Cisco switches support a feature known as a Switched Port Analyzer (SPAN) which enables traffic received on an interface or virtual local area network (VLAN) to be sent to a single physical port. SPAN technically implies that the source and destination ports are local to the same switch. If the traffic destination is on another remote switch, it uses Remote SPAN (RSPAN). If the destination requires crossing one or more IP networks, some switches can use Encapsulated Remote SPAN (ERSPAN).
Important: USM Anywhere supports SPAN, RSPAN, ERSPAN, and VMware Encapsulated Remote Mirroring (L3) Source, which is an ERSPAN-like feature.
To configure port and VLAN mirroring
- On the device, select Administration > Diagnostics > Port and VLAN Mirroring.
-
If your switch supports RSPAN, complete these steps:
- RSPAN VLAN: Select Enable to enable RSPAN VLAN mirroring.
-
RSPAN VLAN ID: Select the VLAN to be mirrored.
Note: When you configure a RSPAN mirroring session, you should select this VLAN as the RSPAN VLAN.
- Click Add to add a SPAN or RSPAN mirroring session.
-
Provide the mirror session information:
- Session ID: Select the identifier for the mirroring session.
-
Session Type: Select the appropriate option:
- Local Port Based: Copies Tx, Rx, or both Tx and Rx traffic from each port to the destination port.
- Local VLAN Based: Copies traffic from the local VLAN to the destination port.
- RSPAN Source Session: Uses a VLAN to copy traffic from a source port or a source VLAN to another device.
- RSPAN Destination Session: Uses a VLAN to copy traffic from a destination port to another device.
-
Based on the selected session type, specify the parameters for the session.
Local Port Based
-
Destination Port: Select the analyzer port as the destination for the copied packets.
A network analyzer, such as a PC running Wireshark, is connected to this port.
Note: Any port identified as an analyzer destination remains such until all the entries have been removed.
- Allow Ingress Packets: Select Enable to enable the destination port to receive uncopied ingress packets.
-
Source Port: Select the source ports for the mirrored traffic and the type of traffic to be mirrored to the analyzer port:
- Rx Only: Port mirroring on incoming packets.
- Tx Only: Port mirroring on outgoing packets.
- Tx and Rx: Port mirroring on both incoming and outgoing packets.
- N/A: Traffic from this port is not mirrored.
Local VLAN Based
- Destination Port: Select the analyzer port to where packets are copied.
- Allow Ingress Packets: Select Enable to enable the destination port to receive ingress packets that are not copied.
- VLAN: Select the source VLAN from where traffic is mirrored.
RSPAN Source Session
-
RSPAN VLAN: Select the VLAN to be used to copy traffic to another device.
This VLAN should be the same as the VLAN defined in the RSPAN VLAN ID field.
- Reflector Port: Select the port or Link Aggregation Group (LAG) to be connected to another device.
-
Source Type: Select Port or VLAN as the source port or source VLAN.
If Port is selected, set the source ports for the mirrored traffic and the type of traffic to be mirrored to the analyzer port.
- Rx Only: Port mirroring on incoming packets.
- Tx Only: Port mirroring on outgoing packets.
- Tx and Rx: Port mirroring on both incoming and outgoing packets.
- N/A: Traffic from this port is not mirrored.
If VLAN is selected, select a source VLAN.
- VLAN: Select a VLAN as the source VLAN.
RSPAN Destination Session
-
RSPAN VLAN: Select the VLAN to be used to copy traffic to another device.
This VLAN should be same as the VLAN defined in the RSPAN VLAN ID field.
- Destination Port: Select the analyzer port as the destination for the copied packets.
- Allow Ingress Packets: Select Enable to enable the destination port to receive ingress packets that are not copied.
-
-
Click Apply.
This updates the running configuration.
See SG220-50P Switch documentation on the vendor website to learn more about configuring port mirroring on the Cisco SGxxx Series devices.
Feedback