Introduction to SPAN and RSPAN

 

SPAN feature is used in Layer 2 networks is a very good tool for troubleshooting real time traffic flows. This feature is sometimes also referred to as Port Mirroring or Port Monitoring.

Using SPAN feature traffic from a port can be duplicated to another port where a network analyzer is already connected to capture the packets for troubleshooting and analyzing the network utilization or performance.

There are basically three types of SPAN supported on Cisco Layer 2 switches as below:

Local SPAN: Traffic is duplicated from one port on a switch to other port on the same switch.

Remote SPAN (RSPAN):  RSPAN works by mirroring the traffic from the source ports of an RSPAN session onto a VLAN that is dedicated for the RSPAN session. This VLAN is then trunked to other switches, allowing the RSPAN session traffic to be transported across multiple switches. On the switch that contains the destination port for the session, traffic from the RSPAN session VLAN is simply mirrored out the destination port.

Encapsulated remote SPAN (ERSPAN): encapsulated Remote SPAN (ERSPAN), as the name says, brings generic routing encapsulation (GRE) for all captured traffic and allows it to be extended across Layer 3 domains.

ERSPAN is a Cisco proprietary feature and is available only to Catalyst 6500, 7600, Nexus, and ASR 1000 platforms to date. The ASR 1000 supports ERSPAN source (monitoring) only on Fast Ethernet, Gigabit Ethernet, and port-channel interfaces.

 a

Configuring Local SPAN:

Local SPAN get configured using the “monitor session” command.

Example:

SW# configure terminal

SW(config)# monitor session 1 source interface Gi1/0

SW(config)# monitor session 1 destination interface Gi2/0

SW(config)#end

Local SPAN configuration syntax on Cisco IOS release 12.2(33)SXH and beyond as shown below –

monitor session 1 type local

source int fa0/2

destination int fa0/24

 

Configuring Remote-Span:

1st RSPAN step is to configure special VLAN which can’t be assigned to any access port.

Configuring the Special VLAN:

SW1# configure terminal

SW1(config)# vlan 200

SW1(config-vlan)# remote-span

SW1(config-vlan)# end

SW1# show vlan remote-span

Remote SPAN VLANs

——————————————————————————

200

 

SW2# configure terminal

SW2(config)# vlan 200

SW2(config-vlan)# remote-span

SW2(config-vlan)# end

SW2# show vlan remote-span

Remote SPAN VLANs

——————————————————————————

200

 

Configuring RSPAN on source switch:

SW1# configure terminal

SW1(config)# monitor session 1 source interface gi1/0 rx

SW1(config)# monitor session 1 destination remote vlan 200 reflector-port gi1/1

SW1(config)# exit

Here we notice the source switch mirrors the packet from source port towards the reflector port Gi1/1.

The reflector port forwards only the traffic from the RSPAN source session with which it is affiliated. Any device that is connected to a port that is set as a reflector port loses connectivity until the RSPAN source session is disabled.

If the bandwidth of the reflector port cannot handle the traffic from the corresponding source ports, the excess packets are dropped

The reflector port cannot be an Ether Channel port. In addition, a reflector port does not trunk and cannot do protocol filtering. A port that is used as a reflector port cannot be a SPAN source or destination port, and it cannot be a reflector port for more than one session at a time. Spanning tree is automatically disabled on a reflector port; the port remains in the forwarding state even though the port is in loopback mode.

 

Configuring RSPAN on destination switch:

SW2# configure terminal

SW2(config)# monitor session 1 source remote vlan 200

SW2(config)# monitor session 1 destination interface gi2/0

SW2(config)# exit

While troubleshooting IPT issues in VOIP domain if a capture isn’t possible to be taken from a IP phone then SPAN is widely used to take the capture from the switch to which the IP phone is connected and all packets from the phones are mirrored to a port where a laptop is connected with a network analyzer to capture real time traffic.

For more information on the Source port, Destination Port and RSPAN VLAN characteristics please refer to link below:

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/10570-41.html




Please follow and like us:

Related Post

Comments

comments

Add a Comment