SPAN(Switched Port Analyzer)——用於交換環境的性能管理和排錯。
SPAN 能夠將某個 VLAN 或一組埠(源)的網路流量複製到某個埠中(目的),而那個目的埠通常連接到網路分析器(比如,SwitchProbe 設備)。SPAN不會對源埠或 VLAN 的網路流量交換產生影響。
SPAN分為兩種
1. Local SPAN
2. Remote SPAN
Local SPAN
Local SPAN supports a SPAN session entirely within one switch; all source ports or source VLANs and destination ports are in the same switch. Local SPAN copies traffic from one or more source ports in any VLAN or from one or more VLANs to a destination port for analysis
RSPAN
RSPAN supports source ports, source VLANs, and destination ports on different switches, enabling remote monitoring of multiple switches across your network.
--------------------------------------------------------------------------------------------------------------------------------------
Traffic monitoring in a SPAN session has these restrictions:
• Sources can be ports or VLANs, but you cannot mix source ports and source VLANs in the same session.• The switch supports up to two source sessions (local SPAN and RSPAN source sessions). You can run both a local SPAN and an RSPAN source session in the same switch. The switch supports a total of 66 source and RSPAN destination sessions.
• You can have multiple destination ports in a SPAN session, but no more than 64 destination ports.
• You can configure two separate SPAN or RSPAN source sessions with separate or overlapping sets of SPAN source ports and VLANs. Both switched and routed ports can be configured as SPAN sources and destinations.
• SPAN sessions do not interfere with the normal operation of the switch. However, an oversubscribed SPAN destination, for example, a 10-Mb/s port monitoring a 100-Mb/s port, can result in dropped or lost packets.
• When RSPAN is enabled, each packet being monitored is transmitted twice, once as normal traffic and once as a monitored packet. Therefore monitoring a large number of ports or VLANs could potentially generate large amounts of network traffic.
• You can configure SPAN sessions on disabled ports; however, a SPAN session does not become active unless you enable the destination port and at least one source port or VLAN for that session.
• The switch does not support a combination of local SPAN and RSPAN in a single session. That is, an RSPAN source session cannot have a local destination port, an RSPAN destination session cannot have a local source port, and an RSPAN destination session and an RSPAN source session that are using the same RSPAN VLAN cannot run on the same switch.
--------------------------------------------------------------------------------------------------------------------------------------
SPAN sessions can monitor these traffic types:
Receive (Rx) SPAN—The goal of receive (or ingress) SPAN is to monitor as much as possible all the packets received by the source interface or VLAN before any modification or processing is performed by the switch. A copy of each packet received by the source is sent to the destination port for that SPAN session.
Transmit (Tx) SPAN—
The goal of transmit (or egress) SPAN is to monitor as much as possible all
the packets sent by the source interface after all modification and processing is performed by the switch. A copy of each packet sent by the source is sent to the destination port for that SPAN session. The copy is provided after the packet is modified.
Both—
In a SPAN session, you can also monitor a port or VLAN for both received and sent packets. This is the default.
The default configuration for local SPAN session ports is to send all packets untagged. SPAN also does not normally monitor bridge protocol data unit (BPDU) packets and Layer 2 protocols, such as Cisco Discovery Protocol (CDP), VLAN Trunk Protocol (VTP), Dynamic Trunking Protocol (DTP), Spanning Tree Protocol (STP), and Port Aggregation Protocol (PAgP). However, when you enter the encapsulation replicate keywords when configuring a destination port, these changes occur:
• Packets are sent on the destination port with the same encapsulation—untagged, Inter-Switch Link (ISL), or IEEE 802.1Q—that they had on the source port.
• Packets of all types, including BPDU and Layer 2 protocol packets, are monitored.
-------------------------------------------------------------------------------------------------------------------------------------
SPAN interacts with these features
STPA destination port does not participate in STP while its SPAN or RSPAN session is active. The destination port can participate in STP after the SPAN or RSPAN session is disabled. On a source port, SPAN does not affect the STP status. STP can be active on trunk ports carrying an RSPAN VLAN.
CDP
A SPAN destination port does not participate in CDP while the SPAN session is active. After the SPAN session is disabled, the port again participates in CDP.
VTP
You can use VTP to prune an RSPAN VLAN between switches.
EtherChannel
You can configure an EtherChannel group as a source port but not as a SPAN destination port. When a group is configured as a SPAN source, the entire group is monitored.
Multicast
Multicast traffic can be monitored. For egress and ingress port monitoring, only a single unedited packet is sent to the SPAN destination port. It does not reflect the number of times the multicast packet is sent.
A private-VLAN port cannot be a SPAN destination port.
A secure port cannot be a SPAN destination port.
An IEEE 802.1x port can be a SPAN source port.
You can enable IEEE 802.1x on a port that is a SPAN destination port; however, IEEE 802.1x is disabled until the port is removed as a SPAN destination.
------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------
Configuration
SPAN
RSPAN:
配置RSPAN的步驟如下:1.創建RSPAN 專用的VLAN:
SW(config)#vlan {vlan-id}
2.定義該VLAN為RSPAN VLAN:
SW (config-vlan)#remote-span
3.定義源交換機的源埠.對於Catalyst 3550交換機,會話數隻支援兩條,即1和2,還可以定義監聽流量的方向,默認監聽雙向流量:
SW (config)#monitor session {session-number} source {interface interface|vlan vlan-id} [rx|tx|both]
4.定義源交換機的目標埠:
SW (config)#monitor session {session-number} destination remote vlan {rspan-vlan-id}
5.定義目標交換機的源埠:
SW (config)#monitor session {session-number} source remote vlan {rspan-vlan-id}
6.定義目標交換機的目標埠:
SW (config)#monitor session {session-number} destination {interface interface|vlan vlan-id} [rx|tx|both]
沒有留言:
張貼留言