Cisco Systems WSC2960X24PDL, WSC2960X24TDL manual Flow-Based Span, Span and Rspan and Device Stacks

Page 88

Configuring SPAN and RSPAN

Flow-Based SPAN

A private-VLAN port cannot be a SPAN destination port.

A secure port cannot be a SPAN destination port.

For SPAN sessions, do not enable port security on ports with monitored egress when ingress forwarding is enabled on the destination port. For RSPAN source sessions, do not enable port security on any ports with monitored egress.

An IEEE 802.1x port can be a SPAN source port. You can enable IEEE 802.1x on a port that is a SPAN destination port; however, IEEE 802.1x is disabled until the port is removed as a SPAN destination.

For SPAN sessions, do not enable IEEE 802.1x on ports with monitored egress when ingress forwarding is enabled on the destination port. For RSPAN source sessions, do not enable IEEE 802.1x on any ports that are egress monitored.

SPAN and RSPAN and Device Stacks

Because the stack of switches represents one logical switch, local SPAN source ports and destination ports can be in different switches in the stack. Therefore, the addition or deletion of switches in the stack can affect a local SPAN session, as well as an RSPAN source or destination session. An active session can become inactive when a switch is removed from the stack or an inactive session can become active when a switch is added to the stack.

Flow-Based SPAN

You can control the type of network traffic to be monitored in SPAN or RSPAN sessions by using flow-based SPAN (FSPAN) or flow-based RSPAN (FRSPAN), which apply access control lists (ACLs) to the monitored traffic on the source ports. The FSPAN ACLs can be configured to filter IPv4, IPv6, and non-IP monitored traffic.

You apply an ACL to a SPAN session through the interface. It is applied to all the traffic that is monitored on all interfaces in the SPAN session.The packets that are permitted by this ACL are copied to the SPAN destination port. No other packets are copied to the SPAN destination port.

The original traffic continues to be forwarded, and any port, VLAN, and router ACLs attached are applied. The FSPAN ACL does not have any effect on the forwarding decisions. Similarly, the port, VLAN, and router ACLs do not have any effect on the traffic monitoring. If a security input ACL denies a packet and it is not forwarded, the packet is still copied to the SPAN destination ports if the FSPAN ACL permits it. But if the security output ACL denies a packet and it is not sent, it is not copied to the SPAN destination ports. However, if the security output ACL permits the packet to go out, it is only copied to the SPAN destination ports if the FSPAN ACL permits it. This is also true for an RSPAN session.

You can attach three types of FSPAN ACLs to the SPAN session:

IPv4 FSPAN ACLFilters only IPv4 packets.

IPv6 FSPAN ACLFilters only IPv6 packets.

MAC FSPAN ACLFilters only non-IP packets.

The security ACLs have higher priority than the FSPAN ACLs on a switch. If FSPAN ACLs are applied, and you later add more security ACLs that cannot fit in the hardware memory, the FSPAN ACLs that you applied are removed from memory to allow space for the security ACLs. A system message notifies you of this action, which is called unloading. When there is again space for the FSPAN ACLs to reside in memory, they are

 

Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX

76

OL-29044-01

Image 88
Contents Americas Headquarters First Published July 10Page N T E N T S Configuring the Cisco Discovery Protocol Configuring Simple Network Management Protocol Rspan Vlan Vii Viii Convention Description Document ConventionsBold font Reader Alert Conventions Obtaining Documentation and Submitting a Service Request Related DocumentationXii Information About Using the Command-Line Interface Command ModesMode Access Method Prompt Exit Method About This Mode ConfigureQuit Ctrl-ZUsing the Help System Command or Action Purpose StepMode HelpNo and default Forms of Commands Understanding Abbreviated CommandsCLI Error Messages How to Use the CLI to Configure Features Configuration LoggingConfiguring the Command History Error Message MeaningRecalling Commands Changing the Command History Buffer SizeCommand or Action Enabling and Disabling Editing Features Disabling the Command History FeaturePrivileged Exec mode Terminal no historyEditing Commands through Keystrokes Editing Command Lines That Wrap Searching and Filtering Output of show and more Commands Access-listShow more command begin include exclude regular-expression Show more command begin include excludeCommand or Action Example OL-29044-01 Finding Feature Information Prerequisites for Configuring the Configuration EngineRestrictions for Configuring the Configuration Engine Information About Configuring the Configuration EngineCisco Configuration Engine Software Related TopicsConfiguration Service Cisco Configuration Engine Architectural OverviewEvent Service Cisco Networking Services IDs and Device HostnamesConfigID NameSpace MapperDeviceID Hostname, DeviceID, and ConfigIDHostname and DeviceID Initial Configuration Cisco IOS CNS AgentsAutomated CNS Configuration Incremental Partial ConfigurationSynchronized Configuration Device Required ConfigurationHow to Configure the Configuration Engine Configure terminalEnabling the CNS Event Agent EndConfigure terminal Enters the global configuration mode Reconnect-time time backupCns config partial hostname ip-address Cns config initial hostname ip-addressEnabling the Cisco IOS CNS Agent Enabling an Initial Configuration for Cisco IOS CNS Agent Command or Action PurposeOn the switch End Returns to privileged Exec modeConfigure terminal Cns template connect name Exit Hostname nameExit Returns to global configuration mode Discover controller controller-typedlciHostname string string udi event image command ExitPort-number event no-persist Source ip-address syntax-checkRefreshing DeviceIDs Show cns config connectionsShow cns event connections No cns event ip-address port-number Enabling a Partial Configuration for Cisco IOS CNS Agent Cns config partial ip-addresshostnameMonitoring CNS Configurations Command PurposeAdditional References Technical Assistance Description LinkRelease Modification Cisco IOS 15.02EXInformation About CDP CDP OverviewHow to Configure CDP Default CDP ConfigurationConfiguring CDP Characteristics FeatureOptional Configures CDP to send Version-2 advertisements No cdp run Disables CDP Configure terminal No cdp run EndDisabling CDP Cdp run Enables CDP if it has been disabled Configure terminal Cdp run EndEnabling CDP No cdp enable End Enters interface configuration modeDisabling CDP on an Interface Specifies the interface on which you are disabling CDPCdp enable End Enabling CDP on an InterfaceCdp enable Enables CDP on a disabled interface Command DescriptionMonitoring and Maintaining CDP Specifies the interface on which you are enabling CDPCommand Show cdp neighbors interface-idShow cdp traffic Related Documents Related Topic Document TitleFeature History and Information for Cisco Discovery Protocol Prerequisites for Snmp Supported Snmp VersionsModel Level Authentication Encryption Result SHA Restrictions for Snmp Information About SnmpSnmp Overview Snmp Manager FunctionsSnmp Agent Functions Snmp MIB Variables AccessSnmp Community Strings Snmp Notifications Snmp ifIndex MIB Object ValuesDefault Snmp Configuration Snmp Configuration GuidelinesFeature Default Setting Interface TypeConfigure terminal No snmp-server End How to Configure SnmpDisabling the Snmp Agent Configuring Community Strings No snmp-server Disables the Snmp agent operationSwitchconfig# access-list 4 deny any Configuring Snmp Groups and Users Snmp-server engineID localIntegers twice the normal width V1 is the least secure of the possible security modelsSnmp-server user username Configuring Snmp Notifications End ExampleNotification Type Keyword Description Snmp-server enable traps port-security Snmp-server enable traps port-security trap-rate ratePort-security RtrV2c access access-list v3 encrypted access Snmp-server user username group-nameremoteRange is 1 to 1000 the default is Setting the Agent Contact and Location Information Snmp-server contact text Sets the system contact string Limiting Tftp Servers Used Through SnmpSnmp-server location text Sets the system location string Monitoring Snmp Status Snmp-server tftp-server-listSnmp Examples Switchconfig# snmp-server enable traps entity Configuring Span and Rspan Prerequisites for Span and RspanRestrictions for Span and Rspan RspanFlow-Based Span Fspan and Flow-Based Rspan Frspan Span and Rspan Information About Span and RspanLocal Span Example of Local Span Configuration on a Single Device Remote SpanExample of Rspan Configuration Span and Rspan Concepts and TerminologySpan Sessions Source Ports Source VLANs Rspan Vlan Span and Rspan Interaction with Other Features Flow-Based Span Span and Rspan and Device StacksConfiguration Guidelines Default Span and Rspan ConfigurationSpan Configuration Guidelines How to Configure Span and Rspan Rspan Configuration GuidelinesFspan and Frspan Configuration Guidelines Creating a Local Span SessionMonitor session sessionnumber source Both rx txEnd No monitor session sessionnumber all Local remoteCommand or Action Purpose Specifying VLANs to FilterConfiguring a Vlan as an Rspan Vlan Monitor session sessionnumber filter vlanRemote-span End Remote-spanCreating an Rspan Source Session Monitor session sessionnumber Destination remote vlan vlan-idSwitchconfig# no monitor session Creating an Rspan Destination Session Remote vlan vlan-id Switchconfig# monitor session 2 source remote vlan Configuring an Fspan Session Configure terminal Enters global configuration modeMonitor session sessionnumber source Configuring an Frspan Session Detailed Steps Monitoring Span and Rspan Operations Or Frspan configurationShow monitor Span and Rspan Configuration Examples Example Configuring Local SpanFeature History and Information for Span and Rspan Examples Creating an Rspan VlanLimit IPv4, IPv6 or IPv4 + IPv6, or D E Span sessions
Related manuals
Manual 18 pages 20.28 Kb

WSC2960X24TSL, C2960XSTACK, WSC2960X24PDL, WSC2960X24TSLL, WSC2960X24PSL specifications

Cisco Systems has long been a leader in networking technology, and its range of switching products exemplifies its commitment to high performance and reliability. Among its popular offerings are the Catalyst 2960-X and 2960-XR series switches, including models like WSC2960X48TSL, WSC2960XR48FPDI, WSC2960XR24TDI, and WSC2960XR48LPDI. These switches are designed to deliver efficient Layer 2 and Layer 3 capabilities, making them ideal for enterprise and small to medium-sized business networks.

The WSC2960X48TSL model boasts 48 Ethernet ports, providing ample connectivity for various devices. It supports Power over Ethernet (PoE), making it suitable for powering IP cameras, wireless access points, and VoIP phones. The switch also features Cisco’s Smart Operations technology, which simplifies network management and enhances user experience through automated features such as Cisco Auto Smartports and Auto QoS.

Turning to the WSC2960XR48FPDI, this version also features 48 ports but with enhanced redundancy and power capabilities, making it suitable for critical applications where uptime is paramount. This switch offers dual power supply options, ensuring that even in the event of a power failure, network operations continue seamlessly. Its Flexible NetFlow feature enables enhanced visibility and monitoring of traffic, allowing businesses to optimize their bandwidth usage and troubleshoot issues more efficiently.

The WSC2960XR24TDI model, with its 24 ports, is perfectly designed for networks with fewer devices yet still demands robust performance. It also includes advanced security features, such as IEEE 802.1X port-based authentication, enhancing the protection of sensitive data and communications within the network.

Lastly, the WSC2960XR48LPDI model is tailored for environments that require high availability and robust performance, featuring 48 ports along with Layer 3 static routing capabilities. With its support for IPv6 and advanced QoS features, this switch is prepared for the future of networking, accommodating the increasing demand for bandwidth and reliable connectivity.

All these switches utilize Cisco IOS software, providing a familiar interface for network administrators. They also incorporate advanced troubleshooting tools, like Cisco Prime, which facilitate effective network management. Collectively, the WSC2960 series switches represent a comprehensive solution for businesses seeking dependable, scalable, and manageable networking options. With their combination of performance, features, and reliability, these Cisco switches are essential for meeting the demands of modern networking.