Configuring Local SPAN, RSPAN, And ERSPAN
CH A P T E R68Configuring Local SPAN, RSPAN, and ERSPANThis chapter describes how to configure local Switched Port Analyzer (SPAN), remote SPAN (RSPAN),and Encapsulated RSPAN (ERSPAN) in Cisco IOS Release 12.2SX.Note For complete syntax and usage information for the commands used in this chapter, see the Cisco IOSMaster Command List, at this easemcl/all book.html TipSPA ports and FlexWAN ports do not support SPAN, RSPAN, or ERSPAN.For additional information about Cisco Catalyst 6500 Series Switches (including configuration examplesand troubleshooting information), see the documents listed on this es/ps708/tsd products support series home.htmlParticipate in the Technical Documentation Ideas forumThis chapter consists of these sections: Understanding Local SPAN, RSPAN, and ERSPAN, page 68-1 Local SPAN, RSPAN, and ERSPAN Configuration Guidelines and Restrictions, page 68-7 Configuring Local SPAN, RSPAN, and ERSPAN, page 68-15Understanding Local SPAN, RSPAN, and ERSPANThese sections describe how local SPAN, RSPAN, and ERSPAN work: Local SPAN, RSPAN, and ERSPAN Overview, page 68-2 Local SPAN, RSPAN, and ERSPAN Sources, page 68-5 Local SPAN, RSPAN, and ERSPAN Destinations, page 68-7Cisco IOS Software Configuration Guide, Release 12.2SXOL-13013-0668-1
Chapter 68Configuring Local SPAN, RSPAN, and ERSPANUnderstanding Local SPAN, RSPAN, and ERSPANLocal SPAN, RSPAN, and ERSPAN OverviewSPAN copies traffic from one or more CPUs, one or more ports, one or more EtherChannels, or one ormore VLANs, and sends the copied traffic to one or more destinations for analysis by a network analyzersuch as a SwitchProbe device or other Remote Monitoring (RMON) probe. Traffic can also be sent tothe processor for packet capture by the Mini Protocol Analyzer, as described in Chapter 72, “Using theMini Protocol Analyzer.”SPAN does not affect the switching of traffic on sources. You must dedicate the destination for SPANuse. The SPAN-generated copies of traffic compete with user traffic for switch resources.These sections provide an overview of local SPAN, RSPAN, and ERSPAN: Local SPAN Overview, page 68-2 RSPAN Overview, page 68-3 ERSPAN Overview, page 68-4 Understanding the Traffic Monitored at SPAN Sources, page 68-4Local SPAN OverviewA local SPAN session is an association of source ports and source VLANs with one or more destinations.You configure a local SPAN session on a single switch. Local SPAN does not have separate source anddestination sessions.Local SPAN sessions do not copy locally sourced RSPAN VLAN traffic from source trunk ports thatcarry RSPAN VLANs. Local SPAN sessions do not copy locally sourced RSPAN GRE-encapsulatedtraffic from source ports.Each local SPAN session can have either ports or VLANs as sources, but not both.Local SPAN copies traffic from one or more source ports in any VLAN or from one or more VLANs toa destination for analysis (see Figure 68-1). For example, as shown in Figure 68-1, all traffic on Ethernetport 5 (the source port) is copied to Ethernet port 10. A network analyzer on Ethernet port 10 receivesall traffic from Ethernet port 5 without being physically attached to Ethernet port 5.Figure 68-1Example SPAN ConfigurationPort 5 traffic mirrored1 2 3 4 5 6 7 8 9 10 11 12 on port 10E5E4E2E3E6 E7E8E9E11E12E10Network analyzerS6884E1Cisco IOS Software Configuration Guide, Release 12.2SX68-2OL-13013-06
Chapter 68Configuring Local SPAN, RSPAN, and ERSPANUnderstanding Local SPAN, RSPAN, and ERSPANRSPAN OverviewRSPAN supports source ports, source VLANs, and destinations on different switches, which providesremote monitoring of multiple switches across your network (see Figure 68-2). RSPAN uses a Layer 2VLAN to carry SPAN traffic between switches.RSPAN consists of an RSPAN source session, an RSPAN VLAN, and an RSPAN destination session.You separately configure RSPAN source sessions and destination sessions on different switches. Toconfigure an RSPAN source session on one switch, you associate a set of source ports or VLANs withan RSPAN VLAN. To configure an RSPAN destination session on another switch, you associate thedestinations with the RSPAN VLAN.The traffic for each RSPAN session is carried as Layer 2 nonroutable traffic over a user-specified RSPANVLAN that is dedicated for that RSPAN session in all participating switches. All participating switchesmust be trunk-connected at Layer 2.RSPAN source sessions do not copy locally sourced RSPAN VLAN traffic from source trunk ports thatcarry RSPAN VLANs. RSPAN source sessions do not copy locally sourced RSPAN GRE-encapsulatedtraffic from source ports.Each RSPAN source session can have either ports or VLANs as sources, but not both.The RSPAN source session copies traffic from the source ports or source VLANs and switches the trafficover the RSPAN VLAN to the RSPAN destination session. The RSPAN destination session switches thetraffic to the destinations.Figure 68-2RSPAN ConfigurationDestination switch(data center)Switch DD1D2Layer 2 trunkProbeC3Intermediate switch(distribution)Switch CC1Layer 2 trunkA3C2Layer 2 trunkB4Switch BSwitch AA2B1 B2 B327389A1Source switch(es)(access)Cisco IOS Software Configuration Guide, Release 12.2SXOL-13013-0668-3
Chapter 68Configuring Local SPAN, RSPAN, and ERSPANUnderstanding Local SPAN, RSPAN, and ERSPANERSPAN OverviewERSPAN supports source ports, source VLANs, and destinations on different switches, which providesremote monitoring of multiple switches across your network (see Figure 68-3). ERSPAN uses a GREtunnel to carry traffic between switches.ERSPAN consists of an ERSPAN source session, routable ERSPAN GRE-encapsulated traffic, and anERSPAN destination session. You separately configure ERSPAN source sessions and destinationsessions on different switches.To configure an ERSPAN source session on one switch, you associate a set of source ports or VLANswith a destination IP address, ERSPAN ID number, and optionally with a VRF name. To configure anERSPAN destination session on another switch, you associate the destinations with the source IPaddress, ERSPAN ID number, and optionally with a VRF name.ERSPAN source sessions do not copy locally sourced RSPAN VLAN traffic from source trunk ports thatcarry RSPAN VLANs. ERSPAN source sessions do not copy locally sourced ERSPANGRE-encapsulated traffic from source ports.Each ERSPAN source session can have either ports or VLANs as sources, but not both.The ERSPAN source session copies traffic from the source ports or source VLANs and forwards thetraffic using routable GRE-encapsulated packets to the ERSPAN destination session. The ERSPANdestination session switches the traffic to the destinations.Figure 68-3ERSPAN ConfigurationUnderstanding the Traffic Monitored at SPAN SourcesThese sections describe the traffic that local SPAN, RSPAN, and ERSPAN sources can monitor: Monitored Traffic Direction, page 68-5 Monitored Traffic Type, page 68-5 Duplicate Traffic, page 68-5Cisco IOS Software Configuration Guide, Release 12.2SX68-4OL-13013-06
Chapter 68Configuring Local SPAN, RSPAN, and ERSPANUnderstanding Local SPAN, RSPAN, and ERSPANMonitored Traffic DirectionYou can configure local SPAN sessions, RSPAN source sessions, and ERSPAN source sessions tomonitor the following traffic: Ingress traffic– Called ingress SPAN.– Copies traffic received by the sources (ingress traffic).– Ingress traffic is sent to the supervisor engine SPAN ASIC to be copied. Egress traffic– Called egress SPAN.– Copies traffic transmitted from the sources (egress traffic).– Distributed egress SPAN mode—With Release 12.2(33)SXH and later releases, on somefabric-enabled switching modules, egress traffic can be copied locally by the switching moduleSPAN ASIC and then sent to the SPAN destinations. See the “Distributed Egress SPAN ModeGuidelines and Restrictions” section on page 68-14 for information about switching modulesthat support distributed egress SPAN mode.– Centralized egress SPAN mode—On all other switching modules, egress traffic is sent to thesupervisor engine SPAN ASIC to be copied and is then sent to the SPAN destinations. Both– Copies both the received traffic and the transmitted traffic (ingress and egress traffic).– Both ingress traffic and egress traffic is sent to the supervisor engine SPAN ASIC to be copied.Monitored Traffic TypeBy default, local SPAN and ERSPAN monitor all traffic, including multicast and bridge protocol dataunit (BPDU) frames. RSPAN does not support BPDU monitoring.Duplicate TrafficIn some configurations, SPAN sends multiple copies of the same source traffic to the destination. Forexample, in a configuration with a bidirectional SPAN session (both ingress and egress) for two SPANsources, called s1 and s2, to a SPAN destination, called d1, if a packet enters the switch through s1 andis sent for egress from the switch to s2, ingress SPAN at s1 sends a copy of the packet to SPANdestination d1 and egress SPAN at s2 sends a copy of the packet to SPAN destination d1. If the packetwas Layer 2 switched from s1 to s2, both SPAN packets would be the same. If the packet was Layer 3switched from s1 to s2, the Layer 3 rewrite would alter the source and destination Layer 2 addresses, inwhich case the SPAN packets would be different.Local SPAN, RSPAN, and ERSPAN SourcesThese sections describe local SPAN, RSPAN, and ERSPAN sources: Source CPUs, page 68-6 Source Ports and EtherChannels, page 68-6 Source VLANs, page 68-6Cisco IOS Software Configuration Guide, Release 12.2SXOL-13013-0668-5
Chapter 68Configuring Local SPAN, RSPAN, and ERSPANUnderstanding Local SPAN, RSPAN, and ERSPANSource CPUsA source CPU is a CPU monitored for traffic analysis. With Release 12.2(33)SXH and later releases,you can configure both the SP CPU and the RP CPU as SPAN sources. These are examples of what youcan do with the data generated by CPU monitoring:Note Develop baseline information about CPU traffic. Develop information to use when creating control plane policing (CoPP) policies. Troubleshoot CPU-related issues (for example, high CPU utilization). CPU SPAN monitors CPU traffic from the perspective of the ASICs that send and receive the CPUtraffic, rather than from onboard the CPUs themselves. Traffic to and from the CPU is tagged with VLAN IDs. You can configure source VLAN filteringof the CPU traffic.Source Ports and EtherChannelsA source port or EtherChannel is a port or EtherChannel monitored for traffic analysis. You canconfigure both Layer 2 and Layer 3 ports and EtherChannels as SPAN sources. SPAN can monitor oneor more source ports or EtherChannels in a single SPAN session. You can configure ports orEtherChannels in any VLAN as SPAN sources. Trunk ports or EtherChannels can be configured assources and mixed with nontrunk sources.NoteSPAN does not copy the encapsulation from trunk sources. You can configure SPAN destinations astrunks to tag the monitored traffic before it is transmitted for analysis.Source VLANsA source VLAN is a VLAN monitored for traffic analysis. VLAN-based SPAN (VSPAN) uses a VLANas the SPAN source. All the ports and EtherChannels in the source VLANs become sources of SPANtraffic.NoteLayer 3 VLAN interfaces on source VLANs are not sources of SPAN traffic. Traffic that enters a VLANthrough a Layer 3 VLAN interface is monitored when it is transmitted from the switch through an egressport or EtherChannel that is in the source VLAN.Cisco IOS Software Configuration Guide, Release 12.2SX68-6OL-13013-06
Chapter 68Configuring Local SPAN, RSPAN, and ERSPANLocal SPAN, RSPAN, and ERSPAN Configuration Guidelines and RestrictionsLocal SPAN, RSPAN, and ERSPAN DestinationsA SPAN destination is a Layer 2 or Layer 3 port or, with Release 12.2(33)SXH and later releases, anEtherChannel, to which local SPAN, RSPAN, or ERSPAN sends traffic for analysis. When you configurea port or EtherChannel as a SPAN destination, it is dedicated for use only by the SPAN feature.Destination EtherChannels do not support the Port Aggregation Control Protocol (PAgP) or LinkAggregation Control Protocol (LACP) EtherChannel protocols; only the on mode is supported, with allEtherChannel protocol support disabled.There is no requirement that the member links of a destination EtherChannel be connected to a devicethat supports EtherChannels. For example, you can connect the member links to separate networkanalyzers. See Chapter 19, “Configuring EtherChannels,” for more information about EtherChannel.Destinations, by default, cannot receive any traffic. With Release 12.2(33)SXH and later releases, youcan configure Layer 2 destinations to receive traffic from any attached devices.Destinations, by default, do not transmit anything except SPAN traffic. Layer 2 destinations that youhave configured to receive traffic can be configured to learn the Layer 2 address of any devices attachedto the destination and transmit traffic that is addressed to the devices.You can configure trunks as destinations, which allows trunk destinations to transmit encapsulatedtraffic. You can use allowed VLAN lists to configure destination trunk VLAN filtering.Local SPAN, RSPAN, and ERSPAN Configuration Guidelines andRestrictionsThese sections describe local SPAN, RSPAN, and ERSPAN configuration guidelines and restrictions: General Guidelines and Restrictions, page 68-8 Feature Incompatibilities, page 68-8 Local SPAN, RSPAN, and ERSPAN Session Limits, page 68-10 Local SPAN, RSPAN, and ERSPAN Interface Limits, page 68-10 Local SPAN, RSPAN, and ERSPAN Guidelines and Restrictions, page 68-10 VSPAN Guidelines and Restrictions, page 68-11 RSPAN Guidelines and Restrictions, page 68-12 ERSPAN Guidelines and Restrictions, page 68-13 Distributed Egress SPAN Mode Guidelines and Restrictions, page 68-14Cisco IOS Software Configuration Guide, Release 12.2SXOL-13013-0668-7
Chapter 68Configuring Local SPAN, RSPAN, and ERSPANLocal SPAN, RSPAN, and ERSPAN Configuration Guidelines and RestrictionsGeneral Guidelines and RestrictionsUse SPAN for troubleshooting. Except in carefully planned topologies, SPAN consumes too manyswitch and network resources to enable permanently.Exercise all possible care when enabling and configuring SPAN. The traffic copied by SPAN can imposea significant load on the switch and the network.To minimize the load, configure SPAN to copy only the specific traffic that you want to analyze. Selectsources that carry as little unwanted traffic as possible. For example, a port as a SPAN source might carryless unwanted traffic than a VLAN.NoteTo monitor traffic that can be matched with an ACL, consider using VACL capture.Before enabling SPAN, carefully evaluate the SPAN source traffic rates, and consider the performanceimplications and possible oversubscription points, which include these: SPAN destination Fabric channel Rewrite/replication engine Forwarding engine (PFC/DFC)To avoid disrupting traffic, do not oversubscribe any of these points in your SPAN topology. Someoversubscription and performance considerations are: SPAN doubles traffic internally SPAN adds to the traffic being processed by the switch fabric SPAN doubles forwarding engine load The supervisor engine handles the entire load imposed by egress SPAN (also called transmit SPAN).NoteEgress SPAN should only be enabled for short periods of time during active troubleshooting.Release 12.2(33)SXH and later releases support distributed egress SPAN, which reduces theload on the supervisor engine. The ingress modules handle the load imposed by ingress SPAN sources (also called receive SPAN)on each module. Ingress SPAN adds to rewrite/replication engine load.Feature IncompatibilitiesThese feature incompatibilities exist with local SPAN, RSPAN, and ERSPAN: In releases where CSCth62957 is not resolved, in PFC3B mode or PFC3BXL mode, thexconnect target ip address vc value encapsulation mpls command might cause traffic to loopcontinuously with these SPAN configurations:– If the xconnect target ip address vc value encapsulation mpls command is configured on aphysical interface, the CLI prevents configuration of that port as part of a SPAN session.– If a SPAN session is configured on a physical port and you attempt to configure thexconnect target ip address vc value encapsulation mpls command, the CLI prints a warningthat recommends against the configuration.Cisco IOS Software Configuration Guide, Release 12.2SX68-8OL-13013-06
Chapter 68Configuring Local SPAN, RSPAN, and ERSPANLocal SPAN, RSPAN, and ERSPAN Configuration Guidelines and Restrictions– If the xconnect target ip address vc value encapsulation mpls command is configured on aphysical interface, you should not configure source cpu {rp sp} in any SPAN session, but theCLI does not enforce any restriction.– If a SPAN session is configured with source cpu {rp sp} and you attempt to configure thexconnect target ip address vc value encapsulation mpls command, the CLI does not enforceany restriction. In releases where CSCth62957 is resolved, to avoid a configuration that might cause traffic to loopcontinuously, the CLI enforces these restrictions in PFC3B mode or PFC3BXL mode:– If the xconnect target ip address vc value encapsulation mpls command is configured on aphysical interface, the CLI prevents configuration of that port as part of a SPAN session.– If a SPAN session is configured on a physical port and you attempt to configure the the xconnecttarget ip address vc value encapsulation mpls command command on that port, the CLIprints a warning that recommends against the configuration.– If the the xconnect target ip address vc value encapsulation mpls command command isconfigured on a physical interface, you cannot configure source cpu {rp sp} in any SPANsession.– If a SPAN session is configured with source cpu {rp sp} and you attempt to configure thexconnect target ip address vc value encapsulation mpls command, the CLI prints a warningthat recommends against the configuration. Egress SPAN is not supported in egress multicast mode. (CSCsa95965) Unknown unicast flood blocking (UUFB) ports cannot be RSPAN or local SPAN egress-onlydestinations. (CSCsj27695) Except in PFC3C mode or PFC3CXL mode, Ethernet over MultiProtocol Label Switching(EoMPLS) ports cannot be SPAN sources. (CSCed51245) A port-channel interface (an EtherChannel) can be a SPAN source, but you cannot configure activemember ports of an EtherChannel as SPAN source ports. Inactive member ports of an EtherChannelcan be configured as SPAN sources but they are put into the suspended state and carry no traffic. These features are incompatible with SPAN destinations:– Private VLANs– IEEE 802.1X port-based authentication– Port security– Spanning Tree Protocol (STP) and related features (PortFast, PortFast BPDU filtering, BPDUGuard, UplinkFast, BackboneFast, EtherChannel Guard, Root Guard, Loop Guard)– VLAN trunk protocol (VTP)– Dynamic trunking protocol (DTP)– IEEE 802.1Q tunnelingNote SPAN destinations can participate in IEEE 802.3Z flow control. IP multicast switching using egress packet replication is not compatible with SPAN. In some cases,egress replication can result in multicast packets not being sent to the SPAN destination port. If youare using SPAN and your switching modules are capable of egress replication, enter the mls ipmulticast replication-mode ingress command to force ingress replication.Cisco IOS Software Configuration Guide, Release 12.2SXOL-13013-0668-9
Chapter 68Configuring Local SPAN, RSPAN, and ERSPANLocal SPAN, RSPAN, and ERSPAN Configuration Guidelines and RestrictionsLocal SPAN, RSPAN, and ERSPAN Session LimitsWith Release 12.2(33)SXH and later releases, these are the PFC3 local SPAN, RSPAN, and ERSPANsession limits:Local and Source SessionsDestination SessionsTotal SessionsLocal SPAN,RSPAN Source,ERSPAN SourceIngress or Egress or BothLocal SPAN Egress-OnlyRSPANERSPAN802146423Local SPAN, RSPAN, and ERSPAN Interface LimitsWith Release 12.2(33)SXH
carry RSPAN VLANs. Local SPAN sessions do not copy locally sourced RSPAN GRE-encapsulated traffic from source ports. Each local SPAN session can have either ports or VLANs as sources, but not both. Local SPAN copies traffic from one or more source ports in any VLAN or from one or mo
Brooktrout Fax Board Configuration 50 Configuring Docs-on-Demand 62 Configuring T.37 Fax over IP 64 Configuring Fax over IP Failover 65 Configuring SMS via the Push-Proxy Gateway 66 Configuring RightFax Internet Connector Channels 67 Configuring RightFax Connect 67 Configuring Automated Billing Codes 67 Running DocTransport on Remote Computers 69
Floor Span Tables: 40 psf Live Load and 10 psf Dead Load TO USE: 1. Select the Simple Span or Continuous Span table, as required. 2. Find a span that meets or exceeds the required clear span. 3. Read the corresponding joist series, depth and spacing. CAUTION: For floor systems that require both simple span and continuous span joists,
ENCE717 – Bridge Engineering Long-Span Bridges Chung C. Fu, Ph.D., P.E. (http: www.best.umd.edu) Classification Based on Main Span Length Short Span Bridges (up to 15m) Medium Span Bridges (up to 50m) Long Span Bridges (50-150m*) Extra Long Span Bridges (over 150m*) * (or 200 m) Long & Extra Long
Configuring the MICROS Standard Credit Card Payment Module 5-32 Configuring the Loadable PMS Payment Module 5-35 Configuring the Demo Payment 5-36 Setting the Front of House to Allow Pay at the Table 5-36 Configuring Email Receipts 5-38 Autosequence Events 5-39 v. Configuring Autosequence Events 5-39 Configuring the Autosequence Event Schedule 5-40 6 Taxes Understanding Tax Rates and Tax .
Metering 7 Correlation Meter 7 Credits 8 Questions and Answers 9. Voxengo SPAN Plus User Guide 3 Introduction SPAN Plus is a real-time "fast Fourier transform" audio spectrum analyzer plug-in for professional music and audio production applications. SPAN Plus is an extended version of the freeware SPAN plug-in: SPAN Plus provides
Consistent with HLB 7 HLB Numbers: SPAN 20 – 8.6 SPAN 80 – 4.3 SPAN 80 is more hydrophobic than SPAN 20, so it has higher affinity for nonpolar Toluene. E 12 is higher for SPAN 80 than SPAN 20, confirming higher affinity for toluene. ΔG Values (at 50% Surfactant concentration): S
s r e s Ul a c o L —To configure users in the local database using the Users Local Users and Users Local Groups pages. For information on configuring local users and groups, refer to Configuring Local Users and Configuring Local Groups. RADIUS—If you have more than 1,000 users or want to add an extra layer of security for
ANATOMI EXTREMITAS INFERIOR Tim Anatomi (Jaka Sunardi, dkk) FIK Universitas Negeri Yogyakarta. OSTEOLOGI. OS COXAE 1. Linea glutea posterior 2. Ala ossis ilii 3. Linea glutea anterior 4. Cristae illiaca (a) labium externum (b) lab. Intermedia (c) lab. Internum 5. Facies glutea 6. SIAS 7. Linea glutea inferior 8. SIAI 9. Facies lunata 10. Eminentia iliopectinea 11. Fossa acetabuli 12. Incisura .
