SPAN - Switch port analyser

 A Switched Port Analyzer (SPAN) port, also known as port mirroring, is a feature on network switches that allows a network administrator to monitor traffic on a specific port (or VLAN) by copying the traffic to another port on the switch.

Local SPAN

The number of sessions is switch-dependent, by default, traffic is included in both directions

monitor session 1 source interface gi0/2
monitor session 1 destination interface gi0/3

no monitor session 1

Remote SPAN (RSPAN)

The source and destination ports are on different switches, requiring a dedicated VLAN for the mirrored traffic. 
On low-end switches, an unused switch port is needed as a reflector port, the resources are used for remote span

vlan 901
    remote span

monitor session 1 source interface gi0/2
monitor session 1 destination remote vlan 901

monitor session 1 source remote vlan 901
monitor session 1 destination interface gi0/3

Encapsulated Remote SPAN (ERSPAN)

The mirrored traffic is encapsulated in an IP header, allowing it to be routed across Layer 3 networks. 
monitor session 1 type erspan-source
    source interface gi0/2
    destination
        erspan-id 100
        orgin ip address 10.10.1
        ip prec 5
        ip ttl 32
        mtu 1700
        ip address 10.10.0.1
        vrf 1
        no shutdown



Comments

Post a Comment