NETWORK ANALYZER

i10systems

Local SPAN Overview

A local SPAN session is an association of source ports and source VLANs with one or more destinations. You configure a local SPAN session on a single switch. Local SPAN does not have separate source and destination sessions.

Local SPAN sessions do not copy locally sourced RSPAN VLAN traffic from source trunk ports that carry RSPAN VLANs. Local SPAN sessions do not copy locally sourced RSPAN GRE-encapsulated traffic from source ports.

Each local SPAN session can have either ports or VLANs as sources, but not both.

Local SPAN copies traffic from one or more source ports in any VLAN or from one or more VLANs to a destination for analysis . For example, as shown in, all traffic on Ethernet port 5 (the source port) is copied to Ethernet port 10. A network analyzer on Ethernet port 10 receives all traffic from Ethernet port 5 without being physically attached to Ethernet port 5.

Local SPAN Configuration

interface GigabitEthernet1/1
description SPAN destination interface for VLAN 10
no ip address
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/2
description SPAN destination interface for VLAN 11
no ip address
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 11
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/3
description SPAN destination interface for VLAN 12
no ip address
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 12
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/4
description SPAN destination interface for VLAN 13
no ip address
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 13
switchport mode trunk
switchport nonegotiate
!
monitor session 1 source vlan 10 – 13
monitor session 1 destination interface Gi1/1 – 4

RSPAN Overview

RSPAN supports source ports, source VLANs, and destinations on different switches, which provides remote monitoring of multiple switches across your network  RSPAN uses a Layer 2 VLAN to carry SPAN traffic between switches.

RSPAN consists of an RSPAN source session, an RSPAN VLAN, and an RSPAN destination session. You separately configure RSPAN source sessions and destination sessions on different switches. To configure an RSPAN source session on one switch, you associate a set of source ports or VLANs with an RSPAN VLAN. To configure an RSPAN destination session on another switch, you associate the destinations with the RSPAN VLAN.

The traffic for each RSPAN session is carried as Layer 2 nonroutable traffic over a user-specified RSPAN VLAN that is dedicated for that RSPAN session in all participating switches. All participating switches must be trunk-connected at Layer 2.

RSPAN source sessions do not copy locally sourced RSPAN VLAN traffic from source trunk ports that carry RSPAN VLANs. RSPAN source sessions do not copy locally sourced RSPAN GRE-encapsulated traffic from source ports.

Each RSPAN source session can have either ports or VLANs as sources, but not both.

The RSPAN source session copies traffic from the source ports or source VLANs and switches the traffic over the RSPAN VLAN to the RSPAN destination session. The RSPAN destination session switches the traffic to the destinations.

RSPAN SOURCE CONFIGURATION

Router(config)# monitor session RSPAN_source_session_number type rspan-source
Router(config-mon-rspan-src)# description session_description
Router(config-mon-rspan-src)# source {{cpu {rp | sp}} | single_interface | interface_list | interface_range | mixed_interface_list | single_vlan | vlan_list | vlan_range | mixed_vlan_list} [rx | tx | both]
Router(config-mon-rspan-src)# filter single_vlan | vlan_list | vlan_range | mixed_vlan_list
Router(config-mon-rspan-src)# destination remote vlan rspan_vlan_ID
Router(config-mon-rspan-src)# no shutdown
Router(config-mon-rspan-src)# end

RSPAN DESTINATION CONFIGURATION

Router(config)# monitor session RSPAN_destination_session_number type rspan-destination
Router(config-mon-rspan-dst)# description session_description
Router(config-mon-rspan-dst)# source remote vlan rspan_vlan_ID
Router(config-mon-rspan-dst)# destination {single_interface | interface_list | interface_range | mixed_interface_list} [ingress [learning]]
Router(config-mon-rspan-dst)# end

ERSPAN Overview

ERSPAN supports source ports, source VLANs, and destinations on different switches, which provides remote monitoring of multiple switches across your network . ERSPAN uses a GRE tunnel to carry traffic between switches.

ERSPAN consists of an ERSPAN source session, routable ERSPAN GRE-encapsulated traffic, and an ERSPAN destination session. You separately configure ERSPAN source sessions and destination sessions on different switches.

To configure an ERSPAN source session on one switch, you associate a set of source ports or VLANs with a destination IP address, ERSPAN ID number, and optionally with a VRF name. To configure an ERSPAN destination session on another switch, you associate the destinations with the source IP address, ERSPAN ID number, and optionally with a VRF name.

ERSPAN source sessions do not copy locally sourced RSPAN VLAN traffic from source trunk ports that carry RSPAN VLANs. ERSPAN source sessions do not copy locally sourced ERSPAN GRE-encapsulated traffic from source ports.

Each ERSPAN source session can have either ports or VLANs as sources, but not both.

The ERSPAN source session copies traffic from the source ports or source VLANs and forwards the traffic using routable GRE-encapsulated packets to the ERSPAN destination session. The ERSPAN destination session switches the traffic to the destinations.

Configuring ERSPAN Source Sessions

Router(config)# monitor session ERSPAN_source_session_number type erspan-source
Router(config-mon-erspan-src)# description session_description
Router(config-mon-erspan-src)# source {{{cpu {rp | sp}} | single_interface | interface_list | interface_range | mixed_interface_list | single_vlan | vlan_list | vlan_range | mixed_vlan_list} [rx | tx | both]
Router(config-mon-erspan-src)# filter single_vlan | vlan_list | vlan_range | mixed_vlan_list
Router(config-mon-erspan-src)# destination
Router(config-mon-erspan-src-dst)# ip address ip_address
Router(config-mon-erspan-src-dst)# erspan-id ERSPAN_flow_id
Router(config-mon-erspan-src-dst)# origin ip address ip_address [force]
Router(config-mon-erspan-src-dst)# ip ttl ttl_value
Router(config-mon-erspan-src-dst)# ip prec ipp_value
Router(config-mon-erspan-src-dst)# ip dscp dscp_value
Router(config-mon-erspan-src-dst)# vrf vrf_name
Router(config-mon-erspan-src)# no shutdown
Router(config-mon-erspan-src-dst)# end

Configuring ERSPAN Destination Sessions

Router(config)# monitor session ERSPAN_destination_session_number type erspan-destination
Router(config-mon-erspan-dst)# description session_description
Router(config-mon-erspan-dst)# destination {single_interface | interface_list | interface_range | mixed_interface_list} [ingress [learning]]
Router(config-mon-erspan-dst)# source
Router(config-mon-erspan-dst-src)# ip address ip_address [force]
Router(config-mon-erspan-dst-src)# erspan-id ERSPAN_flow_id
Router(config-mon-erspan-dst-src)# vrf vrf_name
Router(config-mon-erspan-dst)# no shutdown
Router(config-mon-erspan-dst-src)# end

Leave a comment