The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes how to configure local Switched Port Analyzer (SPAN) and remote SPAN (RSPAN) on the Cisco ASR 903 router.
Feature |
Description |
Changed in Release |
Where Documented |
---|---|---|---|
Remote SPAN |
This feature is used for remote monitoring of multiple devices at source port, source Vlan levels in the Layer2 network. |
Cisco IOS XE Release 3.11 |
|
Local SPAN |
This feature is used for monitoring the traffic on the local port of the router. |
Cisco IOS XE Release 3.6 |
A local Switched Port Analyzer (SPAN) session is an association of a destination interface with a set of source interfaces. You configure local SPAN sessions using parameters that specify the type of network traffic to monitor. Local SPAN sessions allow you to monitor traffic on one or more interfaces and to send either ingress traffic, egress traffic, or both to one destination interface.
Local SPAN sessions do not interfere with the normal operation of the switch. You can enable or disable SPAN sessions with command-line interface (CLI) commands. When enabled, a local SPAN session might become active or inactive based on various events or actions, and this would be indicated by a syslog message. The show monitor session span session number command displays the operational status of a SPAN session.
A local SPAN session remains inactive after system power-up until the destination interface is operational.
The following configuration guidelines apply when configuring local SPAN on the Cisco ASR 903 Router:
Network traffic, including multicast, can be monitored using SPAN. Multicast packet monitoring is enabled by default. In some SPAN configurations, multiple copies of the same source packet are sent to the SPAN destination interface. For example, a bidirectional (both ingress and egress) SPAN session is configured for sources a1 and a2 to a destination interface d1. If a packet enters the switch through a1 and gets switched to a2, both incoming and outgoing packets are sent to destination interface d1; both packets would be the same (unless a Layer-3 rewrite had occurred, in which case the packets would be different).
An RSPAN source session is an association of source ports or Vlans across your network with an RSPAN Vlan. The RSPAN Vlan/BD on the router is the destination RSPAN session.
RSPAN supports source ports and source Vlans in the source switch and destination as RSPAN Vlan/BD.
The figure below shows the original traffic from the Host A to Host B via the source ports or Vlans on Switch A. The source ports or Vlans of Switch A is mirrored to Switch B using RSPAN Vlan 10. The traffic for each RSPAN session is carried over a user-specified RSPAN Vlan that is dedicated for that RSPAN session in all participating devices. The traffic from the source ports or Vlans are mirrored into the RSPAN Vlan and forwarded over Trunk or the EVC bridge domain (BD) ports carrying the RSPAN Vlan to a destination session monitoring the RSPAN Vlan.
Each RSPAN source must have either ports or Vlans as RSPAN sources. On RSPAN destination, the RSPAN Vlan is monitored and mirrored to the destination physical port connected to the sniffer device.
RSPAN allows remote monitoring of traffic where the source and destination switches are connected by L2VPN networks
The RSPAN source is either ports or Vlans as in a traditional RSPAN. However, the SPAN source and destination devices are connected through a L2 pseudowire associated with the RSPAN Vlan over an MPLS/IP network. The L2 pseudowire is dedicated for only RSPAN traffic. The mirrored traffic from the source port or Vlan is carried over the pseudowire associated with the RSPAN Vlan towards the destination side. On the destination side, a port belonging to the RSPAN Vlan or EVC BD is connected to sniffer device.
A destination interface, also called a monitor interface, is a switched interface to which SPAN or RSPAN sends packets for analysis. You can have only one destination interface for SPAN sessions.
An interface configured as a destination interface cannot be configured as a source interface. Specifying a trunk interface as a SPAN or RSPAN destination interface stops trunking on the interface.
A source interface is an interface monitored for network traffic analysis. An interface configured as a destination interface cannot be configured as a source interface.
Ingress SPAN (Rx) copies network traffic received by the source interfaces for analysis at the destination interface. Egress SPAN (Tx) copies network traffic transmitted from the source interfaces to the destination interface. Specifying the configuration option both copies network traffic received and transmitted by the source interfaces to the destination interface.
The following table lists the supported traffic types for RSPAN.
Source |
Ingress Mirror (Rx) |
Egress Mirror (Tx) |
Both |
---|---|---|---|
Layer2 or Layer3 |
Supported |
Supported |
Supported |
VLAN |
Supported |
Not supported |
Not supported |
EFP |
Not supported |
Not supported |
Not supported |
Pseudowire |
Not supported |
Not supported |
Not supported |
The following table lists the supported rewrite traffic for RSPAN on the EFP, Trunk with the associated RSPAN bridge domains.
Rewrite Operations |
Source |
EFP/Trunk associated with RSPAN BD |
---|---|---|
no-rewrite |
Pop1, Pop2, Push1 |
Only Pop1 |
The following tables lists the format of the spanned packets at the destination port for both Ingress and Egress RSPAN. The tables lists the formats of untagged, single, and double tagged source packets for EFPs under source port configured with rewrite operations (no-rewrite, pop1, pop2 and push1).
|
Ingress Traffic |
Egress Traffic |
---|---|---|
(Untagged Traffic) - Source port rewrite |
RSPAN Vlan (BD) rewrite pop1 tag symmetric |
RSPAN Vlan (BD) rewritepop1 tag symmetric |
no-rewrite |
RSPAN BD tag + packet |
RSPAN BD tag + packet |
pop1 tag |
NA |
NA |
pop2 tag |
NA |
NA |
push1 tag |
NA |
NA |
(Single Traffic)-Source port rewrite |
RSPAN Vlan (BD) rewrite pop1 tag symmetric |
RSPAN Vlan (BD) rewrite pop1 tag symmetric |
no-rewrite |
RSPAN BD tag + source-outer-tag + packet |
RSPAN BD tag + source-outer-tag + packet |
pop1 tag |
||
pop2 tag |
NA |
|
push1 tag |
RSPAN BD tag + source-outer-tag + packet |
|
(Double traffic) - Source port rewrite |
RSPAN Vlan (BD) rewrite pop1 tag symmetric |
RSPAN Vlan (BD) rewrite pop1 tag symmetric |
no-rewrite |
RSPAN BD tag + source-outer-tag + source-inner-tag + packet |
RSPAN BD tag + Source-inner-tag + packet |
pop1 tag |
||
pop2 tag |
||
push1 tag |
|
Ingress Traffic |
Egress Traffic |
---|---|---|
(Untagged traffic)- Source port rewrite |
RSPAN Vlan (BD) rewrite pop1 tag symmetric |
RSPAN Vlan (BD) rewrite pop1 tag symmetric |
no-rewrite |
RSPAN BD tag + packet |
RSPAN BD tag + packet |
pop1 tag |
NA |
NA |
pop2 tag |
NA |
NA |
push1 tag |
NA |
NA |
(Single traffic)-Source port rewrite |
RSPAN Vlan (BD) rewrite pop1 tag symmetric |
RSPAN Vlan (BD) rewrite pop1 tag symmetric |
no-rewrite |
RSPAN BD tag + source-outertag + packet |
RSPAN BD tag + source-outertag + packet |
pop1 tag |
||
pop2 tag |
NA |
|
push1 tag |
RSPAN BD tag + source-outertag + packet |
|
(Double traffic) -Source port rewrite |
RSPAN Vlan (BD) rewrite pop1 tag symmetric |
RSPAN Vlan (BD) rewrite pop1 tag symmetric |
no-rewrite |
RSPAN BD tag + source-outertag + source-innertag+ packet
|
RSPAN BD tag + source-outertag + source-innertag + packet |
pop1 tag |
||
pop2 tag |
||
push1 tag |
|
Ingress Traffic |
Egress Traffic |
---|---|---|
(Untagged traffic) - Source port rewrite |
RSPAN Vlan (BD) rewrite pop1 tag symmetric |
RSPAN Vlan (BD) rewrite pop1 tag symmetric |
no-rewrite |
RSPAN BD tag + packet |
RSPAN BD tag + packet |
pop1 tag |
NA |
NA |
pop2 tag |
NA |
NA |
push1 tag |
NA |
NA |
(Single traffic)- Source port rewrite |
RSPAN Vlan (BD) rewrite pop1 tag symmetric |
RSPAN Vlan (BD) rewrite pop1 tag symmetric |
no-rewrite |
RSPAN BD tag + source-outer-tag + packet |
RSPAN BD tag + source-outer-tag + packet
|
pop1 tag |
||
pop2 tag |
NA |
NA |
push1 tag |
RSPAN BD tag + source-outer-tag + packet |
RSPAN BD tag + source-outer-tag + packet |
(Double traffic)-Source port rewrite |
RSPAN Vlan (BD) rewrite pop1 tag symmetric |
RSPAN Vlan (BD) rewrite pop1 tag symmetric |
no-rewrite |
RSPAN BD tag + source-outer-tag + source-inner-tag + packet
|
RSPAN BD tag + source-outer-tag + source-inner-tag + packet |
pop1 tag |
||
pop2 tag |
||
push1 tag |
To configure sources and destinations for a SPAN session:
1. configure terminal
2. monitor session {session_number} type local
3. source interface interface_type slot/subslot/port [, | - | rx | tx | both]
4. destination interface interface_type slot/subslot/port [, | - | rx | tx | both]
5. no shutdown
To remove sources or destinations from a local SPAN session, use the following commands beginning in EXEC mode:
1. enable
2. configure terminal
3. configure terminal
To configure the source for a RSPAN session:
1. enable
2. configure terminal
3. monitor session RSPAN_source_session_number type rspan-source
4. source {single_interface slot/subslot/port| single_vlan [rx | tx | both]
5. destination remote vlan rspan_vlan_ID
6. no shutdown
7. end
To configure the destination for a RSPAN session for remote Vlan:
1. enable
2. configure terminal
3. monitor session RSPAN_destination_session_number type rspan-destination
4. source remote vlan rspan_vlan_ID
5. destination {single_interface slot/subslot/port}
6. no shutdown
7. end
To remove sources or destinations from a RSPAN session:
1. enable
2. configure terminal
3. no monitor session {session_number} {source | destination} {single_interface slot/subslot/port | single_vlan}[, | - | rx | tx | both]
4. end
The following sections contain configuration examples for SPAN and RSPAN on the Cisco ASR 903 Router.
The following example shows how to configure local SPAN session 8 to monitor bidirectional traffic from source interface Gigabit Ethernet interface 0/2/1:
Router(config)# monitor session 8 type local Router(config)# source interface gigabitethernet 0/2/1
This following example shows how to remove a local SPAN session:
Router(config)# no monitor session 8
The following example shows how RSPAN session 2 to monitor bidirectional traffic from source interface Gigabit Ethernet 0/0/1:
Router(config)# monitor session 2 type RSPAN-source Router(config-mon-RSPAN-src)# source interface gigabitEthernet0/0/1 [tx |rx|both] Router(config-mon-RSPAN-src)# destination remote VLAN 100 Router(config-mon-RSPAN-src)# no shutdown Router(config-mon-RSPAN-src)# end
The following example shows how RSPAN session 3 to monitor bidirectional traffic from source Vlan 20:
Router(config)# monitor session 3 type RSPAN-source Router(config-mon-RSPAN-src)# source VLAN 20 rx Router(config-mon-RSPAN-src)# destination remote VLAN 100 Router(config-mon-RSPAN-src)# no shutdown Router(config-mon-RSPAN-src)# end
The following example shows how to configure interface Gigabit Ethernet 0/0/1 as the destination for RSPAN session 2:
Router(config)# monitor session 2 type RSPAN-destination Router(config-mon-RSPAN-dst)# source remote VLAN 100 Router(config-mon-RSPAN-dst)# destination interface gigabitEthernet 0/1/0 Router(config-mon-RSPAN-dst)# end
Use the show monitor session command to view the sessions configured.
Router# show monitor session 2 Session 2 --------- Type : Remote Source Session Status : Admin Enabled Source Ports : Both : Gi0/0/1 MTU : 1464
Router# show monitor session 3 Session 3 --------- Type : Remote Source Session Status : Admin Enabled Source VLANs : RX Only : 20 MTU : 1464
Router# show monitor session 2 Session 2 --------- Type : Remote Destination Session Status : Admin Enabled Destination Ports : Gi0/0/1 MTU : 1464