Cisco WS-C3560V2-24TS-E Command Reference - Page 309
Usage Guidelines, port-channel, monitor session, filter vlan, destination, interface, ingress, dot1q
View all Cisco WS-C3560V2-24TS-E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 309 highlights
Chapter 2 Catalyst 3560 Switch Cisco IOS Commands monitor session Usage Guidelines Traffic that enters or leaves source ports or source VLANs can be monitored by using SPAN or RSPAN. Traffic routed to source ports or source VLANs cannot be monitored. You can set a combined maximum of two local SPAN sessions and RSPAN source sessions. You can have a total of 66 SPAN and RSPAN sessions on a switch. You can have a maximum of 64 destination ports on a switch. Each session can include multiple ingress or egress source ports or VLANs, but you cannot combine source ports and source VLANs in a single session. Each session can include multiple destination ports. When you use VLAN-based SPAN (VSPAN) to analyze network traffic in a VLAN or set of VLANs, all active ports in the source VLANs become source ports for the SPAN or RSPAN session. Trunk ports are included as source ports for VSPAN, and only packets with the monitored VLAN ID are sent to the destination port. You can monitor traffic on a single port or VLAN or on a series or range of ports or VLANs. You select a series or range of interfaces or VLANs by using the [, | -] options. If you specify a series of VLANs or interfaces, you must enter a space before and after the comma. If you specify a range of VLANs or interfaces, you must enter a space before and after the hyphen (-). EtherChannel ports cannot be configured as SPAN or RSPAN destination ports. A physical port that is a member of an EtherChannel group can be used as a destination port, but it cannot participate in the EtherChannel group while it is as a SPAN destination. A private-VLAN port cannot be configured as a SPAN destination port. You can monitor individual ports while they participate in an EtherChannel, or you can monitor the entire EtherChannel bundle by specifying the port-channel number as the RSPAN source interface. A port used as a destination port cannot be a SPAN or RSPAN source, nor can a port be a destination port for more than one session at a time. You can enable IEEE 802.1x on a port that is a SPAN or RSPAN destination port; however, IEEE 802.1x is disabled until the port is removed as a SPAN destination. (If IEEE 802.1x is not available on the port, the switch returns an error message.) You can enable IEEE 802.1x on a SPAN or RSPAN source port. VLAN filtering refers to analyzing network traffic on a selected set of VLANs on trunk source ports. By default, all VLANs are monitored on trunk source ports. You can use the monitor session session_number filter vlan vlan-id command to limit SPAN traffic on trunk source ports to only the specified VLANs. VLAN monitoring and VLAN filtering are mutually exclusive. If a VLAN is a source, VLAN filtering cannot be enabled. If VLAN filtering is configured, a VLAN cannot become a source. If ingress traffic forwarding is enabled for a network security device, the destination port forwards traffic at Layer 2. Destination ports can be configured to act in these ways: • When you enter monitor session session_number destination interface interface-id with no other keywords, egress encapsulation is untagged, and ingress forwarding is not enabled. • When you enter monitor session session_number destination interface interface-id ingress, egress encapsulation is untagged; ingress encapsulation depends on the keywords that follow-dot1q, isl, or untagged. 78-16405-05 Catalyst 3560 Switch Command Reference 2-277