32-8
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Chapter 32 Configuring SPAN and RSPAN
Understanding SPAN and RSPAN
When a VLAN filter list is specified, only those VLANs in the list are monitored on trunk ports or
on voice VLAN access ports.
SPAN traffic coming from other port types is not affected by VLAN filtering; that is, all VLANs are
allowed on other ports.
VLAN filtering affects only traffic forwarded to the destination SPAN port and does not affect the
switching of normal traffic.
Destination Port
Each local SPAN session or RSPAN destination session must have a destination port (also called a
monitoring port) that receives a copy of traffic from the source ports or VLANs and sends the SPAN
packets to the user, usually a network analyzer.
A destination port has these characteristics:
For a local SPAN session, the destination port must reside on the same switch or switch stack as the
source port. For an RSPAN session, it is located on the switch containing the RSPAN destination
session. There is no destination port on a switch or switch stack running only an RSPAN source
session.
When a port is configured as a SPAN destination port, the configuration overwrites the original port
configuration. When the SPAN destination configuration is removed, the port reverts to its previous
configuration. If a configuration change is made to the port while it is acting as a SPAN destination
port, the change does not take effect until the SPAN destination configuration had been removed.
If the port was in an EtherChannel group, it is removed from the group while it is a destination port.
If it was a routed port, it is no longer a routed port.
It can be any Ethernet physical port.
It cannot be a secure port.
It cannot be a source port.
It cannot be an EtherChannel group or a VLAN.
It can participate in only one SPAN session at a time (a destination port in one SPAN session cannot
be a destination port for a second SPAN session).
When it is active, incoming traffic is disabled. The port does not transmit any traffic except that
required for the SPAN session. Incoming traffic is never learned or forwarded on a destination port.
If ingress traffic forwarding is enabled for a network security device, the destination port forwards
traffic at Layer 2.
It does not participate in any of the Layer 2 protocols (STP, VTP, CDP, DTP, PagP).
A destination port that belongs to a source VLAN of any SPAN session is excluded from the source
list and is not monitored.
The maximum number of destination ports in a switch or switch stack is 64.