- SPAN (Switchport Analyzer)
-Is used to redirect traffic from a port or VLAN onto another for analysis by devices such as a packet sniffer or IPS.
-By default traffic coming in on the destination SPAN port will get dropped.
-The [ingress] keyword tells the switch, which access VLAN inbound traffic on the destination port should belong to.
config-set:
monitor session 1 source vlan 146
monitor session 1 destination interface Fa0/24
monitor session 1 source interface Fa0/4
monitor session 1 destination interface Fa0/24 ingress vlan 146
note: session # are locally significant
RSPAN
- Feature is used when the source port or VLAN that is being monitored, is on a different physical switch than the sniffer.
steps to configure:
1. configure the RSPAN VLAN, which carries special attributes.
SW4:
vlan 500
remote-span
2. configure the source of the traffic for the SPAN session and direct it to the RSPAN VLAN.
SW2:
monitor session 2 source interface Fa0/4
monitor session 2 destination remote vlan 500
3. On the switch with the attached sniffer, create a SPAN session with the source as the RSPAN VLAN and the destination as port where the sniffer is attached.
SW1:
monitor session 2 destination interface Fa0/24 ingress vlan 146
monitor session 2 source remote vlan 500
verification:
show monitor session all
VIRTUALRACK for Network Engineers... This blog is all about networking technologies that drives the human network today... Welcome to the Human Network!!
No comments:
Post a Comment