The
Switched Port Analyzer (SPAN) feature of Cisco Catalyst switches allows copying
the traffic from one or more switch interfaces or VLANs to another interface on
the same switch. You connect the system with the protocol analyzer capability
to an interface on the switch; this will be the destination interface of SPAN.
Next, you configure the switch to send a copy of the traffic from one or more
interfaces or VLANs to the SPAN destination interface, where the protocol
analyzer can capture and analyze the traffic. The traffic that is copied and
sent to the SPAN destination interface can be the incoming traffic, outgoing
traffic, or both, from the source interfaces. The source and destination
interfaces (or VLANs) all reside on the same switch.
Using the Remote Switched Port Analyzer (RSPAN) feature, however, you can copy traffic from ports or VLANs on one switch (let’s call it the source switch) to a port on a different switch (destination switch). A VLAN must be designated as the RSPAN VLAN and not be used for any other purposes. The RSPAN VLAN receives traffic from the ports or VLANs on the source switch. The RSPAN VLAN then transports the traffic through one or more switches all the way to the destination switch. On the destination switch, the traffic is then copied from the RSPAN VLAN to the destination port. Be aware that each switching platform has certain capabilities and imposes certain restrictions on the usage of RSPAN/SPAN. You can discover these limitations and capabilities of such in the corresponding device documentation
SPAN
Commands
to remember:
monitor
session session# source
monitor
session session# destination
RSPAN
monitor
session session# source remote vlan vlan#
monitor
session session# destination
E.g.
monitor
session 2 source inerface fa0/7
monitor
session 2 destination remote vlan 100
monitor
session 2 source remote vlan 100
monitor
session 2 destination inerface fa0/7
No comments:
Post a Comment