Scenario:
Make: Cisco, Dell etc
Model: Dell 2000 Series, Dell N4000 Series, Dell N8000 Series, Cisco 2960, Cisco 3650, Cisco 3850, etc
Mode: CLI (Command Line Interface)
Description: In this article, we will discuss a stepwise method to configure Port Mirroring on the switches. Port Mirroring is also known as SPAN. Monitor Session will be used to configure the SPAN port. We will also discuss here the basic details of Monitor Session or SPAN.
Understanding SPAN
SPAN [Switch Port Analyzer] or Port mirroring are the ports which are generally used to analyse the traffic or scanning of the traffic for security purpose. The purpose of the SPAN port is to send a copy of packets of the source to another destined port. SPAN can be configured for all ports or for a particular VLAN or only for one port. Here in this article, we will discuss how to configure the SPAN port on a switch. This configuration example is valid for most of the Dell and Cisco switches for example. Dell 2000 Series, Dell N4000 Series, Dell N8000 Series, Cisco 2960, Cisco 3650, Cisco 3850 etc.
Before moving to the configuration let’s discuss the important terminology and details which will be used in the configuration.
- Ingress traffic is the traffic that enters the switch.
- Egress traffic is the traffic that leaves the switch.
- Source port is a port that is monitored with the use of the SPAN feature.
- Source VLAN is a VLAN whose traffic is monitored with the use of the SPAN feature.
- Destination port is a port that monitors source ports, usually where a network analyzer is connected.
- Reflector Port is a port that copies packets onto an RSPAN VLAN.
Configuration
Source Interface
Source port or interface is a port that is monitored with the use of the SPAN feature. Here we can select either rx or tx or both flow as source traffic.
edledge-switch#conf t
edledge-switch(config)#monitor session 1 source interface port-channel 1 both
Destination Interface
Destination interface or port is a port that monitors source ports, usually where a network analyzer is connected.
edledge-switch#conf t
edledge-switch(config)#monitor session 1 destination gigabitEthernet 4/0/29
Here we have selected the port-channel in the monitor session configuration as the source port and all the traffic of the port-channel will be copied to the interface gig4/0/29. The analyzer will be connected at port gig4/0/29.
Do not forget to go through other troubleshooting topics on Switches and Firewalls. There are few interesting and knowledgeable topics available on Switches [Dell, Cisco] & Firewalls [Cisco, Sonicwall].
Source: Cisco, Lab, Knowledge Base, Dell
EA00060