Ccie lab dumps Introduction to SPAN and RSPAN for port mirroring(1)
SPAN technology is mainly used to monitor the data flow on the switch, which is roughly divided into two types, Local Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN), the implementation method is slightly different. With SPAN technology, we can COPY or MIRROR the data stream of some ports on the switch that we want to be monitored.ccie lab dumps.Send to the traffic analyzer connected to the destination Port , such as CISCO IDS or PC with SNIFFER tool. The Source Port and destination Port can be on the same switch (local SPAN) or on different switches ( Remote SPAN).
SPAN, known as Switched Port Analyzer, it is a port mirroring technology for switches. The main purpose is to provide network data flow to a certain network analyzer. Ccie lab dumps.SPAN does not affect the data exchange of the source port. It simply sends a copy of the packet sent or received by the source port to the destination Port .
RSPAN (Remote SPAN), which is similar to SPAN, provides remote monitoring of multilayer switches across a switched network.
1. SPAN Session
A SPAN session is a flow of data between a set of 1. Source Ports and a destination port. It can monitor the incoming traffic of multiple ports or the outgoing traffic of one port at the same time, and can also monitor the incoming traffic of all ports in the VLAN, but cannot simultaneously go out to multiple ports.
Traffic and VLAN outbound traffic are monitored, you can set SPAN on a port that is down. but the SPAN session is inactive at this time.
But as long as the relevant interface is opened, SPAN becomes active.
The destination Port is preferably >= Source Port bandwidth, otherwise packet loss may occur.
2. SPAN Traffic
Use local SPAN to monitor all network traffic, including multicast, bridge protocol data unit (BPDU), and CDP, VTP, DTP, STP, PagP, and LACP packets. RSPAN cannot monitor Layer 2 protocols.
2. Traffic Types
There are three types of traffic being monitored, Receive (Rx) SPAN Source Port receive traffic, Transmit (Tx) SPAN Source Port transmit traffic, and Both a Source Port receive and send traffic.
SPAN port type
1. Source Port--SPAN source port, also called monitored port
The Source Port can be the actual physical port, VLAN, or Ethernet channel. The physical port can be in different VLANs. If the Source Portis a VLAN, all the physical ports in the VLAN are included. If the Source Port is an Ethernet channel, Then includes all the physical ports that make up this EtherChannel. If the Source Portis a trunk port, all VLAN traffic carried on the trunk port will be monitored. You can also use the filter vlan parameter to adjust only the VLAN data traffic specified in the filter vlan.
2. Destination Port--SPAN, which is the monitoring Port (for monitoring equipment).
A destination Port can only be a single physical port. A destination Port can only be used in one SPAN. The destination Port does not participate in other Layer 2 protocols.ccie lab dumps.
Cisco Discovery Protocol (CDP),
VLAN Trunk Protocol (VTP),
Dynamic Trunking Protocol (DTP),
Spanning Tree Protocol (STP),
Port Aggregation Protocol (PagP),
Link Aggregation Control Protocol (LACP) and so on
By default, the destination Port does not forward any data stream except the SPAN Session. You can also enable the Layer 2 forwarding function of the destination Port by setting the ingress parameter. For example, there is such a need when connecting CISCO IDS. Ccie lab dumps.At this time, the IDS not only needs to receive the data stream of the SPAN Session, but the IDS itself also has communication traffic with other devices in the network, so you need to open the Layer 2 forwarding function of the destination Port. The bandwidth of the destination Port is preferably greater than or equal to the bandwidth of the controlled port. Otherwise, packet loss may occur.
Publisher:IE LAB
publish Website: http://ielab.network
WhatsApp: +8617782638871
Skype:live:ielab.anna
SPAN technology is mainly used to monitor the data flow on the switch, which is roughly divided into two types, Local Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN), the implementation method is slightly different. With SPAN technology, we can COPY or MIRROR the data stream of some ports on the switch that we want to be monitored.ccie lab dumps.Send to the traffic analyzer connected to the destination Port , such as CISCO IDS or PC with SNIFFER tool. The Source Port and destination Port can be on the same switch (local SPAN) or on different switches ( Remote SPAN).
SPAN, known as Switched Port Analyzer, it is a port mirroring technology for switches. The main purpose is to provide network data flow to a certain network analyzer. Ccie lab dumps.SPAN does not affect the data exchange of the source port. It simply sends a copy of the packet sent or received by the source port to the destination Port .
RSPAN (Remote SPAN), which is similar to SPAN, provides remote monitoring of multilayer switches across a switched network.
1. SPAN Session
A SPAN session is a flow of data between a set of 1. Source Ports and a destination port. It can monitor the incoming traffic of multiple ports or the outgoing traffic of one port at the same time, and can also monitor the incoming traffic of all ports in the VLAN, but cannot simultaneously go out to multiple ports.
Traffic and VLAN outbound traffic are monitored, you can set SPAN on a port that is down. but the SPAN session is inactive at this time.
But as long as the relevant interface is opened, SPAN becomes active.
The destination Port is preferably >= Source Port bandwidth, otherwise packet loss may occur.
2. SPAN Traffic
Use local SPAN to monitor all network traffic, including multicast, bridge protocol data unit (BPDU), and CDP, VTP, DTP, STP, PagP, and LACP packets. RSPAN cannot monitor Layer 2 protocols.
2. Traffic Types
There are three types of traffic being monitored, Receive (Rx) SPAN Source Port receive traffic, Transmit (Tx) SPAN Source Port transmit traffic, and Both a Source Port receive and send traffic.
SPAN port type
1. Source Port--SPAN source port, also called monitored port
The Source Port can be the actual physical port, VLAN, or Ethernet channel. The physical port can be in different VLANs. If the Source Portis a VLAN, all the physical ports in the VLAN are included. If the Source Port is an Ethernet channel, Then includes all the physical ports that make up this EtherChannel. If the Source Portis a trunk port, all VLAN traffic carried on the trunk port will be monitored. You can also use the filter vlan parameter to adjust only the VLAN data traffic specified in the filter vlan.
2. Destination Port--SPAN, which is the monitoring Port (for monitoring equipment).
A destination Port can only be a single physical port. A destination Port can only be used in one SPAN. The destination Port does not participate in other Layer 2 protocols.ccie lab dumps.
Cisco Discovery Protocol (CDP),
VLAN Trunk Protocol (VTP),
Dynamic Trunking Protocol (DTP),
Spanning Tree Protocol (STP),
Port Aggregation Protocol (PagP),
Link Aggregation Control Protocol (LACP) and so on
By default, the destination Port does not forward any data stream except the SPAN Session. You can also enable the Layer 2 forwarding function of the destination Port by setting the ingress parameter. For example, there is such a need when connecting CISCO IDS. Ccie lab dumps.At this time, the IDS not only needs to receive the data stream of the SPAN Session, but the IDS itself also has communication traffic with other devices in the network, so you need to open the Layer 2 forwarding function of the destination Port. The bandwidth of the destination Port is preferably greater than or equal to the bandwidth of the controlled port. Otherwise, packet loss may occur.
Publisher:IE LAB
publish Website: http://ielab.network
WhatsApp: +8617782638871
Skype:live:ielab.anna
Comments
Post a Comment