Cisco Systems 3560 사용자 설명서
28-4
Catalyst 3560 Switch Software Configuration Guide
OL-8553-06
Chapter 28 Configuring SPAN and RSPAN
Understanding SPAN and RSPAN
An RSPAN source session is very similar to a local SPAN session, except for where the packet stream
is directed. In an RSPAN source session, SPAN packets are relabeled with the RSPAN VLAN ID and
directed over normal trunk ports to the destination switch.
is directed. In an RSPAN source session, SPAN packets are relabeled with the RSPAN VLAN ID and
directed over normal trunk ports to the destination switch.
An RSPAN destination session takes all packets received on the RSPAN VLAN, strips off the VLAN
tagging, and presents them on the destination port. Its purpose is to present a copy of all RSPAN VLAN
packets (except Layer 2 control packets) to the user for analysis.
tagging, and presents them on the destination port. Its purpose is to present a copy of all RSPAN VLAN
packets (except Layer 2 control packets) to the user for analysis.
There can be more than one source session and more than one destination session active in the same
RSPAN VLAN. There can also be intermediate switches separating the RSPAN source and destination
sessions. These switches need not be capable of running RSPAN, but they must respond to the
requirements of the RSPAN VLAN (see the
RSPAN VLAN. There can also be intermediate switches separating the RSPAN source and destination
sessions. These switches need not be capable of running RSPAN, but they must respond to the
requirements of the RSPAN VLAN (see the
Traffic monitoring in a SPAN session has these restrictions:
•
Sources can be ports or VLANs, but you cannot mix source ports and source VLANs in the same
session.
session.
•
The switch supports up to two source sessions (local SPAN and RSPAN source sessions). You can
run both a local SPAN and an RSPAN source session in the same switch. The switch supports a total
of 66 source and RSPAN destination sessions.
run both a local SPAN and an RSPAN source session in the same switch. The switch supports a total
of 66 source and RSPAN destination sessions.
•
You can have multiple destination ports in a SPAN session, but no more than 64 destination ports.
•
You can configure two separate SPAN or RSPAN source sessions with separate or overlapping sets
of SPAN source ports and VLANs. Both switched and routed ports can be configured as SPAN
sources and destinations.
of SPAN source ports and VLANs. Both switched and routed ports can be configured as SPAN
sources and destinations.
•
SPAN sessions do not interfere with the normal operation of the switch. However, an
oversubscribed SPAN destination, for example, a 10-Mb/s port monitoring a 100-Mb/s port, can
result in dropped or lost packets.
oversubscribed SPAN destination, for example, a 10-Mb/s port monitoring a 100-Mb/s port, can
result in dropped or lost packets.
•
When RSPAN is enabled, each packet being monitored is transmitted twice, once as normal traffic
and once as a monitored packet. Therefore monitoring a large number of ports or VLANs could
potentially generate large amounts of network traffic.
and once as a monitored packet. Therefore monitoring a large number of ports or VLANs could
potentially generate large amounts of network traffic.
•
You can configure SPAN sessions on disabled ports; however, a SPAN session does not become
active unless you enable the destination port and at least one source port or VLAN for that session.
active unless you enable the destination port and at least one source port or VLAN for that session.
•
The switch does not support a combination of local SPAN and RSPAN in a single session. That is,
an RSPAN source session cannot have a local destination port, an RSPAN destination session
cannot have a local source port, and an RSPAN destination session and an RSPAN source session
that are using the same RSPAN VLAN cannot run on the same switch.
an RSPAN source session cannot have a local destination port, an RSPAN destination session
cannot have a local source port, and an RSPAN destination session and an RSPAN source session
that are using the same RSPAN VLAN cannot run on the same switch.
Monitored Traffic
SPAN sessions can monitor these traffic types:
•
Receive (Rx) SPAN—The goal of receive (or ingress) SPAN is to monitor as much as possible all
the packets received by the source interface or VLAN before any modification or processing is
performed by the switch. A copy of each packet received by the source is sent to the destination port
for that SPAN session.
the packets received by the source interface or VLAN before any modification or processing is
performed by the switch. A copy of each packet received by the source is sent to the destination port
for that SPAN session.
Packets that are modified because of routing or quality of service (QoS)—for example, modified
Differentiated Services Code Point (DSCP)—are copied before modification.
Differentiated Services Code Point (DSCP)—are copied before modification.
Features that can cause a packet to be dropped during receive processing have no effect on ingress
SPAN; the destination port receives a copy of the packet even if the actual incoming packet is
dropped. These features include IP standard and extended input access control lists (ACLs), ingress
QoS policing, VLAN ACLs, and egress QoS policing.
SPAN; the destination port receives a copy of the packet even if the actual incoming packet is
dropped. These features include IP standard and extended input access control lists (ACLs), ingress
QoS policing, VLAN ACLs, and egress QoS policing.