37-5
Software Configuration Guide—Release 12.2(25)SG
OL-7659-03
Chapter37 Configuring SPAN and RSPAN
Overview of SPAN and RSPAN
Destination Port
Each local SPAN session or RSPAN destination session must have a destination port (also called a
monitoring port) that receives a copy of traffic from the source ports and VLAN s.
A destination port has these characteristics:
A destination port must reside on the same switch as the source port (for a local SPAN session).
A destination port can be any Ethernet physical port.
A destination port can participate in only one SPAN session at a time. (A destin ation port in one
SPAN session cannot be a destination port for a second SPAN session.)
A destination port cannot be a source port.
A destination port cannot be an EtherChannel group.
A destination port can be a physical port that is assign ed to an EtherChannel group, even if the
EtherChannel group has been specified as a SPAN source. The port is removed from the group while
it is configured as a SPAN destination port.
The port does not transmit any traffic except that traffic required for the SPAN session unless
learning is enabled. If learning is enabled, the port will also transmit traffic directed to hosts that
have been learned on the destination port.
If ingress traffic forwarding is enabled for a network security device, the destination port for wards
traffic at Layer 2.
A destination port does not participate in spanning tree while the SPAN session is active.
When it is a destination port, it does not participate in any of the Layer 2 protocols (STP, VTP, CDP,
DTP, PagP).
A destination port that belongs to a source VLAN of any SPAN session is excluded from the source
list and is not monitored.
A destination port receives copies of sent and received traffic for all monitored source ports. If a
destination port is oversubscribed, it could become congested. This congestion could affect traffic
forwarding on one or more of the source ports.
VLAN-Based SPAN
VLAN-based SPAN (VSPAN) is the monitoring of the network traffic in one or more VLANs.
Use these guidelines for VSPAN sessions:
Traffic on RSPAN VLANs is not monitored by VLAN-based SPAN sessions.
Only traffic on the monitored VLAN is sent to the destination port.
If a destination port belongs to a source VLAN, it is excluded from the source list and is not
monitored.
If ports are added to or removed from the source VLANs, the traffic on the source VLAN received
by those ports is added to or removed from the sources being monitored.
VLAN pruning and the VLAN allowed list have no effect on SPAN monitoring.
VSPAN monitors only traffic that enters the switch, not traffic that is routed between VLANs. For
example, if a VLAN is being Rx-monitored, and the multilayer switch routes traffic from another
VLAN to the monitored VLAN, that traffic is not monitored and is not received on the SPAN
destination port.