I try to divide this article into 3 parts so help us easy to read:
First. SPAN configuration guidelines
Second. Other restrictions that complement the first
Third. List of Questions
Fourth. The Configuration
SPAN configuration guideline is our guidelines to configure SPAN feature. List of Question are Questions that arise when I copy-paste and rewrote the configuration guidelines with my own word that easy to understand by me. The List of Questions, are questions that pop-up on my mind, and I wish help us to speed up the implementations. You know, we need a questionaire. And, last the answers of the list of questions especially their value will be translated to configuration guide
So, Part 3 is referencing part 1 and 2, Part 2 is referencing 1 ahd Part 1 is from Cisco.
SPAN configuration guidelines
1. Trafik yang bisa dimonitor
2. Destination port cannot be a source port; a source port cannot be a destination port.
3. You cannot have 2 SPAN session using the same destination port. I rewrote this as: We must create seperate SPAN session for two seperate destination ports. Please have a sight on picture below (I occasionally configure two different destination port that is fastethernet 1/0 and fastethernet 1/1 ports as same SPAN session destination port and the IOS reject it)
4. When you configure a switch port as a SPAN destination port, it is no longer a normal switch port; only monitored traffic passes through the SPAN destination port
5. Entering SPAN configuration commands does not remove previously configured SPAN parameters. You must enter the no monitor session {session_number | all | local | remote} global configuration command to delete configured SPAN parameters.
6. For local SPAN,
outgoing packets through the
SPAN destination port carry the original encapsulation headers—
untagged or
IEEE 802.1Q—if the encapsulation replicate keywords are specified. If the
keywords are not specified,
the packets are sent in
native form. For RSPAN destination ports, outgoing packets are not tagged.
7. You can configure a disabled port to be a source or destination port, but the SPAN function does not start until the destination port and at least one source port or source VLAN are enabled.
8. You cannot mix source VLANs and filter VLANs within a single SPAN session
List of Questions
1. Do we want to use different destination port?
2. Do we want to display the monitored traffic with their original encapsulation headers (untagged or IEEE 802.1Q)? If
YES: please use keyword
encapsulation replicate, if
NO: do not use keyword encapsulation replicate on your SPAN configuration.
3. Do we need to configure a disabled port to be a source port or to be a destination port?
Lets get to configuration
The Configuration
Step 1. configuration terminal
Step 2. no monitor session all
Description: we need to no-ing all monitor session that has been configured in this switch because entering SPAN configuration commands does not remove previously configured SPAN parameters. Or in other words, it will not override the existing / old SPAN configuration
in the switch.(Please refer the configuration guidelines point 4).
Un-removed previously configured SPAN parameters also may conflict with you-want-to-enter configuration (Please refer the configuration guidelines point 3)
Step 3. monitor session 1 source interface fa0/1 rx
or
monitor session 1 source vlan 1 rx
Step 4: monitor session 1 destination interface fa0/1
configuration terminal
no monitor session all
monitor session 1 source interface fa0/1 both