Configuring Local SPAN, RSPAN, and ERSPAN12.2sx
C H A P T E R
60
Configuring Local SPAN, RSPAN, and ERSPAN
This chapter describes how to configure local Switched Port Analyzer (SPAN), remote SPAN (RSPAN), and Encapsulated RSPAN (ERSPAN) in Cisco IOS Release 12.2SX.
Note
?
For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Master Command List, Release 12.2SX, at this URL:
https://www.wendangku.net/doc/1511279682.html,/en/US/docs/ios/mcl/122sxmcl/12_2sx_mcl_book.html ?
SPA ports and FlexWAN ports do not support SPAN, RSPAN, or ERSPAN.
Tip
For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page:
https://www.wendangku.net/doc/1511279682.html,/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
This chapter consists of these sections:
?Understanding Local SPAN, RSPAN, and ERSPAN, page 60-1
?Local SPAN, RSPAN, and ERSPAN Configuration Guidelines and Restrictions, page 60-7?
Configuring Local SPAN, RSPAN, and ERSPAN, page 60-14
Understanding Local SPAN, RSPAN, and ERSPAN
These sections describe how local SPAN, RSPAN, and ERSPAN work:
?Local SPAN, RSPAN, and ERSPAN Overview, page 60-2?Local SPAN, RSPAN, and ERSPAN Sources, page 60-5?
Local SPAN, RSPAN, and ERSPAN Destinations, page 60-7
Chapter60 Configuring Local SPAN, RSPAN, and ERSPAN Understanding Local SPAN, RSPAN, and ERSPAN
Chapter60 Configuring Local SPAN, RSPAN, and ERSPAN
Understanding Local SPAN, RSPAN, and ERSPAN
Chapter60 Configuring Local SPAN, RSPAN, and ERSPAN Understanding Local SPAN, RSPAN, and ERSPAN
Chapter60 Configuring Local SPAN, RSPAN, and ERSPAN
Understanding Local SPAN, RSPAN, and ERSPAN
Monitored Traffic Direction
You can configure local SPAN sessions, RSPAN source sessions, and ERSPAN source sessions to
monitor the following traffic:
?Ingress traffic
–Called ingress SPAN.
–Copies traffic received by the sources (ingress traffic).
–Ingress traffic is sent to the supervisor engine SPAN ASIC to be copied.
?Egress traffic
–Called egress SPAN.
–Copies traffic transmitted from the sources (egress traffic).
–Distributed egress SPAN mode—With Release12.2(33)SXH and later releases, on some
fabric-enabled switching modules, egress traffic can be copied locally by the switching module
SPAN ASIC and then sent to the SPAN destinations. See the “Distributed Egress SPAN Mode
Guidelines and Restrictions” section on page60-13 for information about switching modules
that support distributed egress SPAN mode.
–Centralized egress SPAN mode—On all other switching modules, egress traffic is sent to the
supervisor engine SPAN ASIC to be copied and is then sent to the SPAN destinations.
?Both
–Copies both the received traffic and the transmitted traffic (ingress and egress traffic).
–Both ingress traffic and egress traffic is sent to the supervisor engine SPAN ASIC to be copied. Monitored Traffic Type
By default, local SPAN and ERSPAN monitor all traffic, including multicast and bridge protocol data
unit (BPDU) frames. RSPAN does not support BPDU monitoring.
Duplicate Traffic
In some configurations, SPAN sends multiple copies of the same source traffic to the destination. For
example, in a configuration with a bidirectional SPAN session (both ingress and egress) for two SPAN
sources, called s1 and s2, to a SPAN destination, called d1, if a packet enters the switch through s1 and
is sent for egress from the switch to s2, ingress SPAN at s1 sends a copy of the packet to SPAN
destination d1 and egress SPAN at s2 sends a copy of the packet to SPAN destination d1. If the packet
was Layer2 switched from s1 to s2, both SPAN packets would be the same. If the packet was Layer3
switched from s1 to s2, the Layer3 rewrite would alter the source and destination Layer2 addresses, in
which case the SPAN packets would be different.
Local SPAN, RSPAN, and ERSPAN Sources
These sections describe local SPAN, RSPAN, and ERSPAN sources:
?Source CPUs, page60-6
?Source Ports and EtherChannels, page60-6
?Source VLANs, page60-6
Chapter60 Configuring Local SPAN, RSPAN, and ERSPAN Understanding Local SPAN, RSPAN, and ERSPAN
Source CPUs
A source CPU is a CPU monitored for traffic analysis. With Release12.2(33)SXH and later releases,
you can configure both the SP CPU and the RP CPU as SPAN sources. These are examples of what you
can do with the data generated by CPU monitoring:
?Develop baseline information about CPU traffic.
?Develop information to use when creating control plane policing (CoPP) policies.
?Troubleshoot CPU-related issues (for example, high CPU utilization).
Note?CPU SPAN monitors CPU traffic from the perspective of the ASICs that send and receive the CPU traffic, rather than from onboard the CPUs themselves.
?Traffic to and from the CPU is tagged with VLAN IDs. You can configure source VLAN filtering of the CPU traffic.
Source Ports and EtherChannels
A source port or EtherChannel is a port or EtherChannel monitored for traffic analysis. You can
configure both Layer2 and Layer3 ports and EtherChannels as SPAN sources. SPAN can monitor one
or more source ports or EtherChannels in a single SPAN session. You can configure ports or
EtherChannels in any VLAN as SPAN sources. Trunk ports or EtherChannels can be configured as
sources and mixed with nontrunk sources.
Note SPAN does not copy the encapsulation from trunk sources. You can configure SPAN destinations as trunks to tag the monitored traffic before it is transmitted for analysis.
Source VLANs
A source VLAN is a VLAN monitored for traffic analysis. VLAN-based SPAN (VSPAN) uses a VLAN
as the SPAN source. All the ports and EtherChannels in the source VLANs become sources of SPAN
traffic.
Note Layer 3 VLAN interfaces on source VLANs are not sources of SPAN traffic. Traffic that enters a VLAN through a Layer 3 VLAN interface is monitored when it is transmitted from the switch through an egress
port or EtherChannel that is in the source VLAN.
Chapter60 Configuring Local SPAN, RSPAN, and ERSPAN
Local SPAN, RSPAN, and ERSPAN Configuration Guidelines and Restrictions
Local SPAN, RSPAN, and ERSPAN Destinations
A SPAN destination is a Layer2 or Layer3 port or, with Release12.2(33)SXH and later releases, an
EtherChannel, to which local SPAN, RSPAN, or ERSPAN sends traffic for analysis. When you configure
a port or EtherChannel as a SPAN destination, it is dedicated for use only by the SPAN feature.
Destination EtherChannels do not support the Port Aggregation Control Protocol (PAgP) or Link
Aggregation Control Protocol (LACP) EtherChannel protocols; only the on mode is supported, with all
EtherChannel protocol support disabled.
There is no requirement that the member links of a destination EtherChannel be connected to a device
that supports EtherChannels. For example, you can connect the member links to separate network
analyzers. See Chapter17, “Configuring EtherChannels,” for more information about EtherChannel.
Destinations, by default, cannot receive any traffic. With Release12.2(33)SXH and later releases, you
can configure Layer2 destinations to receive traffic from any attached devices.
Destinations, by default, do not transmit anything except SPAN traffic. Layer2 destinations that you
have configured to receive traffic can be configured to learn the Layer2 address of any devices attached
to the destination and transmit traffic that is addressed to the devices.
You can configure trunks as destinations, which allows trunk destinations to transmit encapsulated
traffic. You can use allowed VLAN lists to configure destination trunk VLAN filtering.
Local SPAN, RSPAN, and ERSPAN Configuration Guidelines and Restrictions
These sections describe local SPAN, RSPAN, and ERSPAN configuration guidelines and restrictions:
?General Guidelines and Restrictions, page60-8
?Feature Incompatibilities, page60-8
?Local SPAN, RSPAN, and ERSPAN Session Limits, page60-9
?Local SPAN, RSPAN, and ERSPAN Interface Limits, page60-10
?Local SPAN, RSPAN, and ERSPAN Guidelines and Restrictions, page60-10
?VSPAN Guidelines and Restrictions, page60-11
?RSPAN Guidelines and Restrictions, page60-12
?ERSPAN Guidelines and Restrictions, page60-12
?Distributed Egress SPAN Mode Guidelines and Restrictions, page60-13
Chapter60 Configuring Local SPAN, RSPAN, and ERSPAN Local SPAN, RSPAN, and ERSPAN Configuration Guidelines and Restrictions
General Guidelines and Restrictions
Use SPAN for troubleshooting. Except in carefully planned topologies, SPAN consumes too many
switch and network resources to enable permanently.
Exercise all possible care when enabling and configuring SPAN. The traffic copied by SPAN can impose
a significant load on the switch and the network.
To minimize the load, configure SPAN to copy only the specific traffic that you want to analyze. Select
sources that carry as little unwanted traffic as possible. For example, a port as a SPAN source might carry
less unwanted traffic than a VLAN.
Note To monitor traffic that can be matched with an ACL, consider using V ACL capture.
Before enabling SPAN, carefully evaluate the SPAN source traffic rates, and consider the performance
implications and possible oversubscription points, which include these:
?SPAN destination
?Fabric channel
?Rewrite/replication engine
?Forwarding engine (PFC/DFC)
To avoid disrupting traffic, do not oversubscribe any of these points in your SPAN topology. Some
oversubscription and performance considerations are:
?SPAN doubles traffic internally
?SPAN adds to the traffic being processed by the switch fabric
?SPAN doubles forwarding engine load
?The supervisor engine handles the entire load imposed by egress SPAN (also called transmit SPAN).
Note Egress SPAN should only be enabled for short periods of time during active troubleshooting.
Release 12.2(33)SXH and later releases support distributed egress SPAN, which reduces the
load on the supervisor engine.
?The ingress modules handle the load imposed by ingress SPAN sources (also called receive SPAN) on each module. Ingress SPAN adds to rewrite/replication engine load.
Feature Incompatibilities
These feature incompatibilities exist with local SPAN, RSPAN, and ERSPAN:
?Egress SPAN is not supported in egress multicast mode. (CSCsa95965)
?Unknown unicast flood blocking (UUFB) ports cannot be RSPAN or local SPAN egress-only
destinations. (CSCsj27695)
?Except in PFC3C mode or PFC3CXL mode, Ethernet over MultiProtocol Label Switching
(EoMPLS) ports cannot be SPAN sources. (CSCed51245)
Chapter60 Configuring Local SPAN, RSPAN, and ERSPAN
Local SPAN, RSPAN, and ERSPAN Configuration Guidelines and Restrictions
? A port-channel interface (an EtherChannel) can be a SPAN source, but you cannot configure active member ports of an EtherChannel as SPAN source ports. Inactive member ports of an EtherChannel
can be configured as SPAN sources but they are put into the suspended state and carry no traffic.
?These features are incompatible with SPAN destinations:
–Private VLANs
–IEEE 802.1X port-based authentication
–Port security
–Spanning Tree Protocol (STP) and related features (PortFast, PortFast BPDU filtering, BPDU Guard, UplinkFast, BackboneFast, EtherChannel Guard, Root Guard, Loop Guard)
–VLAN trunk protocol (VTP)
–Dynamic trunking protocol (DTP)
–IEEE 802.1Q tunneling
Note SPAN destinations can participate in IEEE 802.3Z flow control.
Note IP multicast switching using egress packet replication is not compatible with SPAN. In some cases, egress replication can result in multicast packets not being sent to the SPAN destination port. If you are
using SPAN and your switching modules are capable of egress replication, enter the mls ip multicast
replication-mode ingress command to force ingress replication.
Local SPAN, RSPAN, and ERSPAN Session Limits
With Release12.2(33)SXH and later releases, these are the PFC3 local SPAN, RSPAN, and ERSPAN
session limits:
Total Sessions
Local and Source Sessions Destination Sessions
Local SPAN,
RSPAN Source,
ERSPAN Source
Ingress or Egress or Both Local SPAN Egress-Only RSPAN ERSPAN
80 2 14 6423
Chapter 60 Configuring Local SPAN, RSPAN, and ERSPAN
Local SPAN, RSPAN, and ERSPAN Configuration Guidelines and Restrictions
Local SPAN, RSPAN, and ERSPAN Interface Limits
With Release 12.2(33)SXH and later releases, these are the PFC3 local SPAN, RSPAN, and ERSPAN source and destination interface limits:
Local SPAN, RSPAN, and ERSPAN Guidelines and Restrictions
These guidelines and restrictions apply to local SPAN, RSPAN, and ERSPAN:
?
A SPAN destination that is copying traffic from a single egress SPAN source port sends only egress
traffic to the network analyzer. If you configure more than one egress SPAN source port, the traffic that is sent to the network analyzer also includes these types of ingress traffic that were received from the egress SPAN source ports:
–Any unicast traffic that is flooded on the VLAN –Broadcast and multicast traffic
This situation occurs because an egress SPAN source port receives these types of traffic from the VLAN but then recognizes itself as the source of the traffic and drops it instead of sending it back to the source from which it was received. Before the traffic is dropped, SPAN copies the traffic and sends it to the SPAN destination. (CSCds22021)
?Entering additional monitor session commands does not clear previously configured SPAN
parameters. You must enter the no monitor session command to clear configured SPAN parameters. ?Connect a network analyzer to the SPAN destinations.
?Within a SPAN session, all of the SPAN destinations receive all of the traffic from all of the SPAN sources, except when source-VLAN filtering is configured on the SPAN source.
?You can configure destination trunk VLAN filtering to select which traffic is transmitted from the SPAN destination.
?
You can configure both Layer 2 LAN ports (LAN ports configured with the switchport command) and Layer 3 LAN ports (LAN ports not configured with the switchport command) as sources or destinations.
?You cannot mix individual source ports and source VLANs within a single session.?If you specify multiple ingress source ports, the ports can belong to different VLANs.
?
Within a session, you cannot configure both VLANs as SPAN sources and do source VLAN
filtering. You can configure VLANs as SPAN sources or you can do source VLAN filtering of traffic from source ports and EtherChannels, but not both in the same session.?
You cannot configure source VLAN filtering for internal VLANs.
In Each Local SPAN Session
In Each RSPAN Source Session In Each ERSPAN Source Session In Each RSPAN
Destination Session In Each ERSPAN Destination Session Egress or “both” sources 128128128——Ingress sources
128128128—
—
RSPAN and ERSPAN destination session sources ——
—
1 RSPAN VL AN 1 IP address Destinations per session
64
1 RSPAN VLAN 1 IP address
64
64
Chapter60 Configuring Local SPAN, RSPAN, and ERSPAN
Local SPAN, RSPAN, and ERSPAN Configuration Guidelines and Restrictions
?When enabled, local SPAN, RSPAN, and ERSPAN use any previously entered configuration.
?When you specify sources and do not specify a traffic direction (ingress, egress, or both), “both” is used by default.
?SPAN copies Layer2 Ethernet frames, but SPAN does not copy source trunk port ISL or 802.1Q tags. You can configure destinations as trunks to send locally tagged traffic to the traffic analyzer.
Note A destination configured as a trunk tags traffic from a Layer 3 LAN source with the internal
VLAN used by the Layer 3 LAN source.
?Local SPAN sessions, RSPAN source sessions, and ERSPAN source sessions do not copy locally sourced RSPAN VLAN traffic from source trunk ports that carry RSPAN VLANs.
?Local SPAN sessions, RSPAN source sessions, and ERSPAN source sessions do not copy locally sourced ERSPAN GRE-encapsulated traffic from source ports.
?With Release 12.2(33)SXH and later, SPAN sessions can share destinations.
?SPAN destinations cannot be SPAN sources.
?Destinations never participate in any spanning tree instance. Local SPAN includes BPDUs in the monitored traffic, so any BPDUs seen on the destination are from the source. RSPAN does not
support BPDU monitoring.
?All packets forwarded through the switch for transmission from a port that is configured as an egress SPAN source are copied to the SPAN destination, including packets that do not exit the switch
through the egress port because STP has put the egress port into the blocking state, or on an egress
trunk port because STP has put the VLAN into the blocking state on the trunk port.
VSPAN Guidelines and Restrictions
Note Local SPAN, RSPAN, and ERSPAN all support VSPAN.
These are VSPAN guidelines and restrictions:
?VSPAN sessions do not support source VLAN filtering.
?For VSPAN sessions with both ingress and egress configured, two packets are forwarded from the destination to the analyzer if the packets get switched on the same VLAN (one as ingress traffic from
the ingress port and one as egress traffic from the egress port).
?VSPAN only monitors traffic that leaves or enters Layer2 ports in the VLAN.
–If you configure a VLAN as an ingress source and traffic gets routed into the monitored VLAN, the routed traffic is not monitored because it never appears as ingress traffic entering a Layer2
port in the VLAN.
–If you configure a VLAN as an egress source and traffic gets routed out of the monitored VLAN, the routed traffic is not monitored because it never appears as egress traffic leaving a Layer2
port in the VLAN.
Chapter60 Configuring Local SPAN, RSPAN, and ERSPAN Local SPAN, RSPAN, and ERSPAN Configuration Guidelines and Restrictions
RSPAN Guidelines and Restrictions
These are RSPAN guidelines and restrictions:
?All participating switches must be connected by Layer2 trunks.
?Any network device that supports RSPAN VLANs can be an RSPAN intermediate device.
?Networks impose no limit on the number of RSPAN VLANs that the networks carry.
?Intermediate network devices might impose limits on the number of RSPAN VLANs that they can support.
?You must configure the RSPAN VLANs in all source, intermediate, and destination network devices.
If enabled, the VLAN Trunking Protocol (VTP) can propagate configuration of VLANs numbered
1through1024 as RSPAN VLANs. You must manually configure VLANs numbered higher than
1024 as RSPAN VLANs on all source, intermediate, and destination network devices.
?If you enable VTP and VTP pruning, RSPAN traffic is pruned in the trunks to prevent the unwanted flooding of RSPAN traffic across the network.
?RSPAN VLANs can be used only for RSPAN traffic.
?Do not configure a VLAN used to carry management traffic as an RSPAN VLAN.
?Do not assign access ports to RSPAN VLANs. RSPAN puts access ports in an RSPAN VLAN into the suspended state.
?Do not configure any ports in an RSPAN VLAN except trunk ports selected to carry RSPAN traffic.
?MAC address learning is disabled in the RSPAN VLAN.
?You can use output access control lists (ACLs) on the RSPAN VLAN in the RSPAN source switch to filter the traffic sent to an RSPAN destination.
?RSPAN does not support BPDU monitoring.
?Do not configure RSPAN VLANs as sources in VSPAN sessions.
?You can configure any VLAN as an RSPAN VLAN as long as all participating network devices support configuration of RSPAN VLANs and you use the same RSPAN VLAN for each RSPAN
session in all participating network devices.
ERSPAN Guidelines and Restrictions
These are ERSPAN guidelines and restrictions:
? A WS-SUP720 (a Supervisor Engine 720 manufactured with a PFC3A) can only support ERSPAN if it has hardware version 3.2 or higher. Enter the show module version | include
WS-SUP720-BASE command to display the hardware version. For example:
Router# show module version | include WS-SUP720-BASE
7 2 WS-SUP720-BASE SAD075301SZ Hw :3.2
?For ERSPAN packets, the “protocol type” field value in the GRE header is 0x88BE.
?The payload of a Layer3 ERSPAN packet is a copied Layer2 Ethernet frame, excluding any ISL or 802.1Q tags.
?ERSPAN adds a 50-byte header to each copied Layer2 Ethernet frame and replaces the 4-byte cyclic redundancy check (CRC) trailer.
Chapter60 Configuring Local SPAN, RSPAN, and ERSPAN
Local SPAN, RSPAN, and ERSPAN Configuration Guidelines and Restrictions ?ERSPAN supports jumbo frames that contain Layer 3 packets of up to 9,202 bytes. If the length of the copied Layer2 Ethernet frame is greater than 9,170 (9,152-byte Layer3 packet), ERSPAN
truncates the copied Layer2 Ethernet frame to create a 9,202-byte ERSPAN Layer3 packet.
?Regardless of any configured MTU size, ERSPAN creates Layer3 packets that can be as long as 9,202 bytes. ERSPAN traffic might be dropped by any interface in the network that enforces an MTU
size smaller than 9,202 bytes.
?With the default MTU size (1,500 bytes), if the length of the copied Layer2 Ethernet frame is greater than 1,468 bytes (1,450-byte Layer3 packet), the ERSPAN traffic is dropped by any
interface in the network that enforces the 1,500-byte MTU size.
Note The mtu interface command and the system jumbomtu command (see the “Configuring
Jumbo Frame Support” section on page9-10) set the maximum Layer3 packet size (default
is 1,500 bytes, maximum is 9,216 bytes).
?All participating switches must be connected at Layer3 and the network path must support the size of the ERSPAN traffic.
?ERSPAN does not support packet fragmentation. The “do not fragment” bit is set in the IP header of ERSPAN packets. ERSPAN destination sessions cannot reassemble fragmented ERSPAN
packets.
?ERSPAN traffic is subject to the traffic load conditions of the network. You can set the ERSPAN packet IP precedence or DSCP value to prioritize ERSPAN traffic for QoS.
?The only supported destination for ERSPAN traffic is an ERSPAN destination session on a PFC3.
?All ERSPAN source sessions on a switch must use the same origin IP address, configured with the origin ip address command (see the “Configuring ERSPAN Source Sessions” section on
page60-29).
?All ERSPAN destination sessions on a switch must use the same IP address on the same destination interface. You enter the destination interface IP address with the ip address command (see the
“Configuring ERSPAN Destination Sessions” section on page60-31).
?The ERSPAN source session’s destination IP address, which must be configured on an interface on the destination switch, is the source of traffic that an ERSPAN destination session sends to the
destinations. You configure the same address in both the source and destination sessions with the ip
address command.
?The ERSPAN ID differentiates the ERSPAN traffic arriving at the same destination IP address from various different ERSPAN source sessions.
Distributed Egress SPAN Mode Guidelines and Restrictions
These are distributed egress SPAN mode guidelines and restrictions:
?These switching modules disable distributed egress SPAN mode:
–WS-X6502-10GE
–WS-X6816-GBIC
–WS-X6516-GBIC
–WS-X6516-GE-TX
–WS-X6524-100FX-MM
Chapter60 Configuring Local SPAN, RSPAN, and ERSPAN Configuring Local SPAN, RSPAN, and ERSPAN
–WS-X6548-RJ-45
–WS-X6548-RJ-21
With any of these switching modules installed, the egress SPAN mode is centralized.
Enter the show monitor session egress replication-mode | include Operational|slot command to
display any switching modules that disable distributed egress SPAN mode. If there are no modules
installed that disable distributed egress SPAN mode, the command displays only the egress SPAN
operational mode.
?Some switching modules have ASICs that do not support distributed egress SPAN mode for
ERSPAN sources.
Enter the show monitor session egress replication-mode | include
Distributed.*Distributed.*Centralized command to display the slot number of any switching
modules that do not support distributed egress SPAN mode for ERSPAN sources.
Enter the show asic-version slot slot_number command to display the versions of the ASICs on the
switching module in the slot where distributed egress SPAN mode is not supported for ERSPAN
sources.
Hyperion ASIC revision levels 5.0 and higher and all versions of the Metropolis ASIC support
distributed egress SPAN mode for ERSPAN sources. Switching modules with Hyperion ASIC
revision levels lower than 5.0 do not support distributed egress SPAN mode for ERSPAN sources.
Configuring Local SPAN, RSPAN, and ERSPAN
These sections describe how to configure local SPAN, RSPAN, and ERSPAN:
?Local SPAN, RSPAN, and ERSPAN Default Configuration, page60-14
?Configuring a Destination as an Unconditional Trunk (Optional), page60-15
?Configuring Destination Trunk VLAN Filtering (Optional), page60-16
?Configuring Destination Port Permit Lists (Optional), page60-17
?Configuring the Egress SPAN Mode (Optional), page60-18
?Configuring Local SPAN, page60-19
?Configuring RSPAN, page60-23
?Configuring ERSPAN, page60-29
?Configuring Source VLAN Filtering in Global Configuration Mode, page60-33
?Verifying the Configuration, page60-34
?Configuration Examples, page60-34
Local SPAN, RSPAN, and ERSPAN Default Configuration
This section describes the local SPAN, RSPAN, and ERSPAN default configuration:
Feature Default
Value Local SPAN Disabled
RSPAN Disabled
Chapter 60 Configuring Local SPAN, RSPAN, and ERSPAN
Configuring Local SPAN, RSPAN, and ERSPAN
Configuring a Destination as an Unconditional Trunk (Optional)
To tag the monitored traffic as it leaves a destination, configure the destination as a trunk before you configure it as a destination.
To configure the destination as a trunk, perform this task:
This example shows how to configure a port as an unconditional IEEE 802.1Q trunk:
Router(config)# interface fastethernet 5/12 Router(config-if)# switchport
Router(config-if)# switchport trunk encapsulation dot1q Router(config-if)# switchport mode trunk
Note
Releases earlier than Release 12.2(33)SXH required you to enter the switchport nonegotiate command when you configured a destination port as an unconditional trunk. This requirement has been removed in Release 12.2(33)SXH and later releases.
ERSPAN
Disabled
Default operating mode for egress SPAN sessions:
Releases earlier than Release 12.2(33)SXH:Centralized Release 12.2(33)SXH:Distributed Release 12.2(33)SXH1:Distributed Release 12.2(33)SXH2:Distributed Release 12.2(33)SXH2a:
Centralized Feature Default Value Command
Purpose
Step 1Router# configure terminal
Enters global configuration mode.Step 2Router(config)# interface {type 1slot/port | port-channel number }
1.
type = fastethernet , gigabitethernet , or tengigabitethernet
Selects the interface to configure.
Step 3
Router(config-if)# switchport
Configures the interface for Layer 2 switching (required only if the interface is not already configured for Layer 2 switching).
Step 4Router(config-if)# switchport trunk encapsulation {isl | dot1q }
Configures the encapsulation, which configures the interface as either an ISL or 802.1Q trunk.Step 5
Router(config-if)# switchport mode trunk Configures the interface to trunk unconditionally.
Chapter 60 Configuring Local SPAN, RSPAN, and ERSPAN
Configuring Local SPAN, RSPAN, and ERSPAN
Configuring Destination Trunk VLAN Filtering (Optional)
Note
?In addition to filtering VLANs on a trunk, you can also apply the allowed VLAN list to access ports.?
Destination trunk VLAN filtering is applied at the destination. Destination trunk VLAN filtering does not reduce the amount of traffic being sent from the SPAN sources to the SPAN destinations.
When a destination is a trunk, you can use the list of VLANs allowed on the trunk to filter the traffic transmitted from the destination. (CSCeb01318)
Destination trunk VLAN filtering removes the restriction that, within a SPAN session, all destinations receive all the traffic from all the sources. Destination trunk VLAN filtering allows you to select, on a per-VLAN basis, the traffic that is transmitted from each destination trunk to the network analyzer.To configure destination trunk VLAN filtering on a destination trunk, perform this task:
When configuring the list of VLANs allowed on a destination trunk port, note the following information:
?
The vlan parameter is either a single VLAN number from 1 through 4094, or a range of VLANs described by two VLAN numbers, the lesser one first, separated by a dash. Do not enter any spaces between comma-separated vlan parameters or in dash-specified ranges.?All VLANs are allowed by default.
?To remove all VLANs from the allowed list, enter the switchport trunk allowed vlan none command.
?To add VLANs to the allowed list, enter the switchport trunk allowed vlan add command.?
You can modify the allowed VLAN list without removing the SPAN configuration.
This example shows the configuration of a local SPAN session that has several VLANs as sources and several trunk ports as destinations, with destination trunk VLAN filtering that filters the SPAN traffic so that each destination trunk port transmits the traffic from one VLAN:
interface GigabitEthernet1/1
description SPAN destination interface for VLAN 10no ip address switchport
switchport trunk encapsulation dot1q switchport trunk allowed vlan 10switchport mode trunk switchport nonegotiate !
interface GigabitEthernet1/2
description SPAN destination interface for VLAN 11no ip address switchport
Command
Purpose
Step 1Router# configure terminal
Enters global configuration mode.
Step 2Router(config)# interface type 1slot/port
1.
type = fastethernet , gigabitethernet , or tengigabitethernet
Selects the destination trunk port to configure.Step 3
Router(config-if)# switchport trunk allowed vlan {add | except | none | remove } vlan [,vlan [,vlan [,...]] Configures the list of VLANs allowed on the trunk.
Chapter 60 Configuring Local SPAN, RSPAN, and ERSPAN
Configuring Local SPAN, RSPAN, and ERSPAN
switchport trunk encapsulation dot1q switchport trunk allowed vlan 11switchport mode trunk switchport nonegotiate !
interface GigabitEthernet1/3
description SPAN destination interface for VLAN 12no ip address switchport
switchport trunk encapsulation dot1q switchport trunk allowed vlan 12switchport mode trunk switchport nonegotiate !
interface GigabitEthernet1/4
description SPAN destination interface for VLAN 13no ip address switchport
switchport trunk encapsulation dot1q switchport trunk allowed vlan 13switchport mode trunk switchport nonegotiate !
monitor session 1 source vlan 10 - 13
monitor session 1 destination interface Gi1/1 – 4
Configuring Destination Port Permit Lists (Optional)
To prevent accidental configuration of ports as destinations, you can create a permit list of the ports that are valid for use as destinations. With a destination port permit list configured, you can only configure the ports in the permit list as destinations.
To configure a destination port permit list, perform this task:
This example shows how to configure a destination port permit list that includes Gigabit Ethernet ports 5/1 through 5/4 and 6/1:
Router# configure terminal
Router(config)# monitor permit-list
Router(config)# monitor permit-list destination interface gigabitethernet 5/1-4, gigabitethernet 6/1
This example shows how to verify the configuration:
Router(config)# do show monitor permit-list SPAN Permit-list :Admin Enabled Permit-list ports :Gi5/1-4,Gi6/1
Command
Purpose
Step 1Router# configure terminal
Enters global configuration mode.
Step 2Router(config)# monitor permit-list
Enables use of the destination port permit list.Step 3
Router(config)# monitor permit-list destination interface type 1 slot/port [-port ] [,type 1 slot/port -port ]
1.type = fastethernet , gigabitethernet , or tengigabitethernet
Configures a destination port permit list or adds to an existing destination port permit list.Step 4
Router(config)# do show monitor permit-list
Verifies the configuration.
Chapter 60 Configuring Local SPAN, RSPAN, and ERSPAN
Configuring Local SPAN, RSPAN, and ERSPAN
Configuring the Egress SPAN Mode (Optional)
With Release 12.2(33)SXH, Release 12.2(33)SXH1, and Release 12.2(33)SXH2, distributed egress SPAN mode is the default if there are no switching modules installed that disable it. With Release 12.2(33)SXH2a and later releases, centralized egress SPAN mode is the default.See the “Distributed Egress SPAN Mode Guidelines and Restrictions” section on page 60-13 for information about switching modules that support distributed egress SPAN mode.
With Release 12.2(33)SXH2a and later releases, to configure the egress SPAN mode, perform this task:
This example shows how to enable distributed egress SPAN mode:
Router# configure terminal
Router(config)# monitor session egress replication-mode distributed Router(config)# end
With Release 12.2(33)SXH, Release 12.2(33)SXH1, and Release 12.2(33)SXH2, to configure the egress SPAN mode, perform this task:
This example shows how to disable distributed egress SPAN mode:
Router# configure terminal
Router(config)# monitor session egress replication-mode centralized Router(config)# end
This example shows how to display the configured egress SPAN mode:
Router# show monitor session egress replication-mode | include Configured Configured mode : Centralized
Command
Purpose
Step 1Router# configure terminal
Enters global configuration mode.Step 2
Router(config)# monitor session egress replication-mode distributed
Enables distributed egress SPAN mode.
Note
Enter the no monitor session egress
replication-mode distributed command to enable centralized egress SPAN mode.
Step 3Router(config)# end
Exits configuration mode.
Command
Purpose
Step 1Router# configure terminal
Enters global configuration mode.Step 2
Router(config)# monitor session egress replication-mode centralized
Enables centralized egress SPAN mode.
Note
Enter the no monitor session egress
replication-mode centralized command to enable distributed egress SPAN mode.
Step 3Router(config)# end
Exits configuration mode.
Chapter 60 Configuring Local SPAN, RSPAN, and ERSPAN
Configuring Local SPAN, RSPAN, and ERSPAN
Configuring Local SPAN
These sections describe how to configure local SPAN sessions:
?Configuring Local SPAN (SPAN Configuration Mode), page 60-19?
Configuring Local SPAN (Global Configuration Mode), page 60-21
Configuring Local SPAN (SPAN Configuration Mode)
Note
To tag the monitored traffic as it leaves a destination, you must configure the destination to trunk unconditionally before you configure it as a destination (see the “Configuring a Destination as an Unconditional Trunk (Optional)” section on page 60-15).
To configure a local SPAN session in SPAN configuration mode, perform this task:
Command
Purpose
Step 1Router# configure terminal
Enters global configuration mode.
Step 2
Router(config)# monitor session
local_SPAN_session_number type [local | local-tx ]
Configures a local SPAN session number and enters local SPAN session configuration mode.
Note ?Enter the local keyword to configure ingress or egress or both SPAN sessions. ?
Enter the local-tx keyword to configure egress-only SPAN sessions.
Step 3Router(config-mon-local)# description session_description
(Optional) Describes the local SPAN session.Step 4
Router(config-mon-local)# source {{cpu {rp |sp }}| single_interface | interface_list | interface_range | mixed_interface_list | single_vlan | vlan_list | vlan_range | mixed_vlan_list } [rx | tx | both ]
Associates the local SPAN session number with the CPU, source ports, or VLANs, and selects the traffic direction to be monitored.
Note ?
When you enter the local-tx keyword, the rx and both keywords are not available and the tx keyword is required.
?
To make best use of the available SPAN sessions, it is always preferable to configure local-tx sessions instead of local sessions with the tx keyword.
Step 5
Router(config-mon-local)# filter single_vlan | vlan_list | vlan_range | mixed_vlan_list
(Optional) Configures source VLAN filtering when the local SPAN source is a trunk port.
Chapter 60 Configuring Local SPAN, RSPAN, and ERSPAN
Configuring Local SPAN, RSPAN, and ERSPAN
When configuring monitor sessions, note the following information:
?
session_description can be up to 240 characters and cannot contain special characters; with Release 12.2(33)SXH and later releases, the description can contain spaces.
Note
You can enter 240 characters after the description command.
?local_span_session_number can range from 1 to 80.?cpu rp is the route processor (RP).?cpu sp is the switch processor (SP).?
single_interface is as follows:
–interface type slot /port ; type is fastethernet , gigabitethernet , or tengigabitethernet .–interface port-channel number
Note
Destination port channel interfaces must be configured with the channel-group group_num mode on command and the no channel-protocol command. See the “Configuring EtherChannels” section on page 17-7.
?interface_list is single_interface , single_interface , single_interface ...
Note
In lists, you must enter a space before and after the comma. In ranges, you must enter a space before and after the dash.
?interface_range is interface type slot /first_port - last_port .
?mixed_interface_list is, in any order, single_interface , interface_range , ...?single_vlan is the ID number of a single VLAN.?vlan_list is single_vlan , single_vlan , single_vlan ...?vlan_range is first_vlan_ID - last_vlan_ID .
?mixed_vlan_list is, in any order, single_vlan , vlan_range , ...
?Enter the ingress keyword to configure destinations to receive traffic from attached devices. ?
Enter the learning keyword to enable MAC address learning from the destinations, which allows the switch to transmit traffic that is addressed to devices attached to the destinations.
When configuring destinations with the ingress and learning keywords, note the following:
Step 6
Router(config-mon-local)# destination
{single_interface | interface_list | interface_range | mixed_interface_list } [ingress [learning ]]Associates the local SPAN session number with the destinations.
Step 7
Router(config-mon-local)# no shutdown
Activates the local SPAN session.
Note
The no shutdown command and shutdown commands are not supported for local-tx egress-only SPAN sessions.
Step 8Router(config-mon-local)# end
Exits configuration mode.
Command
Purpose
- HTML字体属性
- 如何设置css3中placeholder字体颜色
- html中如何设置字体
- HTML中设置各种字体格式的语法
- 字体颜色代码完整
- Html网页字体颜色代码大全
- html中字体设置详细版
- CSS改变链接文字颜色
- html设表格字体大小
- Html5中的颜色和样式(代码)设置
- Html网页字体颜色代码大全
- Dreamweaver中改变HTML字体
- 详细讲解HTML网页设计中关于字体的设计
- CSS中设置字体颜色的方法
- HTML字体颜色代码表
- 2.2.18 CSS文本样式属性(三)文本颜色:color
- CSS颜色字体代码,颜色大全 css 字体颜色
- html字体颜色设置
- HTML代码和字体颜色使用方法
- html中li标签设置字体颜