Cisco NM-8B-U User Guide - Page 25
Network Security with ACLs, Traffic Types, SPAN Traffic
UPC - 074632001001
View all Cisco NM-8B-U manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 25 highlights
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Trunk interfaces can be configured as source interfaces and mixed with nontrunk source interfaces; however, the destination interface never encapsulates. Traffic Types Ingress SPAN (Rx) copies network traffic received by the source interfaces for analysis at the destination interface. Egress SPAN (Tx) copies network traffic transmitted from the source interfaces. Specifying the configuration option both copies network traffic received and transmitted by the source interfaces to the destination interface. SPAN Traffic Network traffic, including multicast, can be monitored using SPAN. Multicast packet monitoring is enabled by default. In some SPAN configurations, multiple copies of the same source packet are sent to the SPAN destination interface. For example, a bidirectional (both ingress and egress) SPAN session is configured for sources a1 and a2 to a destination interface d1. If a packet enters the switch through a1 and gets switched to a2, both incoming and outgoing packets are sent to destination interface d1; both packets would be the same (unless a Layer-3 rewrite had occurred, in which case the packets would be different). Note Monitoring of VLANs is not supported. SPAN Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring SPAN: • Enter the no monitor session session number command with no other parameters to clear the SPAN session number. • EtherChannel interfaces can be SPAN source interfaces; they cannot be SPAN destination interfaces. • If you specify multiple SPAN source interfaces, the interfaces can belong to different VLANs. • Monitoring of VLANs is not supported • Only one SPAN session may be run at any given time. • Outgoing CDP and BPDU packets will not be replicated. • SPAN destinations never participate in any spanning tree instance. SPAN includes BPDUs in the monitored traffic, so any BPDUs seen on the SPAN destination are from the SPAN source. • Use a network analyzer to monitor interfaces. • You can have one SPAN destination interface. • You can mix individual source interfaces within a single SPAN session. • You cannot configure a SPAN destination interface to receive ingress traffic. • When enabled, SPAN uses any previously entered configuration. • When you specify source interfaces and do not specify a traffic type (Tx, Rx, or both), both is used by default. Network Security with ACLs Network security on your Ethernet switch network module can be implemented using access control lists (ACLs), which are also referred to in commands and tables as access lists. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 25