- Title
- Preface
- Overview
- Using the Command-Line Interface
- Assigning the Switch IP Address and Default Gateway
- Configuring Cisco IOS Configuration Engine
- Administering the Switch
- Configuring Synchronous Ethernet
- Configuring the Switch External Alarms
- Configuring SDM Templates
- Configuring Switch-Based Authentication
- Configuring Interfaces
- Configuring VLANs
- Configuring Ethernet Virtual Connections (EVCs)
- Configuring Command Macros
- Configuring STP
- Configuring MSTP
- Configuring Optional Spanning-Tree Features
- Configuring Resilient Ethernet Protocol
- Configuring DHCP Features
- Configuring Dynamic ARP Inspection
- Configuring IGMP Snooping
- Configuring PIM Snooping
- Configuring IEEE 802.1x Port-Based Authentication
- Configuring IEEE 802.1ad
- Configuring Traffic Control
- Configuring CDP
- Configuring LLDP and LLDP-MED
- Configuring UDLD
- Configuring System Message Logging
- Configuring RMON
- Using the SD Flash Memory Module
- Configuring SNMP
- Configuring Embedded Event Manager
- Configuring Network Security with ACLs
- Configuring IPv6 ACLs
- Configuring Quality of Service (QoS)
- Hierarchical Color-Aware Policing
- Configuring Multi-level Priority Queues
- Configuring Policy-Based Routing (PBR)
- Configuring Control Plane Policing (CoPP)
- Configuring EtherChannels
- Configuring IP Unicast Routing
- Configuring IPv6 Unicast Routing
- Configuring IPv6 VPN over MPLS
- Configuring Virtual Router Redundancy Protocol
- Configuring HSRP
- Configuring Cisco IOS IP SLAs Operations
- Configuring Enhanced Object Tracking
- Configuring Ethernet OAM, CFM, and E-LMI
- Configuring Y.1731 Performance Monitoring
- Configuring Ethernet Data Plane Loopback
- L2VPN Protocol-Based CLIs
- Configuring IP Multicast Routing
- Configuring Multicast VPN
- Configuring MPLS, MPLS VPN, MPLS OAM, and EoMPLS
- Multiprotocol Label Switching Load Balancing
- MPLS Traffic Engineering Bundled Interface Support
- Configuring OSPF TTL Security Check
- Configuring Switched Port Analyzer (SPAN)
- Configuring Ethernet Ring Protection
- Autonomic Networking
- Auto-IP
- Troubleshooting
- Configuring Online Diagnostics
- Supported MIBs
- Working with the Cisco IOS File System, Configuration Files, and Software Images
- Configuring MPLS Transport Profile
- Unsupported Commands
- Index
Cisco ME 3800x and ME 3600x Switches Software Configuration Guide, Cisco IOS Release 15.4(2)S
- Updated:
- February 9, 2018
Chapter: Configuring Switched Port Analyzer (SPAN)
Configuring Switched Port Analyzer (SPAN)
The Switched Port Analyzer (SPAN) feature, which is sometimes called port mirroring or port monitoring, selects network traffic for analysis by a network analyzer. The following sections describe how to configure SPAN on Cisco ASR 903 Series Router:
SPAN Limitations and Configuration Guidelines
The following limitations and configuration guidelines apply when configuring SPAN on Cisco ASR 903 Series Router:
- SPAN is only supported on physical ports; SPAN is not supported on logical interfaces such as VLANs or EFPs.
- SPAN is not supported on port channels.
- Up to 15 active SPAN sessions (ingress and egress) are supported. The switch supports up to 15 ingress sessions and up to 12 egress sessions.
- You can have one SPAN destination interface.
- You cannot configure a SPAN destination interface to receive ingress traffic.
- Use a network analyzer to monitor interfaces.
- Outgoing CDP and BPDU packets are not replicated.
- When enabled, SPAN uses any previously entered configuration.
- When you specify source interfaces and do not specify a traffic type (Tx, Rx, or both), both is used by default.
- Enter the no monitor session session number command with no other parameters to clear the SPAN session number.
- SPAN destinations never participate in any spanning tree instance. SPAN includes BPDUs in the monitored traffic, so any BPDUs seen on the SPAN destination are from the SPAN source.
- SPAN sessions with overlapping sets of SPAN source interfaces are not supported.
Understanding Switched Port Analyzer
The following sections describe SPAN:
- Switched Port Analyzer (SPAN) Session
- Destination Interface
- Source Interface
- Traffic Types
- SPAN Traffic
Switched Port Analyzer (SPAN) Session
A Switched Port Analyzer (SPAN) session is an association of a destination interface with a set of source interfaces. You configure SPAN sessions using parameters that specify the type of network traffic to monitor. SPAN sessions allow you to monitor traffic on one or more interfaces and to send either ingress traffic, egress traffic, or both to one destination interface. You can configure a SPAN session with separate sets of SPAN source interfaces; overlapping sets are not supported.
SPAN sessions do not interfere with the normal operation of the switch. You can enable or disable SPAN sessions with command-line interface (CLI) or SNMP commands. When enabled, a SPAN session might become active or inactive based on various events or actions, which are indicated by syslog messages. The show monitor session command displays the operational status of a SPAN session.
A SPAN session remains inactive after system power-up until the destination interface is operational.
Destination Interface
A destination interface, also called a monitor interface, is a switched interface to which SPAN sends packets for analysis. You can have one SPAN destination interface.
An interface configured as a destination interface cannot be configured as a source interface.
Specifying a trunk interface as a SPAN destination interface stops trunking on the interface.
Source Interface
A source interface is an interface monitored for network traffic analysis. An interface configured as a source interface cannot be configured as a destination interface.
Traffic Types
Ingress SPAN (Rx) copies network traffic received by the source interfaces for analysis at the destination interface. Egress SPAN (Tx) copies network traffic transmitted from the source interfaces. Specifying the configuration option, both, copies network traffic received and transmitted by the source interfaces to the destination interface.
SPAN Traffic
Network traffic, including multicast, can be monitored using SPAN. Multicast packet monitoring is enabled by default. In some SPAN configurations, multiple copies of the same source packet are sent to the SPAN destination interface. For example, a bidirectional (both ingress and egress) SPAN session is configured for sources a1 and a2 to a destination interface d1. If a packet enters the switch through a1 and gets switched to a2, both incoming and outgoing packets are sent to destination interface d1; both packets would be the same (unless a Layer-3 rewrite had occurred, in which case the packets would be different).
Note
For ME3600/ME3800 switches, a maximum of 1 Gbps SPAN traffic is supported.
Configuring Switched Port Analyzer
The following sections describe how to configure SPAN:
Configuring Sources and Destinations for SPAN
To configure sources and destinations for a SPAN session, perform this task in privileged EXEC mode:
SUMMARY STEPS
2. monitor session {session_number} type local
3. source {interface slot/port}} [, | - | rx | tx | both]
4. destination {interface slot/port}} [, | - | rx | tx | both]
DETAILED STEPS
Note You can configure multiple SPAN sessions, but only one SPAN session is supported at a time.
Removing Sources and Destinations from a SPAN Session
To remove sources or destinations from a SPAN session, use the following commands beginning in privileged EXEC mode:
SUMMARY STEPS
DETAILED STEPS
|
|
|
|
|---|---|---|
|
|
||
no monitor session session_number |
Sample Configurations
The following sections contain configuration examples for SPAN on the Cisco ASR 903 Series Router.
Configuring Sources and Destinations Example
The following example shows how to configure SPAN session 1 to monitor bidirectional traffic from source interface Gigabit Ethernet 2/1 and destination interface Gigabit Ethernet 2/4:
Removing Sources and Destinations from a SPAN Session Example
The following example shows how to remove a SPAN session:
Displaying SPAN Session Information
To display information about the SPAN sessions you configured, use the show monitor session command:
show monitor session [ range session-range | local | remote | all | session ]
This example shows how to display information for a specific session:
This example shows how to display the detailed information for a specific session:
Feedback