Filter
Top Products
20-2
Catalyst 2940 Switch Software Configuration Guide
78-15507-02
Chapter 20 Configuring SPAN
Understanding SPAN
Figure 20-1 Example SPAN Configuration
Only traffic that enters or leaves source ports can be monitored by using SPAN.
SPAN does not affect the switching of network traffic on source ports; a copy of the packets received or
sent by the source interfaces is sent to the destination interface. Except for traffic that is required for the
SPAN session, reflector ports and destination ports do not receive or forward traffic.
You can use the SPAN destination port to inject traffic from a network security device. For example, if
you connect a Cisco Intrusion Detection System (IDS) Sensor Appliance to a destination port, the IDS
device can send TCP Reset packets to close down the TCP session of a suspected attacker.
SPAN Concepts and Terminology
This section describes concepts and terminology associated with a SPAN configuration.
SPAN Session
A local SPAN session is an association of a destination port with source ports. You can monitor incoming
or outgoing traffic on a series or range of ports.
SPAN sessions do not interfere with the normal operation of the switch. However, an oversubscribed
SPAN destination, for example, a 10-Mbps port monitoring a 100-Mbps port, results in dropped or lost
packets.
You can configure SPAN sessions on disabled ports; however, a SPAN session does not become active
unless you enable the destination port and at least one source port for that session. The show monitor
session session_number privileged EXEC command displays the operational status of a SPAN session.
A SPAN session remains inactive after system power-on until the destination port is operational.
1 2 3 4 5 6 7 8
Port 4 traffic mirrored
on Port 8
3
2
1
4
5
7
8
6
Network analyzer
87833