN number that matches the number of an existing internal VLAN, an error message appears and the extended VLAN configuration is denied.
•To configure an extended VLAN with a number that is assigned to an internal VLAN, follow these steps:
–Shut down the port assigned to the internal VLAN, freeing up the assigned VLAN number.
–Create the extended-range VLAN with the desired VLAN number.
–Reenable the port, which then uses a different VLAN number for its internal VLAN. See the "Configuring an Extended-Range VLAN Using an Internal VLAN ID" section for details.
Default Ethernet VLAN Configuration
Table 1 shows the default configuration for Ethernet VLANs.
Note The router supports Ethernet interfaces exclusively. Because Fiber Distributed Data Interface (FDDI) and Token Ring VLANs are not locally supported, you only configure FDDI and Token Ring media-specific characteristics for VTP global advertisements to other devices.
Table 1 Ethernet VLAN Defaults and Ranges
Parameter
|
Default
|
Range
|
IEEE 802.10 SAID
|
100001 (100000 plus the VLAN ID)
|
1 to 4294967294
|
MTU size
|
1500
|
1500 to 18190
|
Private VLANs
|
none configured
|
2 to 1001, 1006 to 4094.
|
Remote SPAN
|
disabled
|
enabled, disabled
|
Translational bridge 1
|
0
|
0 to 1005
|
Translational bridge 2
|
0
|
0 to 1005
|
VLAN ID
|
1
|
1 to 4094.
Note Extended-range VLANs (VLAN IDs 1006 to 4094) are not saved in the VLAN database.
|
VLAN name
|
VLANxxxx, where xxxx represents four numeric digits (including leading zeros) equal to the VLAN ID number
|
No range
|
VLAN state
|
active
|
active, suspend
|
VLAN Trunking Protocol Guidelines
These are the guidelines for using extended VLAN ID with VLAN Trunking Protocol (VTP):
•Extended range VLANs are not controlled by VTP.
•VLANs in the extended range cannot be pruned. The VLAN range for the switchport trunk pruning vlan command remains 1-1005.
•The VTP supported VLAN configuration (VLANs 1-1005) is included in the Cisco IOS configuration file only when the device is in VTP transparent mode.
•VTP learns only normal-range VLANs, with VLAN IDs 1 to 1005; extended-range VLANs are not stored in the VLAN database. The router must be in VTP transparent mode when you create extended-range VLANs.
Other Extended VLAN ID Guidelines
Follow these guidelines when configuring extended VLAN IDs:
•ISL-1Q mapping has been modified to accept extended range VLANs and normal range VLANs when specifying the ISL VLAN.
•During system bootup, internal VLANs from the extended VLAN space are allocated after the VLAN and mapping commands from the startup configuration file have been parsed and executed.
Note Mapping a VLAN to a reserved or internal VLAN is not allowed.
•Extended-range VLANs are not saved in the VLAN database; they are saved in the switch that runs the configuration file. You can save the extended-range VLAN configuration in the switch startup configuration file by using the copy running-config startup-config privileged EXEC command.
How to Configure an Extended VLAN ID
Extended VLANs have VLAN IDs in the range from 1006 to 4094. You can create or delete extended VLANs using the command-line interface (CLI) in the config-vlan submode. All extended VLANs are created with the primary type (for example, Ethernet) appropriate for the device. Configurable VLAN parameters include maximum transmission unit (MTU) size, private VLAN, and remote switched port analyzer (RSPAN). All other extended VLAN parameters use the default values.
For detailed information on default values for extended VLAN parameters, see the "VLAN Default Configuration" section in the "Configuring VLANs" chapter in the Catalyst 6500 Series Cisco IOS Software Configuration Guide, 12.2SX.
For detailed information on VLANs and configuring VLAN IDs see the "Configuring VLANs" chapter in the Catalyst 6500 Series Cisco IOS Software Configuration Guide, 12.2SX.
This section contains instructions for the following tasks:
•Configuring an Extended VLAN
•Configuring an Extended-Range VLAN Using an Internal VLAN ID
•Deleting an Extended VLAN
Configuring an Extended VLAN
When the switch is in VTP transparent mode (VTP disabled), you can create extended-range VLANs (in the range 1006 to 4094). The extended-range VLAN IDs are allowed for any commands that allow VLAN IDs. You always use config-vlan mode (accessed by entering the vlan vlan-id global configuration command) to configure extended-range VLANs. The extended range is not supported in VLAN database configuration mode (accessed by entering the vlan database privileged EXEC command).
Extended-range VLAN configurations are not stored in the VLAN database, but because VTP mode is transparent, they are stored in the switch running configuration file, and you can save the configuration in the startup configuration file by using the copy running-config startup-config privileged EXEC command.
To configure a new extended VLAN, follow the steps below.
Prerequisites
•Extended VLANs can be configured only in the global configuration mode.
•The router must be in VTP transparent mode to configure an extended VLAN.
Restrictions
These are the restrictions for configuring extended VLANs:
•You cannot create a VLAN in the extended range when the reduced MAC address feature is disabled.
•You cannot disable the reduced MAC address feature while a user-configured VLAN in the extended range is configured.
•The vlan database mode does not support extended VLAN configuration.
•The extended-range VLAN has the default Ethernet VLAN characteristics (see Table 1), and the MTU size, private VLAN, and RSPAN configuration are the only parameters you can change.
SUMMARY STEPS
1. enable
2. configure terminal
3. vtp mode transparent
4. vlan {vlan-id | vlan-range}
5. mtu mtu-size
6. remote-span
7. end
8. copy running-config startup config
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
vtp mode transparent
Example:
Router(config)# vtp mode transparent
|
Disables VTP.
|
Step 4
|
vlan {vlan-id | vlan-range)
Example:
Router(config)# vlan 4025
|
Creates or modifies an Ethernet VLAN, a range of Ethernet VLANs, or several Ethernet VLANs specified in a comma-separated list. The range for the extended VLAN_ID argument is from 1006 to 4094.
Note Do not enter space characters.
|
Step 5
|
mtu mtu-size
Example:
Router(config)# mtu 1600
|
(Optional) Modifies the VLAN by changing the MTU size.
Note Although all VLAN commands appear in the CLI help in config-vlan mode, only the mtu mtu-size, private-vlan, and remote-span commands are supported for extended-range VLANs.
|
Step 6
|
remote-span
Example:
Router(config)# remote-span
|
(Optional) Configures the VLAN as the RSPAN VLAN.
Note Although all VLAN commands appear in the CLI help in config-vlan mode, only the mtu mtu-size, private-vlan, and remote-span commands are supported for extended-range VLANs.
See the "Configuring a VLAN as an RSPAN VLAN" section of the "Configuring SPAN and RSPAN" chapter in the Catalyst 3750 Switch Software Configuration Guide, Release 12.2(35)SE.
|
Step 7
|
Router(config-vlan)# end
Example:
Router(config-vlan)# end
|
Returns to privileged EXEC mode.
|
Step 8
|
copy running-config startup config
Example:
Router# copy running-config startup config
|
Saves your entries in the startup configuration file.
To save extended-range VLAN configurations, you need to save the VTP transparent mode configuration and the extended-range VLAN configuration in the startup configuration file. Otherwise, if the router resets, it will default to VTP server mode, and the extended-range VLAN IDs will not be saved.
|
Troubleshooting Tips
To verify your VLAN configuration, use the show vlan command in privileged EXEC mode to display summary configuration information for all configured VLANs.
Configuring an Extended-Range VLAN Using an Internal VLAN ID
If you enter an extended-range VLAN ID that is already assigned to an internal VLAN, an error message appears, and the extended-range VLAN is rejected. To manually free an internal VLAN ID, you must temporarily shut down the router port that is using the internal VLAN ID. Shutting down the port releases the VLAN ID for use with another VLAN.
After you shut down the port, you can configure the VLAN with the released VLAN ID and then reenable the port.
SUMMARY STEPS
1. enable
2. show vlan internal usage
3. configure terminal
4. interface interface-id
5. shutdown
6. exit
7. vtp mode transparent
8. vlan {vlan-id}
9. exit
10. interface interface-id
11. no shutdown
12. end
13. copy running-config startup config
| |
Command
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
show vlan internal usage
Example:
Router# show vlan internal usage
|
Displays the VLAN IDs being used internally by the switch.
If the VLAN ID that you want to use is an internal VLAN, the display shows the router port that is using the VLAN ID. Enter that port number in Step 4.
|
Step 3
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 4
|
interface interface-id
Example:
Router(config)# interface ethernet
0/1
|
Specifies the interface ID for the routed port that is using the VLAN ID and enters interface configuration mode.
|
Step 5
|
shutdown
Example:
Router(config-interface)# shutdown
|
Shuts down the port to free the internal VLAN ID.
|
Step 6
|
exit
Example:
Router(config-interface) exit
|
Returns to global configuration mode.
|
Step 7
|
vtp mode transparent
Example:
Router(config)# vtp mode
transparent
|
Sets the VTP mode to transparent for creating extended-range VLANs.
|
Step 8
|
vlan vlan-id
Example:
Router(config)# vlan 2520
|
Enters the new extended-range VLAN ID and enters config-vlan mode.
|
Step 9
|
exit
Example:
Router(config-vlan)# exit
|
Exits from config-vlan mode, and returns to global configuration mode.
|
Step 10
|
interface interface-id
Example:
Router(config)# interface ethernet
0/1
|
Specifies the interface ID for the router port that you shut down in Step 5, and enters interface configuration mode.
|
Step 11
|
no shutdown
Example:
Router(config-interface)# no
shutdown
|
Reenables the router port, which will be assigned a new internal VLAN ID.
|
Step 12
|
end
Example:
Router(config-interface)# end
|
Returns to privileged EXEC mode.
|
Step 13
|
copy running-config startup config
Example:
Router# copy running-config startup
config
|
Saves your entries in the switch startup configuration file.
To save an extended-range VLAN configuration, you need to save the VTP transparent mode configuration and the extended-range VLAN configuration in the router startup configuration file. Otherwise, if the router resets, it will default to VTP server mode, and the extended-range VLAN IDs will not be saved.
|
Deleting an Extended VLAN
To delete an extended VLAN, follow the steps below.
Prerequisites
•Extended VLANs can be deleted only in the global configuration mode.
SUMMARY STEPS
1. enable
2. configure terminal
3. no vlan {vlan-id | vlan-range}
4. end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
no vlan {vlan-id | vlan-range)
Example:
Router(config)# no vlan 4025
|
Deletes an Ethernet VLAN, a range of Ethernet VLANs, or several Ethernet VLANs specified in a comma-separated list.
The range for the extended VLAN_ID argument is from 1006 to 4094.
Note Do not enter space characters.
Note Although all VLAN commands appear in the CLI help in config-vlan mode, only the mtu mtu-size, private-vlan, and remote-span commands are supported for extended-range VLANs.
|
Step 4
|
end
Example:
Router(config-vlan)# end
|
Updates the VLAN database and returns to privileged EXEC mode.
|
Configuration Examples for Extended VLAN ID
The following examples show how to configure and delete a VLAN with an extended VLAN ID:
•Configuring an Extended VLAN ID: Example
•Deleting an Extended VLAN ID: Example
Configuring an Extended VLAN ID: Example
The following example shows how to configure a VLAN with the VLAN ID 4072:
copy running-config startup config
Deleting an Extended VLAN ID: Example
The following example shows how to delete VLAN 4072:
Additional References
The following sections provide references related to the Extended VLAN ID feature.
Related Documents
Related Topic
|
Document Title
|
Configuring VLANs
|
"Configuring a LAN with DHCP and VLANs" chapter in the Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide.
|
Default VLAN configuration
|
"VLAN Default Configuration" section in the "Configuring VLANs" chapter in the Catalyst 6500 Series Cisco IOS Software Configuration Guide, 12.2SX.
|
Enabling the spanning-tree extended system-ID feature
|
"Enabling the Extended System ID" section in the "Configuring Spanning Tree and IEEE 802.1s MST" chapter in the Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.1E
|
Cisco IOS LAN Switching commands
|
Cisco IOS LAN Switching Command Reference, Release 12.2SR
|
Standards
Standard
|
Title
|
IEEE 802.1Q
|
IEEE 802.1Q—Virtual LANs
|
MIBs
MIB
|
MIBs Link
|
No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.
|
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
http://www.cisco.com/go/mibs
|
RFCs
RFC
|
Title
|
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.
|
—
|
Technical Assistance
Description
|
Link
|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.
To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.
|
http://www.cisco.com/techsupport
|
Command Reference
This section documents commands that are new or modified.
•monitor session
•show mac-address-table
•show spanning-tree
•spanning-tree vlan
•switchport trunk
•vlan (global configuration mode)
monitor session
Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers
To start a new Switched Port Analyzer (SPAN) session, add or delete interfaces from an existing SPAN session, or delete a SPAN session, use the monitor session command in global configuration mode. To remove one or more source interfaces or destination interfaces from the SPAN session, use the no form of this command.
Source Interface
monitor session session source interface type/slot/port [, | - | rx | tx | both]
no monitor session session source interface type/slot/port [, | - | rx | tx | both]
Destination Interface
monitor session session destination interface type/slot/port [, | -]
no monitor session session destination interface type/slot/port [, | -]
Session
monitor session session
no monitor session session
Cisco 6500/6000 Catalyst Switches and Cisco 7600 Series Routers
To start a new ERSPAN, SPAN, or RSPAN session, add or delete interfaces or VLANs to or from an existing session, filter ERSPAN, SPAN, or RSPAN traffic to specific VLANs, or delete a session, use the monitor session command in global configuration mode. To remove one or more source or destination interfaces from the session, remove a source VLAN from the session, or delete a session, use the no form of this command.
Setting the Source Interface or VLAN
monitor session session source {interface type | vlan vlan-id [rx | tx | both] |
remote vlan rspan-vlan-id}
no monitor session session source {interface type | vlan vlan-id [rx | tx | both] | remote vlan
rspan-vlan-id}
Setting the Destination Interface or VLAN
monitor session session destination {interface type | vlan vlan-id | remote vlan vlan-id |
analysis-module slot-number | {data-port port-number}
no monitor session session destination {interface type | vlan vlan-id | remote vlan vlan-id |
analysis-module slot-number | data-port port-number}
Setting the Filter VLAN
monitor session session-number filter vlan vlan-range
no monitor session session-number filter vlan vlan-range
Setting the Session Type
monitor session session-number type {erspan-source | erspan-destination}
no monitor session {range session-range | local | remote | all | session}
Enabling a Service Module
monitor session servicemodule mod-list
no monitor session servicemodule mod-list
Syntax Description
session-number
|
Number of the SPAN session. For Cisco 2600, 3600, and 3700 series routers, valid values are 1 and 2. For Cisco 6500/6000 and 7600 series routers, valid values are 1 to 66.
|
source
|
Specifies the SPAN source.
|
destination
|
Specifies the SPAN destination interface.
|
interface type
|
(Optional) Specifies the interface type. For the Cisco 2600, 3600, and 3700 series routers, valid values are fastethernet and gigabitethernet. For the Cisco 6500/6000 and 7600 series routers, valid values are ethernet, fastethernet, gigabitethernet, or tengigabitethernet. See the "Usage Guidelines" for formatting information.
|
slot
|
(Optional) Specifies the interface number; valid entries are 1 and 2.
|
port
|
(Optional) Port interface number ranges based on type of Ethernet switch network module used:
0 to 15 for NM-16ESW
0 to 35 for NM-36ESW
0 to 1 for GigabitEthernet
|
interface type/slot/port
|
Specifies the interface type and number; valid values are ethernet (1 to 9), fastethernet (1 to 9), gigabitethernet (1 to 9), and port-channel (see the "Usage Guidelines" section).
|
,
|
(Optional) Specifies a series of SPAN VLANs.
|
-
|
(Optional) Specifies a range of SPAN VLANs.
|
rx
|
(Optional) Specifies monitor received traffic only.
|
tx
|
(Optional) Specifies monitor transmitted traffic only.
|
both
|
(Optional) Specifies monitor received and transmitted traffic.
|
vlan vlan-id
|
Specifies the VLAN identification. For the Cisco 2600, 3600, and 3700 series routers, the valid values are from 1 to 1005. Beginning with Cisco IOS Release 12.4(15)T, the valid VLAN ID range is from 1 to 4094.
For the Cisco 6500/6000 and 7600 series routers, valid values are 1 to 4094.
|
remote vlan rspan-vlan-id
|
Specifies the RSPAN VLAN as a destination VLAN.
|
destination
|
Specifies the SPAN-destination interface.
|
analysis-module slot-number
|
Specifies the network analysis module number; see the "Usage Guidelines" section for additional information.
|
data-port port-number
|
Specifies the data port number; see the "Usage Guidelines" section for additional information.
|
filter vlan vlan-range
|
Limits SPAN-source traffic to specific VLANs.
Note The filter keyword is not supported on the Cisco 2600 series or the Cisco 3600 series routers.
|
servicemodule
|
Specifies service modules. See the "Usage Guidelines" for a list of the valid values.
|
mod-list
|
List of service module numbers.
|
type erspan-destination
|
Enters the ERSPAN destination-session configuration mode. See the monitor session type command for additional information.
|
type erspan-source
|
Enters the ERSPAN source-session configuration mode. See the monitor session type command for additional information.
|
range session-range
|
Specifies the range of sessions.
|
local
|
Specifies the local session.
|
remote
|
Specifies the remote session.
|
all
|
Specifies all sessions.
|
Command Default
Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers
A trunking interface monitors all VLANs and all received and transmitted traffic.
Cisco 6500/6000 Catalyst Switches and 7600 Series Routers
The defaults are as follows:
•both—Received and transmitted traffic are monitored.
•servicemodule—All service modules are allowed to use the SPAN service module session.
Command Modes
Global configuration (config)
Command History
Release
|
Modification
|
12.0(7)XE
|
This command was introduced on the Catalyst 6000 family switches.
|
12.1(1)E
|
Support for this command on the Catalyst 6000 family switches was extended to Cisco IOS Release 12.1(1)E.
|
12.1(3a)E3
|
The number of valid values for the port-channel number was changed; see the "Usage Guidelines" section for valid values.
|
12.1(5c)EX
|
These SPAN support restrictions were added:
•If your switch has a Switch Fabric Module installed, SPAN is supported among supervisor engines and nonfabric-enabled modules.
•If your switch does not have a Switch Fabric Module installed, SPAN is supported on all modules, including fabric-enabled modules.
•SPAN on DFC-equipped modules is not supported.
|
12.2(2)XT
|
This command was implemented on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
|
12.2(8)T
|
This command was integrated into Cisco IOS Release 12.2(8)T on the Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
|
12.2(17a)SX
|
Support for this command was introduced on the Supervisor Engine 720.
|
12.2(17b)SXA
|
This command was changed to support the SSO mode and change the default mode.
|
12.2(17d)SXB
|
Support for this command was introduced on the Supervisor Engine 2.
|
12.2(18)SXE
|
This command was changed as follows on the Supervisor Engine 720 only:
•Added the type erspan-source and the type erspan-source keywords to support ERSPAN; see the monitor session type command for additional information.
•Added the mod-list argument to the monitor session servicemodule command to allow you to enable or disable the SPAN service module session for a list of modules.
•In the transmit or transmit and receive directions, you can specify up to 128 physical interfaces as the source.
|
12.4(15)T
|
This command was modified to extend the range of valid VLAN IDs to 1-4094 for specified platforms.
|
Usage Guidelines
Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers
The port-channel number supports six EtherChannels and eight ports in each channel.
Only one SPAN destination for a SPAN session is supported. If you attempt to add another destination interface to a session that already has a destination interface configured, you will get an error. You must first remove a SPAN destination interface before changing the SPAN destination to a different interface.
Ciso 6500/6000 Catalyst Switches
The number of valid values for port-channel number depends on the software release. For Cisco IOS releases prior to software Release 12.1(3a)E3, valid values are from 1 to 256; for Cisco IOS Release 12.1(3a)E3, 12.1(3a)E4, and 12.1(4)E1, valid values are from 1 to 64. Cisco IOS Release 12.1(5c)EX and later support a maximum of 64 values ranging from 1 to 256.
Only one destination per SPAN session is supported. If you attempt to add another destination interface to a session that already has a destination interface configured, you get an error. You must first remove a SPAN destination interface before changing the SPAN destination to a different interface.
You can configure up to 64 SPAN destination interfaces, but you can have one egress SPAN source interface and up to 64 ingress source interfaces only.
A SPAN session can either monitor VLANs or monitor individual interfaces, but it cannot monitor both specific interfaces and specific VLANs. Configuring a SPAN session with a source interface and then trying to add a source VLAN to the same SPAN session causes an error. Configuring a SPAN session with a source VLAN and then trying to add a source interface to that session also causes an error. You must first clear any sources for a SPAN session before switching to another type of source.
If you enter the filter keyword on a monitored trunk interface, only traffic on the set of specified VLANs is monitored.
Port channel interfaces display in the list of interface options if you have them configured. VLAN interfaces are not supported. However, you can span a particular VLAN by entering the monitor session session source vlan vlan-id command.
The following servicemodule mod-list values are valid for the Cisco 6500/6000 Catalyst switches:
•bpdu—Enables Bridge Protocol Data Units (BPDUs) of service modules.
•module—Specifies a list of service modules.
•network-analysis-module—Enables Network Analysis Module (NAM) service module.
Cisco 7600 Series Routers
Use these formatting guidelines when configuring monitor sessions:
•interface and single-interface formats are type slot/port; valid values for type are ethernet, fastethernet, gigabitethernet, or tengigabitethernet.
•An interface-list is a list of interfaces that are separated by commas. Insert a space before and after each comma as shown in this example:
single-interface , single-interface , single-interface
•An interface-range is a range of interfaces that are separated by dashes. Insert a space before and after each dash. To enter multiple ranges, separate each range with a comma as shown in this example:
type slot/first-port , last-port
•A mixed-interface-list is a mixed list of interfaces. Insert a space before and after each dash and comma as shown in this example:
single-interface, - interface-range , ... in any order.
•A single-vlan is an ID number of a single VLAN; valid values are from 1 to 4094.
•A vlan-list is a list of VLAN IDs that are separated by commas. An example is shown as follows:
single-vlan , single-vlan , single-vlan ...
•A vlan-range is a range of VLAN IDs that are separated by dashes. An example is shown as follows:
first-vlan-ID - last-vlan-ID
•A mixed-vlan-list is a mixed list of VLAN IDs. Insert a space before and after each dash. To enter multiple ranges, separate each VLAN ID with a comma as shown in this example:
single-vlan , vlan-range , ... in any order
•The servicemodule keyword has only one valid value:
–module—Specifies a list of service modules.
The analysis-module slot-number and the data-port port-number keywords and arguments are supported only on NAM.
The number of valid values for port-channel number are a maximum of 64 values ranging from 1 to 256.
You cannot share the destination interfaces among SPAN sessions. For example, a single destination interface can belong to one SPAN session only and cannot be configured as a destination interface in another SPAN session.
Note Be careful when configuring SPAN-type source ports that are associated to SPAN-type destination ports because you do not configure SPAN on high-traffic interfaces. If you configure SPAN on high-traffic interfaces, you may saturate fabric channels, replication engines, and interfaces. To configure SPAN-type source ports that are associated to SPAN-type destination ports, enter the monitor session session source {interface type | vlan vlan-id [rx | tx | both] | remote vlan rspan-vlan-id} command.
The Supervisor Engine 720 local SPAN, RSPAN, and ERSPAN session limits are as follows:
Total Sessions
|
Local SPAN, RSPAN Source, or ERSPAN Source Sessions
|
RSPAN Destination Sessions
|
ERSPAN Destination Sessions
|
66
|
2 (ingress or egress or both)
|
64
|
23
|
The Supervisor Engine 720 local SPAN, RSPAN, and ERSPAN source and destination limits are as follows:
| |
In Each Local SPAN Session
|
In Each RSPAN Source Session
|
In Each ERSPAN Source Session
|
In Each RSPAN Destination Session
|
In Each ERSPAN Destination Session
|
Egress or ingress and egress sources
|
—
|
—
|
With releases earlier than Release 12.2(18)SXE
|
1
|
1
|
1
|
Release 12.2(18)SXE and later releases
|
128
|
128
|
128
|
Ingress sources
|
—
|
—
|
With releases earlier than Release 12.2(18)SXD
|
64
|
64
|
64
|
Release 12.2(18)SXD and later releases
|
128
|
128
|
128
|
RSPAN and ERSPAN destination session sources
|
—
|
—
|
—
|
1 RSPAN VLAN
|
1 IP address
|
Destinations per session
|
64
|
1 RSPAN VLAN
|
1 IP address
|
64
|
64
|
Note•Supervisor Engine 2 does not support RSPAN if you configure an egress SPAN source for a local SPAN session.
•Supervisor Engine 2 does not support egress SPAN sources for local SPAN if you configure RSPAN.
The Supervisor Engine 2 local SPAN and RSPAN session limits are as follows:
Total Sessions
|
Local SPAN Sessions
|
RSPAN Source Sessions
|
RSPAN Destination Sessions
|
66
|
2 (ingress or egress or both)
|
0
|
64
|
1 ingress
|
1 (ingress or egress or both)
|
64
|
1 or 2 egress
|
0
|
64
|
The Supervisor Engine 2 local SPAN and RSPAN source and destination limits are as follows:
| |
In Each Local SPAN Session
|
In Each RSPAN Source Session
|
In Each RSPAN Destination Session
|
Egress or egress and ingress sources
|
1 (0 with a remote SPAN source session configured)
|
1 (0 with a local SPAN egress source session configured)
|
—
|
Ingress sources
|
—
|
With releases earlier than Release 12.2(18)SXD
|
64
|
64
|
Release 12.2(18)SXD and later releases
|
128
|
128
|
RSPAN destination session source
|
—
|
—
|
1 RSPAN VLAN
|
Destinations per session
|
64
|
1 RSPAN VLAN
|
64
|
Note Supervisor Engine 2 does not support RSPAN if you configure an egress SPAN source for a local SPAN session.
Note Supervisor Engine 2 does not support egress SPAN sources for local SPAN if you configure RSPAN.
A particular SPAN session can either monitor the VLANs or monitor individual interfaces—you cannot have a SPAN session that monitors both specific interfaces and specific VLANs. If you first configure a SPAN session with a source interface, and then try to add a source VLAN to the same SPAN session, you get an error. You also get an error if you configure a SPAN session with a source VLAN and then try to add a source interface to that session. You must first clear any sources for a SPAN session before switching to another type of source.
If you enter the filter keyword on a monitored trunk interface, only traffic on the set of specified VLANs is monitored.
The port-channel interfaces display in the list of interface options if you have them configured. The VLAN interfaces are not supported. However, you can span a particular VLAN by entering the monitor session session source vlan vlan-id command.
The show monitor command displays the SPAN service module session only if it is allocated in the system. It also displays a list of allowed modules and a list of active modules that can use the service module session.
Only the no form of the monitor session servicemodule command is displayed when you enter the show running-config command.
If no module is allowed to use the service module session, the service module session is automatically deallocated. If at least one module is allowed to use the service module session and at least one module is online, the service module session is automatically allocated.
If you allow or disallow a list of modules that are not service modules from using the service module session, there will be no effect on the allocation or deallocation of the service module session. Only the list of modules is saved in the configuration.
