Catalyst 4000 Family Software Configuration Guide, 6.2
Configuring SPAN
Download this chapter
Configuring SPANConfiguring SPAN
Download the complete book
Book-length PDF: Catalyst 4000 Family Software Configuration Guide, Release 6.2Book-length PDF: Catalyst 4000 Family Software Configuration Guide, Release 6.2 (PDF - 5 MB)
give_us_feedback

Table Of Contents

Configuring SPAN

Understanding How SPAN Works

SPAN Configuration Guidelines

Configuring SPAN


Configuring SPAN

This chapter describes how to configure the Switched Port Analyzer (SPAN) on the Catalyst enterprise LAN switches.

Note For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.

This chapter consists of these sections:

Understanding How SPAN Works

SPAN Configuration Guidelines

Configuring SPAN

Understanding How SPAN Works

SPAN selects network traffic for analysis by a SwitchProbe device or other RMON probe. SPAN mirrors traffic from one or more source ports (Ethernet, Fast Ethernet, or Gigabit Ethernet) on any VLAN to a destination port for analysis (see Figure 25-1).

Figure 25-1 Example SPAN Configuration

In Figure 25-1, all traffic on Ethernet port 5 (the source port) is mirrored to Ethernet port 10. A switch probe on Ethernet port 10 receives all network traffic from Ethernet port 5 without being physically attached to it.

SPAN Configuration Guidelines

Follow these guidelines when configuring SPAN:

Incoming traffic on the SPAN destination port is disabled by default. You can enable it using the inpkts enable keywords. However, while the port receives traffic for its assigned VLAN, it does not participate in spanning tree for that VLAN. To avoid creating spanning tree loops with incoming traffic enabled, assign the SPAN destination port to an unused VLAN.

In software release 5.2 and later, with the inpkts option enabled, you can prevent the switch from learning source MAC addresses from traffic received on the SPAN destination port using the learning disable keywords. If you want the switch to learn source MAC addresses from traffic received on the SPAN destination port, use the learning enable keywords. By default, the switch learns source MAC addresses from incoming traffic (learning enable) if the inpkts option is enabled. The source MAC address learning options only affect traffic received from a device attached to the SPAN destination port itself, not from traffic mirrored from the SPAN source.

When monitoring a VLAN on a switch, you must monitor both transmit and receive traffic (both). You cannot monitor only transmit (tx) or only receive (rx) traffic.

Any traffic between two network nodes on the same network segment attached to a switch port configured as a SPAN source port is not mirrored to the SPAN destination port. You can SPAN local traffic

You can have up to five SPAN sessions running at the same time with any combination of ingress and egress sessions.

You cannot configure SPAN on sc0.

Configuring SPAN

To configure SPAN, perform this task in privileged mode:

 
Task
Command

Step 1 

Configure a SPAN source and a SPAN destination port.

set span {src_mod/src_ports | src_vlan | sc0} dest_mod/dest_port [rx | tx | both] [inpkts {enable | disable}] [learning {enable | disable}] [multicast {enable | disable}] [create]

Step 2 

Verify the SPAN configuration.

show span

Caution If the SPAN destination port is connected to another device and reception of incoming packets is enabled (using the inpkts enable keywords), the SPAN destination port receives traffic for the VLAN that the SPAN destination port belongs to. However, the SPAN destination port does not participate in spanning tree for that VLAN, so avoid creating network loops with the SPAN destination port.

This example shows how to configure SPAN so that both transmit and receive traffic from port 2/4 (the SPAN source) is mirrored on port 3/6 (the SPAN destination): 

Console> (enable) set span 2/4 3/6

Overwrote Port 3/6 to monitor transmit/receive traffic of Port 2/4

Incoming Packets disabled. Learning enabled.

Console> (enable) show span


Destination     : Port 3/6

Admin Source    : Port 2/4

Oper Source     : Port 2/4

Direction       : transmit/receive

Incoming Packets: disabled

Learning        : enabled


-------------------------------------------- 

Console> (enable)

This example shows how to set VLAN 522 as the SPAN source and port 2/1 as the SPAN destination: 

Console> (enable) set span 522 2/1

Enabled monitoring of VLAN 522 transmit/receive traffic by Port 2/1

Console> (enable) show span

Destination     : Port 2/1

Admin Source    : VLAN 522

Oper Source     : Port 3/1-2

Direction       : transmit/receive

Incoming Packets: disabled

Learning        : enabled


-------------------------------------------- 

Console> (enable)

This example shows how to set VLAN 522 as the SPAN source and port 2/12 as the SPAN destination. Only transmit traffic is monitored. Normal incoming packets on the SPAN destination port are allowed. 

Console> (enable) set span 522 2/12 tx inpkts enable

SPAN destination port incoming packets enabled.

Enabled monitoring of VLAN 522 transmit traffic by Port 2/12

Console> (enable) show span

Destination     : Port 2/12

Admin Source    : VLAN 522

Oper Source     : Port 2/1-2

Direction       : transmit

Incoming Packets: enabled

Console> (enable)

This example shows how to set multiple SPAN sessions using the following configurations:

Port 3/1 as the SPAN source and port 2/3 as the SPAN destination

Port 3/2 as the SPAN source and port 2/5 as the SPAN destination 

Console> (enable) set span 3/1 2/3

Overwrote Port 2/3 to monitor transmit/receive traffic of Port 3/1

Incoming Packets disabled. Learning enabled.

Console> (enable) set span 3/2 2/5 tx create

Created Port 2/5 to monitor transmit traffic of Port 3/2

Incoming Packets disabled. Learning enabled.

Console> (enable) show span


Destination     : Port 2/3

Admin Source    : Port 3/1

Oper Source     : Port 3/1

Direction       : transmit/receive

Incoming Packets: disabled

Learning        : enabled


--------------------------------------------


Destination     : Port 2/5

Admin Source    : Port 3/2

Oper Source     : Port 3/2

Direction       : transmit

Incoming Packets: disabled

Learning        : enabled


--------------------------------------------

Console> (enable)

To disable SPAN, perform this task in privileged mode:

Task
Command

Disable SPAN on the switch.

set span disable [dest_mod/dest_port | all]


This example shows how to disable SPAN on the switch: 

Console> (enable) set span disable 2/3

This command may disable your span session(s).

Do you want to continue (y/n) [n]? y

Disabled Port 2/3 to monitor transmit/receive traffic of Port

Incoming Packets disabled. Learning enabled. 

Console> (enable)