↪️
ccie.nyquist.eu
  • Table of Contents
  • Layer 2 Technologies
    • Ethernet Switching
      • L2 Switch Operations
      • Spanning Tree
        • 802.1d – STP
        • 802.1w – RSTP
        • 802.1s – MSTP
      • VTP 101
      • Private VLANs
      • VLANs
      • EtherChannel 101
    • Layer 2 WAN Protocols
      • HDLC
        • HDLC 101
      • PPP
        • PPP 101
        • PPP Authentication - PAP
        • PPP Authentication – CHAP
        • PPP Authentication – EAP
        • PPP Multilink
        • PPPoFR – PPP over Frame Relay
        • PPPoE – PPP over Ethernet
      • Frame Relay
        • Frame Relay 101
        • Frame Relay 102
        • Frame Relay Encapsulations – IETF vs Cisco
        • Multilink Frame Relay
        • Frame Relay Switching
        • Routing over Frame Relay
      • Bridging
        • Bridging on a router
        • MTU 101
    • Wireless
      • Wireless Principles
      • Wireless Implementations
      • Wireless Roaming
      • Wireless Authentication
        • WPA2 PSK
        • WPA2 802.1X
  • IPv4
    • IPv4 Addressing
      • Backup Interfaces
      • FHRP 101
      • DHCP 101
      • DNS 101
      • ARP 101
      • IPv4 101
      • Tunnel Interfaces
        • GRE Tunnels
      • BFD – Bidirectional Forwarding Detection
    • IPv4 Routing
      • How the routing table is built
        • How CEF works
        • Routing Order of Operations
        • NSF – Non Stop Forwarding
      • RIP
        • RIP 101
      • EIGRP
        • EIGRP 101
        • EIGRP Metric
        • More EIGRP Features
      • OSPF
        • OSPF 101
        • OSPF Areas
        • OSPF LSAs
        • OSPF Mechanics
      • IS-IS
        • IS-IS 101
        • IS-IS Mechanics – CLNP
      • BGP
        • BGP 101
        • BGP Attributes
        • More BGP
      • Route Redistribution
      • Policy based Routing
      • PfR 101 – Perfromance Routing
      • ODR
  • IPv6
    • IPv6-101
    • IPv6 Routing
    • Interconnecting IPv6 and IPv4
  • MPLS
    • MPLS 101
    • MPLS L3 VPN
  • Multicast
    • Multicast 101
    • PIM 101
    • IGMP 101
    • Inter Domain Multicast
    • IPv6 Multicast
    • Multicast features on switches
  • Security
    • NAT 101
    • NAT for Overlapping Networks
    • ACLs 101
    • ACLs 102
    • Cisco IOS Firewall
    • Zone Based Firewall
    • AAA 101
    • Controlling CLI Access
    • Control Plane
    • Switch Security
      • Switchport Traffic Control
      • Switchport Port Security
      • DHCP Snooping and DAI
      • 802.1x
      • Switch ACLs
    • IPSec VPN 101
      • IKE / ISAKMP 101
      • IPSEC Crypto Maps 101
      • IPSEC VTI 101
      • DMVPN 101
    • EAP 101
  • Network Services
    • NTP 101
    • HTTP 101
    • File Transfer 101 – TFTP & FTP
    • WCCP 101
  • QoS
    • QoS 101
    • Classification and Marking
    • Congestion Management
      • Legacy Congestion Management
      • SPD – Selective Packet Discard
      • CBWFQ
      • IP RTP Priority
    • Congestion Avoidance – WRED
    • Policing and Shaping
      • CAR 101
    • Compression and LFI
      • Header and Payload Compression
      • LFI for MultiLink PPP
    • Frame Relay QoS
      • Per VC Frame Relay QoS
    • RSVP 101
    • Switching QoS
  • Network Optimization
    • NetFlow 101 – TNF – Traditional NetFlow
    • NetFlow 102 – FNF – Flexible NetFlow
    • IP SLA 101
    • IP Accounting 101
    • Logging 101
    • SNMP and RMON 101
    • Cisco CLI Tips and Tricks
    • AutoInstall
    • Enhanced Object Tracking
    • Troubleshooting 101
    • SPAN, RSPAN, ERSPAN
  • Network Architecture
    • Hierarchical Network Architecture
    • SD Access
    • SD WAN
Powered by GitBook
On this page
  • Local SPAN
  • RSPAN
  • ERSPAN

Was this helpful?

  1. Network Optimization

SPAN, RSPAN, ERSPAN

SPAN allows the traffic on one swithcport to be copied on another switchport. A SPAN session needs to be created where you define source ports and destination ports. Alternatively you can configure a source VLAN where all ports in the VLAN become the source ports. You can't mix between source ports and source VLANs

Local SPAN

Local SPAN (Switched Port ANalyzer) is an association of source ports or source VLANs with one or more destination ports on the same switch.

To configure a local SPAN session use these commands:

Sw(config)# monitor session SESSION-ID source {interface SRC-INTF-ID | vlan SRC-VLAN-ID} [rx|tx|both]
! rx - filter only incoming packets
! tx - filter only outgoing packets
! both - don't filter incoming or outgoing packets (default)
Sw(config)# monitor session SESSION-ID destination interface DST-INTF-ID

The number of destination ports is platform dependent.

To monitor the current SPAN sessions, use

Sw# show monitor

RSPAN

RSPAN (Remote SPAN) allows the source and the destination to be on different switches. The way this is achived is by using a RSPAN VLAN to carry SPAN traffic between switches.

To configure RSPAN, use these commands on switches that contain source ports:

Sw1(config)# vlan VLAN-ID
Sw1(config-vlan)# remote-span
Sw1(config-vlan)# exit
Sw1(config)# monitor session SESSION-ID source interface SRC-INTF-ID [rx|tx|both]
Sw1(config)# monitor session SESSION-ID destination remote vlan VLAN-ID

and these commands on switches that contain destination ports

Sw2(config)# vlan VLAN-ID
Sw2(config-vlan)# remote-span
Sw2(config-vlan)# exit
Sw2(config)# monitor session SESSION-ID source remote vlan VLAN-ID
Sw2(config)# monitor session SESSION-ID destination interface DST-INTF-ID

Obviously, the RSPAN vlan needs to be configured on all switches. To monitor the RSPAN sessions use these commands:

Sw# show monitor
Sw# show vlan remote-span

ERSPAN

ERSPAN (Encapsulated Remote SPAN) takes the concept further and encapsulates the source traffic in GRE, allowing it to be routed over a Layer3 network to the destination ports.

To configure ERSPAN source devices, use:

Sw1(config)# monitor session SESSION-ID type erspan-source
Sw1(config-mon-erspan-src)# source interface SRC-INTF-ID
Sw1(config-mon-erspan-src)# destination
Sw1(config-mon-erspan-src-dst)# erspan-id ERSPAN-ID
Sw1(config-mon-erspan-src-dst)# ip address DST-IP
Sw1(config-mon-erspan-src-dst)# origin ip address SRC-IP

To configure ERSPAN destination device, use:

Sw1(config)# monitor session SESSION-ID type erspan-destination
Sw1(config-mon-erspan-dst)# destinaation interface SRC-INTF-ID
Sw1(config-mon-erspan-dst)# source
Sw1(config-mon-erspan-dst-src)# erspan-id ERSPAN-ID
Sw1(config-mon-erspan-dst-src)# ip address DST-IP
PreviousTroubleshooting 101NextHierarchical Network Architecture

Last updated 2 years ago

Was this helpful?