SPAN Ports Flashcards
What are SPAN ports and what are they used for?
SPAN ports mirror all traffic to and/or from a source port to a destination port. They are used to send traffic to packet-capture software.
Do SPAN source and destination ports have to be run on the same switch?
No, SPAN source and destination ports can reside on entirely different devices.
What must be configured to run SPAN ports locally on one switch?
A SPAN session, a SPAN source port, and a SPAN destination port.
What options can you configure when setting up your SPAN ports?
To mirror transmit data. receive data, or both; or specify a VLAN to be mirrored.
When configuring SPAN on two remote devices, what must be configured in addition to your source and destination ports?
A SPAN VLAN that runs on both switches and across all intermediary switches.
True or false: SPAN VLANs must be configured as such on all switches they exist on.
True.
When configuring remote span, the SPAN VLAN is configured as the __ on the source switch and the __ on the destination switch.
Destination port on the source switch, source on the destination switch.
A destination port is always going to be in what kind of state?
Down/down.
What is mirrored to a destination port by default, and what tags can change this?
Transit and receive data, the tx and rx tags can change this.
Can you mirror a port channel?
Yes, you can mirror a port channel or just an individual port in a port channel.
Can trunks act as source ports?
Yes, and by default all VLANs will be mirrored.
Can a interface serve as a source and destination port?
No, it can only be one or the other.
What can you specify as a SPAN source in addition to interfaces?
Entire VLANs, also known as VSPANS.
Port channels cannot serve as ___.
Destination ports.
How many sessions can a destination port be active in?
Only one.
What do destination ports NOT participate in?
STP, VTP, DTP, and port channels.
interface GigabitEthernet0/1
switchport
switchport mode trunk
switchport trunk allowed vlan 1-100
!
interface GigabitEthernet0/48
switchport
switchport mode access
!
monitor session 1 source interface GigabitEthernet0/1
monitor session 1 destination interface GigabitEthernet0/48
How can the traffic that is mirrored out the GigabitEthernet0/48 port be limited to only traffic that is received or transmitted in VLAN 10 on the GigabitEthernet0/1 port?
monitor session 1 filter vlan 10
Apply the monitor session filter globally to allow only traffic from VLAN 10
A network engineer wants to analyze all incoming and outgoing packets for an interface that is connected to an access switch. Which three items must be configured to mirror traffic to a packet sniffer that is connected to the distribution switch? (Choose three)
- A remote SPAN VLAN on the distribution and access layer switch
- A monitor session on the access switch with a physical interface source and the remote SPAN VLAN as the destination
- A monitor session on the distribution switch with a remote SPAN VLAN as the source and physical interface as the destination
Interface FastEthernet0/1 is configured as a trunk interface that allows all VLANs. This command is configured globally:
monitor session 2 filter vlan 1 – 8, 39, 52
What is the result of the implemented command
Traffic from VLANs 1 to 8, 39, and 52 is replicated to the SPAN destination port
A network engineer investigates a recent network failure and notices that one of the interfaces on the switch is still down. What is causing the line protocol on this interface to be shown as down?
The interface is configured as the target of the SPAN session
Define SPAN
A method of collecting traffic received on a switch port or a VLAN and sending it to specific destination ports on the same switch.
Define RSPAN
A method of collecting traffic received on a switch port or a VLAN and sending it to specific destination ports on a switch other than the one on which it was received.
Define remote VLAN
The destination VLAN for an RSPAN session.
Define monitor session
The command used to initialize a SPAN or RSPAN session on a Catalyst switch.
Define encapsulation replication
Regeneration of the Layer 2 encapsulation removed from frames forwarded in a SPAN session.
What does *SPAN* stand for?
Switchport Analyzer
What is *SPAN*?
SPAN is a feature that allows you to copy ingress traffic from port or VLAN, which is then sent to an egress port for observation.
What does RSPAN stand for?
Remote Switchport Analyzer
What is RSPAN?
RSPAN is a feature that allows you to capture traffic on one switch and send it over a remote switch as long as the switches have a layer 2 connection with each other.
How is a RSPAN set up?
A RSPAN is set up by utilizing a remote VLAN and a reflector port.
What is a reflector port in RSPAN?
A reflector port is set up on the destination bridge, and is essentially an unused port. The reflector port’s ASIC is stolen to handle the forwarding logic.
What configuration commands sets up *RSPAN*?
CONFIGURATION SOURCE
- Sw1(config)# vlan 200
- Sw1(config-vlan)# remote-span
- Sw1(config)# monitor session 1 source interface Eth1/1
- Sw1(config)# monitor session 1 destination remote vlan 200 reflector-port Eth1/2
CONFIGURATION DESTINATION
- Sw2(config)# vlan 200
- Sw2(config-vlan)# remote-span
- Sw2(config)# monitor session 1 source remote vlan 200
- Sw2(config)# monitor session 1 destination Eth1/3
