21-4
Catalyst 2950 Desktop Switch Software Configuration Guide
78-14982-01
Chapter 21 Configuring SPAN and RSPAN
Understan din g SPAN and RSPAN
standard and extended output A CLs for unicast and ingress QoS policing.VLAN maps, ingress QoS
policing, and policy-based routing. Switch congestion that causes packets to be dropped also has no
effect on SPAN.
Transmit (Tx) SPANThe go al of tr an smi t ( or egress) SPAN i s to moni to r as mu ch as pos sib l e all
the packets sent by the source interface after all modification and processing is performed by the
switch. A copy of each pa cket sent by the source is sent to the destination port for that SPAN session.
The co py i s p rovid ed a ft e r th e pa cket is m odified .
Only one egress source port is allo wed per SPAN session. VLAN monitoring is not supported in the
egress directi on.
Packets that are modified because of routingfor example, with a time-to-live (TTL) or
MAC-address mod ificationare duplicated at the destination port. On packets that are modified
because of QoS, the modified packet might not have the same DSCP (IP packet) or CoS (non-IP
packet) as the SPAN source.
Some features that can cause a packet to be dropped during transmit processing might also affect the
duplica ted copy for SPAN. These features inc lude VLAN ma ps, IP standa rd and extended ou tput
A CLs on multicast p ackets, and e gress QoS policing. In th e case of output A CLs, if the SPAN sourc e
drops the pac ket, the SPAN destina tion would also drop the packet. In t he case of egress QoS
policing, if the SPAN sourc e drops the packe t, the SPA N destination might not drop it. If the source
port is oversubscribed, the destination ports will have different dropping behavior.
BothIn a SPAN session, you ca n monito r a single port for both rece ived and sent packets.

Source Port

A source port (also called a monitore d port) is a swit ched or rout ed por t t hat yo u mon ito r for ne twork
traffic an al ysis. I n a si ngle l oca l SPAN se ssion or RSPAN sourc e sess io n, you c an m on ito r so urce p ort
traffic such as received (Rx), transmitted (Tx), or bidirectional (both); however, on a VLAN, you can
monito r only received traffic. The sw itch sup ports any numbe r of source por ts (up to the max imum
number of a vailable ports on the switch) and any number of source ingress VLANs (up to the maximum
number of V LANs suppo rted).
A sourc e port has the se ch arac teri stic s:
It ca n be a ny por t type ( fo r examp le, E ther Cha nnel , Fast Et her net, G igab it Eth er net, and so fo rth) .
It can be monitored in multiple SPAN sessions.
It ca nnot be a destin at ion po rt.
Each s our ce p ort can be configu red w it h a di rec tio n (i ngr ess, egr ess, o r both) t o mo ni tor. For
Ether Channe l so urc es, t he mo nit ored di rec tion wo uld ap ply to al l the p hysica l p orts in the gro up.
Source por ts can be in the same or different VLANs.
For VLAN SPAN sources, all active ports in the source VLAN are included as source ports.
You can conf igur e a trunk port as a sour ce port. By de fault, all VLANs ac tiv e on the trunk are mo nitored.
You ca n limit SPAN traffic monitor ing on trunk source ports to spec ific VLANs by using VLAN
fi ltering. Only switc hed traf fic in th e select ed VLANs is sen t to the desti nation po rt. This fea ture affects
only tr affic fo rwarde d to th e d estina ti on SPAN po rt a nd d oes not a ffect the sw it chi ng of no rm al tra ffic.
This fe at ure i s not allowed in se ssions wi th VL AN sour ces.