In SPAN you create a SPAN source that consists of at least one port or at least one VLAN on a switch. On the same switch you configure a destination port. The SPAN source data is then gathered and delivered to the SPAN destination.
Let's see an example configuration..
receiving traffic of e0/1 transmitting traffic of e0/2
& read them via a protocol analyzer like Wireshark..
Source Ports: e0/1 & e0/2
Destination port is e0/3..
Note: Ethernet interfaces will be FastEthernet interfaces in configuration as I am doing this on a actual Cisco 2960 switch..
SW(config)#monitor session 1 source interface Fa0/1 rx
SW(config)#monitor session 1 source interface Fa0/2 tx
SW(config)#monitor session 1 destination interface Fa0/3
Issuing show monitor session command;
Let's say we want to capture all traffic of VLAN 1, removing previous commands and re-configuring..
SW(config)#monitor session 2 source vlan 1
SW(config)#monitor session 2 destination interface Fa0/3
Issuing show monitor session command;
Let's take another example which shows how to capture traffic of some VLANs on a trunk link.
In the trunk between SW-1 & SW-2 VLANs 1-5 are configured and not pruned..
If I just want to capture traffic on VLANs 1 & 3 from e0/2 interface (trunk)..
Removing all previous configuration,
SW-1(config)#monitor session 3 source interface Fa0/2
SW-1(config)#monitor session 3 filter vlan 1 , 3
SW-1(config)#monitor session 3 destination interface Fa0/3 encapsulation replicate
Last line encapsulation replicate command will allow copying and forwarding of CDP, BPDU, VTP, DTP, PAgP etc frames which are normally ignored by SPAN..
Issuing show monitor session command;
No comments:
Post a Comment