CCIE RS – Written – L2 – Implement and Troubleshoot other LAN switch Technologies

Implement and Troubleshoot other LAN switch Technologies


SPAN

Analyze network traffic passing through a port or vlan and copy the traffic to another port on the switch

  • SPAN copies (mirrors) traffic received and/or sent on the source port/vlan to a destination port
  • Destination port is dedicated for SPAN use
    • Does not receive or forward traffic
  • SPAN sessions remains within one switch
    • All source ports or vlans and destination port

Restrictions

  • Sources can be ports or VLANs, but you cannot mix source ports and source VLANs in the same session.
  • The switch supports up to two local SPAN or RSPAN source sessions.
    • You can run both a local SPAN and an RSPAN source session in the same switch or switch stack. The switch or switch stack supports a total of 64 source and RSPAN destination sessions.
    • You can configure two separate SPAN or RSPAN source sessions with separate or overlapping sets of SPAN source ports and VLANs. Both switched and routed ports can be configured as SPAN sources and destinations.
  • You can have multiple destination ports in a SPAN session, but no more than 64 destination ports per switch stack.
  • SPAN sessions do not interfere with the normal operation of the switch. However, an oversubscribed SPAN destination, for example, a 10-Mb/s port monitoring a 100-Mb/s port, can result in dropped or lost packets.
  • When SPAN or RSPAN is enabled, each packet being monitored is sent twice, once as normal traffic and once as a monitored packet. Therefore monitoring a large number of ports or VLANs could potentially generate large amounts of network traffic.
  • You can configure SPAN sessions on disabled ports; however, a SPAN session does not become active unless you enable the destination port and at least one source port or VLAN for that session.
  • The switch does not support a combination of local SPAN and RSPAN in a single session.
    • An RSPAN source session cannot have a local destination port.
    • An RSPAN destination session cannot have a local source port.
    • An RSPAN destination session and an RSPAN source session that are using the same RSPAN VLAN cannot run on the same switch or switch stack.

 

  • Default is to send all packets untagged
  • Does not monitor BPDU, L2 protocols (CDP, VTP, DTP, STP, PAgP)
    • Can include by using – encapsulation replicate – on destination port

 

  • A source port has these characteristics:
    • It can be monitored in multiple SPAN sessions.
    • Each source port can be configured with a direction (ingress, egress, or both) to monitor.
    • It can be any port type (for example, EtherChannel, Gigabit Ethernet, and so forth).
    • For EtherChannel sources, you can monitor traffic for the entire EtherChannel or individually on a physical port as it participates in the port channel.
    • It can be an access port, trunk port, routed port, or voice VLAN port.
    • It cannot be a destination port.
    • Source ports can be in the same or different VLANs.
    • You can monitor multiple source ports in a single session.

 

  • VSPAN has these characteristics:
    • All active ports in the source VLAN are included as source ports and can be monitored in either or both directions.
    • On a given port, only traffic on the monitored VLAN is sent to the destination port.
    • If a destination port belongs to a source VLAN, it is excluded from the source list and is not monitored.
    • If ports are added to or removed from the source VLANs, the traffic on the source VLAN received by those ports is added to or removed from the sources being monitored.
    • You cannot use filter VLANs in the same session with VLAN sources.
    • You can monitor only Ethernet VLANs.

 

Port Based

Switch(config)# no monitor session 1
Switch(config)# monitor session 1 source interface gigabitethernet1/0/1
Switch(config)# monitor session 1 destination interface gigabitethernet1/0/2 encapsulation replicate
Switch(config)# end

 

VLAN Based

Switch(config)# no monitor session 2
Switch(config)# monitor session 2 source vlan 1 - 3 rx
Switch(config)# monitor session 2 destination interface gigabitethernet1/0/2
Switch(config)# monitor session 2 source vlan 10
Switch(config)# end

RSPAN

Analyze network traffic passing through a port or vlan and copy the traffic to another port on a remote switch

  • RSPAN supports source ports and vlans and destintion ports on different switches

Characteristics

  • All traffic in the RSPAN VLAN is always flooded.
  • No MAC address learning occurs on the RSPAN VLAN.
  • RSPAN VLAN traffic only flows on trunk ports.
  • RSPAN VLANs must be configured in VLAN configuration mode by using the remote-spanVLAN configuration mode command.
  • STP can run on RSPAN VLAN trunks but not on SPAN destination ports.
  • An RSPAN VLAN cannot be a private-VLAN primary or secondary VLAN.

 

Configuration

Switch(config)# vlan 901
Switch(config-vlan)# remote span
Switch(config-vlan)# end

Switch(config)# no monitor session 1
Switch(config)# monitor session 1 source interface gigabitethernet1/0/1 tx
Switch(config)# monitor session 1 source interface gigabitethernet1/0/2 rx
Switch(config)# monitor session 1 source interface port-channel 2
Switch(config)# monitor session 1 destination remote vlan 901
Switch(config)# end
Switch(config)# monitor session 1 source remote vlan 901
Switch(config)# monitor session 1 destination interface gigabitethernet0/1
Switch(config)# end

ERSPAN

Encapsulated Remote SPAN

  • Max number of available ports in each session is 128
  • Provides remote monitoring of multiple router across a network

Source Session Parameters

  • Session ID
  • List of ports or vlans to monitor
  • Destination and origin IP addresses which are used as the destination and source IP address of the GRE envelope for the capture traffic
  • ERSPAN flow ID
  • Optional attributes
    • TOS, TTL

Destination Session Parameters

  • Session ID
  • Desination Ports
  • Source IP address which is the same as the desination IP of the corresponding source session
  • ERSPAN flow ID

Configuring an ERSPAN Source Session

The ERSPAN source session defines the session configuration parameters and the ports or VLANs to be monitored.

SUMMARY STEPS

  1. enable
  2. configure terminal 
  3. interface interface-type interface-number 
  4. plim ethernet vlan filter disable 
  5. monitor session span-session-number type erspan-source 
  6. description string 
  7. [no] header-type 3 
  8. source interface interface-name interface-number 
  9. source vlan {id-single | id-list | id-range | id-mixed} [rx | tx | both] 
  10. filter vlan {id-single | id-list | id-range | id-mixed} 
  11. destination 
  12. erspan-id erspan-flow-id 
  13. ip address ip-address 
  14. ip prec prec-value 
  15. ip dscp dscp-value 
  16. ip ttl ttl-value 
  17. mtu mtu-size
  18. origin ip address ip-address [force] 
  19. vrf vrf-id 
  20. no shutdown
  21. end 

Configuring an ERSPAN Destination Session

Perform this task to configure an Encapsulated Remote Switched Port Analyzer (ERSPAN) destination session. The ERSPAN destination session defines the session configuration parameters and the ports that will receive the monitored traffic.

SUMMARY STEPS

  1. enable 
  2. configure terminal 
  3. monitor session session-number type erspan-destination
  4. description string 
  5. destination interface {gigabitethernet | port-channel} [interface-number] 
  6. source 
  7. erspan-id erspan-flow-id 
  8. ip address ip-address [force] 
  9. vrf vrf-id 
  10. no shutdown
  11. end 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.