16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series
Trunk interfaces can be configured as source interfaces and mixed with nontrunk source interfaces;
however, the destination interface never encapsulates.
Traffic Types
Ingress SPAN (Rx) copies network traffic received by the source interfaces for analysis at the destination
interface. Egress SPAN (Tx) copies network traffic transmitted from the source interfaces. Specifying
the configuration option both copies network traffic received and transmitted by the source interfaces to
the destination interface.
SPAN Traffic
Network traffic, including multicast, can be monitored using SPAN. Multicast packet monitoring is
enabled by default. In some SPAN configurations, multiple copies of the same source packet are sent to
the SPAN destination interface. For example, a bidirectional (both ingress and egress) SPAN session is
configured for sources a1 and a2 to a destination interface d1. If a packet enters the switch through a1
and gets switched to a2, both incoming and outgoing packets are sent to destination interface d1; both
packets would be the same (unless a Layer-3 rewrite had occurred, in which case the packets would be
different).
Note
Monitoring of VLANs is not supported.
SPAN Configuration Guidelines and Restrictions
Follow these guidelines and restrictions when configuring SPAN:
•
•
•
•
•
•
•
•
•
•
•
•
•
Network Security with ACLs
Network security on your Ethernet switch network module can be implemented using access control lists
(ACLs), which are also referred to in commands and tables as access lists.
Enter the no monitor session session number command with no other parameters to clear the SPAN
session number.
EtherChannel interfaces can be SPAN source interfaces; they cannot be SPAN destination interfaces.
If you specify multiple SPAN source interfaces, the interfaces can belong to different VLANs.
Monitoring of VLANs is not supported
Only one SPAN session may be run at any given time.
Outgoing CDP and BPDU packets will not be replicated.
SPAN destinations never participate in any spanning tree instance. SPAN includes BPDUs in the
monitored traffic, so any BPDUs seen on the SPAN destination are from the SPAN source.
Use a network analyzer to monitor interfaces.
You can have one SPAN destination interface.
You can mix individual source interfaces within a single SPAN session.
You cannot configure a SPAN destination interface to receive ingress traffic.
When enabled, SPAN uses any previously entered configuration.
When you specify source interfaces and do not specify a traffic type (Tx, Rx, or both), both is used
by default.
Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ
Feature Overview
25