Chapter 26
Configuring SPAN and RSPAN
Creating a Local SPAN Session and Configuring Incoming Traffic
Beginning in privileged EXEC mode, follow these steps to create a SPAN session, to specify the source
ports or VLANs and the destination ports, and to enable incoming traffic on the destination port for a
network security device (such as a Cisco IDS Sensor Appliance).
For details about the keywords not related to incoming traffic, see the
section on page
Command
Step 1
configure terminal
Step 2
no monitor session {session_number | all |
local | remote}
Step 3
monitor session session_number source
{interface interface-id | vlan vlan-id} [, | -]
[both | rx | tx]
Step 4
monitor session session_number
destination {interface interface-id [, | -]
[encapsulation {dot1q | replicate}] [ingress
{dot1q vlan vlan-id | untagged vlan vlan-id
| vlan vlan-id}]}
Step 5
end
Step 6
show monitor [session session_number]
show running-config
Step 7
copy running-config startup-config
To delete a SPAN session, use the no monitor session session_number global configuration command.
To remove a source or destination port or VLAN from the SPAN session, use the no monitor session
session_number source {interface interface-id | vlan vlan-id} global configuration command or the no
OL-13018-01
26-10.
Purpose
Enter global configuration mode.
Remove any existing SPAN configuration for the session.
Specify the SPAN session and the source port (monitored port).
Specify the SPAN session, the destination port, the packet
encapsulation, and the ingress VLAN and encapsulation.
For session_number, specify the session number entered in Step 3.
For interface-id, specify the destination port. The destination
interface must be a physical port; it cannot be an EtherChannel, and
it cannot be a VLAN.
(Optional) [, | -] Specify a series or range of interfaces. Enter a space
before and after the comma or hyphen.
(Optional) Enter encapsulation dot1q to specify that the destination
interface uses the IEEE 802.1Q encapsulation method.
(Optional) Enter encapsulation replicate to specify that the
destination interface replicates the source interface encapsulation
method. If not selected, the default is to send packets in native form
(untagged).
Enter ingress with keywords to enable forwarding of incoming
traffic on the destination port and to specify the encapsulation type:
•
dot1q vlan vlan-id—Accept incoming packets with IEEE
802.1Q encapsulation with the specified VLAN as the default
VLAN.
untagged vlan vlan-id or vlan vlan-id—Accept incoming
•
packets with untagged encapsulation type with the specified
VLAN as the default VLAN.
Return to privileged EXEC mode.
Verify the configuration.
(Optional) Save the configuration in the configuration file.
Configuring SPAN and RSPAN
"Creating a Local SPAN Session"
Cisco IE 3000 Switch Software Configuration Guide
26-13