Manuals / Cisco Systems / Computer Equipment / Switch

Cisco Systems WSC2960X24TSLL, WSC2960X24TDL Information About SPAN and RSPAN, Local SPAN, name

Models: WSC2960X24TSL C2960XSTACK WSC2960X24PDL WSC2960X24TSLL WSC2960X24PSL WSC2960X48TSL WSC2960X24TDL

1 112
Download 112 pages 36.97 Kb
Page 80
Image 80
name}

Configuring SPAN and RSPAN

Information About SPAN and RSPAN

name}

Note Both the filter vlan and filter ip access-groupcommands cannot be configured at the same time. Configuring one results in rejection of the other.

EtherChannels are not supported in an FSPAN session.

FSPAN ACLs with TCP flags or the log keyword are not supported.

If you configure an IPv6 FSPAN ACL when the switch is running the advanced IP Services feature set but later run a different feature set, after rebooting the switch, the switch might lose the IPv6 FSPAN ACL configuration.

IPv6 FSPAN ACLs are supported only on IPv6-enabled SDM templates. If you configure an IPv6 FSPAN ACL when running an IPv6 enabled SDM template, but later configure a non-IPv6 SDM template and reboot the switch, you lose the IPv6 FSPAN ACL configuration.

Information About SPAN and RSPAN

SPAN and RSPAN

You can analyze network traffic passing through ports or VLANs by using SPAN or RSPAN to send a copy of the traffic to another port on the switch or on another switch that has been connected to a network analyzer or other monitoring or security device. SPAN copies (or mirrors) traffic received or sent (or both) on source ports or source VLANs to a destination port for analysis. SPAN does not affect the switching of network traffic on the source ports or VLANs. You must dedicate the destination port for SPAN use. Except for traffic that is required for the SPAN or RSPAN session, destination ports do not receive or forward traffic.

Only traffic that enters or leaves source ports or traffic that enters or leaves source VLANs can be monitored by using SPAN; traffic routed to a source VLAN cannot be monitored. For example, if incoming traffic is being monitored, traffic that gets routed from another VLAN to the source VLAN cannot be monitored; however, traffic that is received on the source VLAN and routed to another VLAN can be monitored.

You can use the SPAN or RSPAN destination port to inject traffic from a network security device. For example, if you connect a Cisco Intrusion Detection System (IDS) sensor appliance to a destination port, the IDS device can send TCP reset packets to close down the TCP session of a suspected attacker.

Local SPAN

Local SPAN supports a SPAN session entirely within one switch; all source ports or source VLANs and destination ports are in the same switch or switch stack. Local SPAN copies traffic from one or more source ports in any VLAN or from one or more VLANs to a destination port for analysis.

 

Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX

68

OL-29044-01

Page 79 Page 81
Page 80
Image 80
Cisco Systems WSC2960X24TSLL, WSC2960X24TDL, WSC2960X48TSL, WSC2960X24PSL Information About SPAN and RSPAN, Local SPAN, name
Page 79 Page 81