Cisco Systems WSC2960X24PSL, C2960XSTACK Flow-Based SPAN FSPAN and Flow-Based RSPAN FRSPAN, Rspan

Configuring SPAN and RSPAN

Restrictions for SPAN and RSPAN

•SPAN sessions do not interfere with the normal operation of the switch. However, an oversubscribed SPAN destination, for example, a 10-Mb/s port monitoring a 100-Mb/s port, can result in dropped or lost packets.

•When SPAN or RSPAN is enabled, each packet being monitored is sent twice, once as normal traffic and once as a monitored packet. Monitoring a large number of ports or VLANs could potentially generate large amounts of network traffic.

•You can configure SPAN sessions on disabled ports; however, a SPAN session does not become active unless you enable the destination port and at least one source port or VLAN for that session.

•The switch does not support a combination of local SPAN and RSPAN in a single session.

◦An RSPAN source session cannot have a local destination port.

◦An RSPAN destination session cannot have a local source port.

◦An RSPAN destination session and an RSPAN source session that are using the same RSPAN VLAN cannot run on the same switch or switch stack.

RSPAN

The restrictions for RSPAN are as follows:

•RSPAN does not support BPDU packet monitoring or other Layer 2 switch protocols.

•The RSPAN VLAN is configured only on trunk ports and not on access ports. To avoid unwanted traffic in RSPAN VLANs, make sure that the VLAN remote-span feature is supported in all the participating switches.

•RSPAN VLANs are included as sources for port-based RSPAN sessions when source trunk ports have active RSPAN VLANs. RSPAN VLANs can also be sources in SPAN sessions. However, since the switch does not monitor spanned traffic, it does not support egress spanning of packets on any RSPAN VLAN identified as the destination of an RSPAN source session on the switch.

•If you enable VTP and VTP pruning, RSPAN traffic is pruned in the trunks to prevent the unwanted flooding of RSPAN traffic across the network for VLAN IDs that are lower than 1005.

Flow-Based SPAN (FSPAN) and Flow-Based RSPAN (FRSPAN)

The restrictions for flow-based SPAN (FSPAN) and flow-based RSPAN (FRSPAN) are as follows:

•You can attach ACLs to only one SPAN or RSPAN session at a time.

•When no FSPAN ACLs are attached, FSPAN is disabled, and all traffic is copied to the SPAN destination ports.

•When you attach an empty FSPAN ACL to a SPAN session, it does not filter packets, and all traffic is monitored.

•FSPAN ACLs cannot be applied to per-port-per-VLAN sessions. You can configure per-port-per-VLAN sessions by first configuring a port-based session and then configuring specific VLANs to the session. For example:

Switch(config)# monitor session session_number source interface interface-idSwitch(config)# monitor session session_number filter vlan vlan-id

Switch(config)# monitor session session_number filter ip access-group {access-list-number

Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX