This topic is to discuss the following lesson:
Thanks, Rene. Do you think its worth to taught us about ERSPAN?
Hi Rene,
I am unable to understand what is the maximum SPAN session limit ?
a) how many src / dst ports can be included in a SPAN session
b) if we specify session 1 for both src and destination, does that means that only 1 session is used up ? or src = 1 session, dst = 1 session total = 2 session
c) what is the maximum limit of SPAN session that can be created ? (is it base on src, destination combi or ?)
You can take 2960x as a reference. Try reading the manual but can’t figure the exact meaning out
Â
Regards,
Alan
Hi Alan,
Good question…only thing I could find is this document:
a) It doesn’t specify anything about the number of interfaces, only the number of sessions.
b) For a single session, you specify a source + destination so that’s one session.
c) maximum of 4 (2 if switch is stacked with Catalyst 2960-S switches) source sessions and 64 RSPAN destination sessions. A source session is either a local SPAN session or an RSPAN source session.
Rene
Hello Rene,
As a CCIE course for SPAN & RSPAN , i think you need to add ERSPAN also to the CCIE course on SPAN &RSPAN , because this course is the same as in the Switching CCNP. Please clarified about that.
Hi Sinan,
I agree, it’s on the list. It seems ERSPAN can be configured on the CSR1000V routers.
Rene
For RSPAN, if there is a switch between you and the port you want to monitor you would have to have the remote-span vlan on all of them?
Hi Sean,
That’s right, you’ll have to configure the RSPAN VLAN on all switches in the path. Don’t just add the VLAN but configure it as a RSPAN VLAN:
Hello Leo,
you need to declare the remote span vlan as remote span also in intermediate switches.
Switch(config)# vlan 500
Switch(config-vlan)# remote span
Switch(config-vlan)# end
Rene
Hi Rene, I recently heard about networklessons.com and I’m loving the information you provide. I need to renew my CCNP and this is tremendously helpful for me to review areas that I do not use much.
My question is that in this lesson you write:
Switch(config)#monitor session 1 filter vlan 1 - 100
“This will filter VLAN 1 – 100 from being forwarded.”
That makes it sound like the VLANS 1-100 ARE NOT being monitored if this filter is in use. Looking at Cisco’s documentation, it appears to be the opposite. Cisco seems to be saying that the filter command specifies the VLANs that ARE being monitored.
Quote: When a VLAN filter list is specified, only those VLANs in the list are monitored on trunk ports or on voice VLAN access ports.
Can you please clarify?
Thanks so much for the great resource.
Teressa
Hi Teressa,
I’m glad to hear you like my work!
You are correct about the monitor session filter command. The VLANs that you define there are those that will be forwarded to the destination, everything else will be ignored.
I just edited my example to emphasize this. Thanks for letting me know!
Rene
Thank you!
I was reading that the use of the “Ingress” option would allow the destination (wireshark sniffer computer) to still be able to work properly (receive email etc.) while doing a SPAN …
You mentioned above this is not the case so I was just looking for clarity.
“When you configure a destination port you will lose its configuration. When you remove SPAN, the configuration is restored. In short…you can’t use the destination interface for anything else besides receiving traffic.”
Hi Ken,
You are correct, it is possible to allow ingress traffic from the destination port. Here’s an example:
SW1#show run | include ingress
monitor session 1 destination interface Fa0/2 ingress untagged vlan 12
This would allow a device on the destination interface to send/receive untagged traffic in VLAN 12. This is similar to an interface in access mode. You can also use 802.1Q if you have a device that can do tagging.
Rene
Hi Rene,
When you will add the ERSPAN article? Please let us know once when available.Thanks
br/
zaman
Hi
For both SPAN and RSPAN, will the source traffic be “untouched” and sent to SPAN/RSPAN dst port? ie if source is tagged, will it also be tagged at SPAN/RSPAN
dst port? Is there option to strip off the tag before going out the dst port? On RSPAN, is the RSPAN vlan tag stripped off before going out the dst port?
Thanks
Hi Edgar,
For a SPAN session, it’s possible to keep the original VLAN tags. You should be able to do this with the following command:
monitor session 1 destination interface Fa0/11 encapsulation replicate
This won’t work for RSPAN. RSPAN is only able to send untagged traffic to the destination interface.
Rene
Hi when I configure RSPAN on a data vlan (management vlan) remotely the vlan goes down at a UP/DOWN status and I lose vty access. I consoled into the switch and the switch that is trunked into and tried to bounce the vlan interface but it still stays down.
SW1(config)#vlan 27
SW1(config-vlan)#remote-span
SW2(config)#vlan 27
SW2(config-vlan)#remote-span
This is all I configure before losing vty connection.
I have to remove the remote-span command to regain vty access.
Hi David,
Do you use VLAN 27 for anything else besides RSPAN?
Rene
Hi Rene,
I figured out the issue. After looking at Cisco docs on RSPAN it gave a warning to only apply remote-span on a specific vlan configured for remote-span not to a vlan in use. VLAN 27 is a test vlan used for DATA traffic. I created another vlan for RSPAN use and I got it work. I haven’t used RSPAN before so I was not aware of the limitation.
I tend to use your examples as a quick reference command cookbook to apply a topic to something I am working on at work since its laid out pretty simple. Would it be possible to add limitations or warnings to your examples of stuff to watch out for if used in production.
Thanks
Hi Rene,
The SPAN destination port can be configured in either access or trunk mode.
So, what is the different if it is configured as access or trunk mode?
Edi