Filter
Top Products
43-2
Cisco ASR 901 Series Aggregation Services Router Software Configuration Guide
OL-23826-09
Chapter 43 Configuring Switched Port Analyzer
Understanding SPAN
• Ethernet loopback and Traffic generator are not supported when SPAN is enabled. For egress SPAN,
the traffic is mirrored before egress xlate translation.
• Egress SPAN is only supported for port and not supported for VLAN, EFP, or Port-Channel
interfaces.
• When you specify source interfaces and do not specify a traffic type [Transmit (Tx), Receive (Rx),
or Both], both type is used by default.
• Use the no monitor session session_number command with no other parameters to clear the SPAN
session number.
Understanding SPAN
The following sections describe SPAN:
• Overview, page 43-2
• SPAN Session, page 43-3
• Source Interface, page 43-3
• Destination Interface, page 43-4
• Traffic Types, page 43-4
• SPAN Traffic, page 43-4
Overview
Effective with Cisco IOS Release 15.4(1)S, the Cisco ASR 901 supports Local SPAN. Local SPAN
supports a SPAN session entirely within one switch. You can analyze network traffic passing through
ports or VLANs by using SPAN to send a copy of the traffic to another port on the switch that has been
connected to a network analyzer or other monitoring or security devices. SPAN copies (or mirrors) traffic
received or sent (or both) on source ports to a destination port for analysis. SPAN does not affect the
switching of network traffic on the source ports, VLANs, or EFPs. You must dedicate the destination
port for SPAN use. Except for traffic that is required for the SPAN session, destination ports do not
receive or forward traffic.
Only traffic that enters or leaves source ports or traffic that enters or leaves source VLANs or EFPs can
be monitored by using SPAN; traffic routed to a source VLAN cannot be monitored. For example, if
incoming traffic is being monitored, traffic that gets routed from another VLAN to the source VLAN
cannot be monitored; however, traffic that is received on the source VLAN and routed to another VLAN
can be monitored. You can use the SPAN destination port to inject traffic from a network security device.
In Figure 43-1, all traffic on Ethernet port 5 (the source port) is mirrored on Ethernet port 10. A network
analyzer on Ethernet port 10 receives all the network traffic from Ethernet port 5 without being
physically attached to Ethernet port 5.