24-4
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
OL-10101-02
Chapter 24 Configuring SPAN and RSPAN
Understanding SPAN and RSPAN
Source Port
A source port (also called a monitored port) is a switched port that you monitor for network traffic
analysis. In a single local SPAN session or RSPAN source session, you can monitor source port traffic
such as received (Rx), transmitted (Tx), or bidirectional (both). The switch supports any number of
source ports (up to the maximum number of available ports on the switch).
A source port has these characteristics:
It can be any port type (for example, EtherChannel, Fast Ethernet, Gigabit Ethernet, and so forth).
It cannot be a destination port.
Each source port can be configured with a direction (ingress, egress, or both) to monitor. For
EtherChannel sources, the monitored direction would apply to all the physical ports in the group.
Source ports can be in the same or different VLANs.
You can configure a trunk port as a source port. All VLANs active on the trunk are monitored.
Destination Port
Each local SPAN session or RSPAN destination session must have a destination port (also called a
monitoring port) that receives a copy of traffic from the source port.
The destination port has these characteristics:
It must reside on the same switch as the source port (for a local SPAN session).
It can be any Ethernet physical port.
It cannot be a source port or a reflector port.
It cannot be an EtherChannel group or a VLAN.
It can be a physical port that is assigned to an EtherChannel group, even if the EtherChannel group
has been specified as a SPAN source. The port is removed from the group while it is configured as
a SPAN destination port.
The port does not transmit any traffic except that required for the SPAN session.
If ingress traffic forwarding is enabled for a network security device, the destination port forwards
traffic at Layer 2.
It does not participate in spanning tree while the SPAN session is active.
When it is a destination port, it does not participate in any of the Layer 2 protocols— Cisco
Discovery Protocol (CDP), VLAN Trunk Protocol (VTP), Dynamic Trunking Protocol (DTP),
Spanning Tree Protocol (STP), Port Aggregation Protocol (PagP), and Link Aggregation Control
Protocol (LACP).
No address learning occurs on the destination port.
A destination port receives copies of sent and received traffic for all monitored source ports. If a
destination port is oversubscribed, it could become congested. This could affect traffic forwarding
on one or more of the source ports.