Cisco Systems IE 2000 Monitored Traffic Types for SPAN Sessions

30-4

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Chapter 30 Configuring SPAN and RSPAN

Information About SPAN and RSPAN

There can be more than one source session and more than one destination session active in the same

RSPAN VLAN. There can also be intermediate switches separating the RSPAN source and destination

sessions. These switches need not be capable of running RSPAN, but they must respond to the

requirements of the RSPAN VLAN (see the “RSPAN VLAN” section on page 30-7).

Traffic monitoring in a SPAN session has these restrictions:

• Sources can be ports or VLANs, but you cannot mix source ports and source VLANs in the same

session.

• The switch supports up to two source sessions (local SPAN and RSPAN source sessions). You can

run both a local SPAN and an RSPAN source session in the same switch. The switch supports a total

of 66 source and RSPAN destination sessions.

• You can have multiple destination ports in a SPAN session, but no more than 64 destination ports.

• You can configure two separate SPAN or RSPAN source sessions with separate or overlapping sets

of SPAN source ports and VLANs. Both switched and routed ports can be configured as SPAN

sources and destinations.

• SPAN sessions do not interfere with the normal operation of the switch. However, an oversubscribed

SPAN destination, for example, a 10-Mb/s port monitoring a 100-Mb/s port, can result in drop ped

or lost packets.

• When RSPAN is enabled, each packet being monitored is transmitted twice, once as normal traffic

and once as a monitored packet. Therefore monitoring a large number of ports or VLANs could

potentially generate large amounts of network traffic.

• You can configure SPAN sessions on disabled ports; however, a SPAN session does not become

active unless you enable the destination port and at least one source port or VLAN for that ses sion.

• The switch does not support a combination of local SPAN and RSPAN in a single session. That is,

an RSPAN source session cannot have a local destination port, an RSPAN destination session cannot

have a local source port, and an RSPAN destination session and an RSPAN source session that are

using the same RSPAN VLAN cannot run on the same switch.

Monitored Traffic Types for SPAN Sessions

• Receive (Rx) SPAN—The goal of receive (or ingress) SPAN is to monitor as much as possible all

the packets received by the source interface or VLAN before any modification or processing is

performed by the switch. A copy of each packet received by the source is sent to the destination port

for that SPAN session.

Packets that are modified because of routing or quality of service (QoS)—for example, modified

Differentiated Services Code Point (DSCP)—are copied before modifi cation.

Features that can cause a packet to be dropped during receive proce ssing have no effect on ingress

SPAN; the destination port receives a copy of the packet even if the actual incoming packet is

dropped. These features include IP standard and extended input access control lists (ACLs), ingress

QoS policing, VLAN ACLs, and egress QoS policing.

• Transmit (Tx) SPAN—The goal of transmit (or egress) SPAN is to monitor as much as possible all

the packets sent by the source interface after all modification and processing is performed by the

switch. A copy of each packet sent by the source is sent to the destination port for that SPAN session.

The copy is provided after the packet is modified .

Packets that are modified because of routing—for example, with modified time-to-live (TTL),

MAC-address, or QoS values—are duplicated (with the modifications) at the destination port.