You are on page 1of 2

Switched Port ANalyzer (SPAN)

- Monitors all traffic, including multicast and BPDUs.


- 2 local SPAN source sessions.
- 128 sources per session.
- 64 destinations per session.
Switch(config)# monitor session 1 type local
Switch(config-mon-local)# description SPAN session
Switch(config-mon-local)# source interface gi1/1-4 both
Switch(config-mon-local)# destination interface gi2/1
Switch(config-mon-local)# no shut
Switch(config)# monitor session 1 source interface gi1/1-4 both
Switch(config)# monitor session 1 destination interface gi2/1
Remote SPAN (RSPAN)
- Uses a Layer 2 VLAN to carry SPAN traffic between switches.
- Does not monitor BPDUs.
- 2 RSPAN source sessions.
- 64 RSPAN destination sessions.
- 128 sources per session and 1 RSPAN VLAN.
- 64 destinations per session.
- Any network device that supports RSPAN VLANs can be an RSPAN intermediate devi
ce.
- MAC address learning is disabled in the RSPAN VLAN.
Switch1(config)# monitor session 1 type rspan-source
Switch1(config-mon-rspan-src)# description RSPAN session - source
Switch1(config-mon-rspan-src)# source interface gi1/1-4 both
Switch1(config-mon-rspan-src)# destination remote vlan 666
Switch1(config-mon-rspan-src)# no shut
Switch2(config)# monitor session 1 type rspan-destination
Switch2(config-mon-rspan-dst)# description RSPAN session - destination
Switch2(config-mon-rspan-dst)# source remote vlan 666
Switch2(config-mon-rspan-dst)# destination interface gi2/1
Switch2(config-mon-rspan-dst)# no shut
Switch1(config)# monitor session 1 source interface gi1/1-4 both
Switch1(config)# monitor session 1 destination remote vlan 666
Switch2(config)# monitor session 1 source remote vlan 666
Switch2(config)# monitor session 1 destination interface gi2/1
Encapsulated RSPAN (ERSPAN)
- Uses a GRE tunnel to carry traffic between switches.
- Adds 50 byte header.
- DF bit is set to prevent fragmentation.
- ERSPAN ID differentiates from various different ERSPAN source sessions.
- Monitors all traffic, including multicast and BPDUs.
- 2 ERSPAN source sessions.
- 24 ERSPAN destination sessions.
- 128 sources per session and 1 IP address.
- 64 destinations per session.
Switch1(config)# monitor session 1 type erspan-source
Switch1(config-mon-erspan-src)# description ERSPAN session - source
Switch1(config-mon-erspan-src)# source interface gi1/1-4 both
Switch1(config-mon-erspan-src)# destination
Switch1(config-mon-erspan-src-dst)# ip address 10.2.2.2
Switch1(config-mon-erspan-src-dst)# erspan-id 111
Switch1(config-mon-erspan-src-dst)# origin ip address 10.1.1.1

Switch1(config-mon-erspan-src-dst)# ip ttl 5
Switch1(config-mon-erspan-src)# no shut
Switch2(config)# monitor session 1 type erspan-destination
Switch2(config-mon-erspan-dst)# description ERSPAN session - destination
Switch2(config-mon-erspan-dst)# source
Switch2(config-mon-erspan-dst-src)# ip address 10.2.2.2
Switch2(config-mon-erspan-dst-src)# erspan-id 111
Switch2(config-mon-erspan-dst)# destination interface gi2/1
Switch2(config-mon-erspan-dst)# no shut
Source trunk VLAN filtering
Switch(config)# monitor session 1 filter vlan 1-5,10
Destination trunk VLAN filtering
Switch(config)# interface gi2/1
Switch(config-if)# switchport
Switch(config-if)# switchport encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan 10
Destination port permit lists
Switch(config)# monitor permit-list
Switch(config)# monitor permit-list destination interface gi2/2-4
Switch# show monitor permit-list