15-3
Catalyst 3550 Multilayer Switch Software Configuration Guide
78-11194-03
Chapter15 Configuring SPAN Understanding SPAN
You can configure SPAN sessions on disabled ports; however, a SPAN session does not become active
unless you enable the destination port and at least one source port or VLAN for that session. The show
monitor session session_number privileged EXEC command displays the operational status of a SPAN
session.
A SPAN session remains inactive after system power-on until the destination port is operational.
Traffic Types
SPAN sessions include these traffic types:
Receive (Rx) SPANThe goal of receive (or ingress) SPAN is to monitor as much as possible all
the packets received by the source interface or VLAN before any modification or processing is
performed by the switch. A copy of each packet received by the source is sent to the de stination port
for that SPAN session. You can monitor a series or range of ingress ports or VLANs in a SPAN
session.
On tagged packets (ISL or 802.1Q), the tagging is removed at the ing re ss port . A t t he de stinat ion
port, if tagging is enabled, the packets are seen with the ISL or 80 2.1 Q he ad ers, as spe cifie d. If no
tagging is specified, packets are seen in the native format.
Packets that are modified because of routing are copied without modification for Rx SPAN; that is,
the original packet is copied. Packets that are modified because of quality of service (QoS)for
example, modifi ed Differentiated Services Code Point (DSCP)are copied with modification for Rx
SPAN.
Some features that can cause a packet to be dropped during receive processing have no effect on
SPAN; the destination port receives a copy of the packet even if the actual incoming packet is
dropped. These features include IP standard and extend ed i npu t a cce ss con tr ol li sts (A CLs ), IP
standard and extended output ACLs for unicast, VLAN maps, ingress QoS policing, and
policy-based routing. Switch congestion that causes packets to be dropp ed a lso h as no e ffect on
SPAN.
Transmit (Tx) SPANThe goal of transmit (or egress) SPAN is to monitor as much as possible all
the packets sent by the source interface after all modification and processing is performed by t he
switch. A copy of each packet sent by the source is sent to the destination port for that SPAN session.
The copy is provided after the packet is modified.
Only one egress source port is allowed in one SPAN session. VLAN monitoring is not supported in
the egress direction.
Packets that are modified because of routingfor example, with a time-to-live (TTL) or
MAC-address modificationare duplicated at the destination port. On packets that are modified
because of QoS, the modified packet might not have the same DSCP (IP packet) or CoS (non-IP
packet) as the SPAN source.
Some features that can cause a packet to be dropped during transmit processing might also affect the
duplicated copy for SPAN. These features include VLAN maps, IP standard and extended output
ACLs on multicast packets, and egress QoS policing. In the case of output ACLs, if the SPAN source
drops the packet, the SPAN destination would also drop the packet. In the case of egress QoS
policing, if the SPAN source drops the packet, the SPAN d estination mig ht not drop it. If the sour ce
port is oversubscribed, the destination ports will have different dr opp ing beha vior.
BothIn a SPAN session, a single port can be monitored for both received and sent packets.