Configurations of the 4000 series switches for device monitoring

Configure SPAN dialog SPAN Session)
Basic functions
You can set the SPAN dialog to monitor the data streams of the vswitch port or the entire VLAN. the monitored data streams can be analyzed and processed by the protocol analysis device.
Work Mode
A span dialog consists of a destination port and a group of source ports. It copies data packets from one or more source ports on one or more VLANs to the destination port. SPAN does not affect the normal operation of the source port or normal switch operations. You can configure multiple SPAN dialogs in the switching network. a span dialog can be activated only when the destination port is operable and the source port or any port in the source VLAN is active.
Configuration command
Configure the monitored port or VLAN as the source port, and set the port that receives the copied data packet as the destination port.
Set span {src_mod/src_ports | src_vlan} dest_mod/dest_port [rx | tx | both] [filter vlan] [inpkts {enable | disable}] [learning {enable | disable}] [create]
Configuration instructions
Src_mod/src_ports: source module/port number. They can exist in any VLAN, or one or more VLANs can be configured as the source port (src_vlans). In this case, all ports in the VLAN are used as the source port in the SPAN conversation. A port can be configured as the source port for multiple SPAN dialogs.
Dest_mod/dest_port: Target module/port number. Each SPAN dialog has only one destination port. The same port cannot be used as the destination port of multiple SPAN dialogs. A destination port cannot be configured as the source port, and the active destination port does not participate in the Spanning Tree.
[Rx | tx | both]: traffic through the source port can be divided into three types: ingress), egress), and bidirectional both, you can configure the types of data packets to be monitored in the SPAN dialog box. Only dual-direction data streams can be used to monitor the data of the entire VLAN.
[Filter vlan]: Trunk VLAN filtering. In Versions later than 6.3 (1), VLAN restriction filtering can be performed on ports with the source port as the Trunk. Only traffic of the specified VLAN can be copied to the target port.
[Inpkts {enable | disable}]: by default, the destination port will not receive incoming packets after it is activated, so that the destination port cannot communicate with other devices, you can configure to allow forwarding. packets sent are exchanged in the VLAN to which the port belongs. This destination port will not be used in the Spanning Tree of this VLAN.
[Learning {enable | disable}]: when the destination port is allowed for forwarding, you can set to allow the source MAC address to be learned from the destination port. This option only affects the devices connected to the destination port. Enable by default, but learning enable should be configured when inpkts enable is configured at the same time.
[Create]: create can be used to generate a new SPAN dialog. Up to five SPAN dialogs can be run simultaneously.
Note:
1. The SPAN dialog can only monitor data packets in the vswitch.
2. The sc0 interface of the vswitch cannot be configured as the SPAN source port.
3. The EtherChannel port cannot be a SPAN destination port.
4. when configuring a SPAN dialog, if the Trunking mode of the target port is "On" or "Nonegotiate", the SPAN packet will be forwarded in the Encapsulation Format configured by the original Trunking, at the same time, the destination port will stop Trunking.
Configuration example:
Example 1:
Configure port 2/5 (the SPAN source) inbound and outbound bidirectional data packets to be copied to port 2/10 (the SPAN destination ).
Console> (enable) set span 2/5 2/10
Console> (enable) show span
Destination: Port 2/10
Admin Source: Port 2/5
Invalid Source: None
Direction: transmit/receive
Incoming Packets: disabled
Learning: enabled
Filter :-
Status: active
-----------------------------
Total local span sessions: 1
Console> (enable)
Example 2:
Set VLAN 522 and 523 to SPAN source, and port 2/1 to SPAN destination:
Console> (enable) set span 522-523 2/1
Console> (enable) show span
Destination: Port 2/1
Admin Source: VLAN 522-523
Export Source: Port 2/1-2
Direction: transmit/receive
Incoming Packets: disabled
Learning: enabled
Filter :-
Status: active
----------------
Total local span sessions: 1
Console> (enable)
Disable SPAN
Set span disable [dest_mod/dest_port | all] The SPAN dialog can be cleared by disabling the target port.
For example:
Console> (enable) set span disable 2/3
This command may disable your span session (s ).
Do you want to continue (y/n) [n]? Y
The Disabled Port 2/3 to monitor transmit/receive traffic of Port
Incoming Packets disabled. Learning enabled.
Console> (enable)
Note: The preceding commands are applicable to the Catalyst series switches in the set command set. For some IOS command switches, such as ipvst2950 and 3500, their commands are different.