SPOTO teaches you the SPAN and RSPAN in 10 minutes
- Spoto
- |
- Posted on: 2019-07-11
- |
- Views: 1347
- |
- Category:
- ▸ Technical Article
The following is the introduction to SPAN and RSPAN.
SPAN and RSPAN are the signficant parts of the SPOTO CCIE RS 400 101 lab exam. Howecer,some candidates found that it's difficult to master SPAN and RSPAN , SPOTO candidates passed these parts of the CCIE RS Lab exam easily. More info can be found in SPOTO Cisco whatsapp study group .
Today, SPOTO will introduce some basic SPOTO CCIE RS 400-101 exam questions
1. Basic Concepts
SPAN technology is mainly used to monitor the data flow on the switch. There are two types, Local SPAN ( Local Switched Port Analyzer ) and Remote SPAN ( Remote SPAN ) .
We generally say that SPAN refers to local, and remote is generally called RSPAN .
These techniques can be certain you want to SPAN on the switch being monitored port (also called controlled port) data stream COPY (also say MIRROR) a copy sent to the data flow analysis device connected to the monitor port, such as IDS or The host with the SNIFFER tool installed . The controlled port and monitoring port can be on the same switch (local SPAN ) or on different switches ( RSPAN ).
Note: Local SPAN must be used on one switch, and RSPAN must not be used on one switch!
*The following SPAN refers to both local and remote * if there is no special emphasis
2.SPAN monitoring data stream type
There are three types of data streams that SPAN can monitor;
Receive (Rx) Received traffic for the SPAN controlled port.
Transmit (Tx) The traffic sent by the SPAN controlled port.
Both receive and transmit traffic on a controlled port.
3.SPAN port type
Source Port--SPAN source port, also called monitored port , which is the monitored port (controlled port)
Controlled port may be an actual physical port, VLAN, an EtherChannel Ethernet channel, a physical port can be a different VLAN, the VLAN if the controlled port is a physical portcomprises Therefore, if the controlled port is an Ethernet channel of the VLAN comprises the All physical ports that make up an Ethernet channel, if the controlled port is a TRUNKtrunk port, then this TRUNK carried on all ports VLAN traffic will be subject to monitoring, may be used filter vlan parameter adjustment, only the filter vlan specified VLAN Data traffic is monitored.
Destination Port--SPAN destination port, which is the monitoring port - that is , the monitoring port (for monitoring devices).
A monitoring port can only be a single physical port. A monitoring port can only be used in one SPAN . The monitoring port does not participate in other Layer 2 protocols.
Cisco Discovery Protocol (CDP),
VLAN Trunk Protocol (VTP),
Dynamic Trunking Protocol (DTP),
Spanning Tree Protocol (STP),
Port Aggregation Protocol (PagP),
Link Aggregation Control Protocol (LACP) and so on.
By default, the monitoring port does not forward any data stream except the SPAN Session . You can also enable the Layer 2 forwarding function of the monitoring port by setting theingress parameter. For example, when connecting to the CISCO IDS , this requirement is required. The IDS not only needs to receive the data stream of the SPAN Session , but the IDS itself also has communication traffic with other devices in the network, so the Layer 2 forwarding function of the monitoring port is required.
The bandwidth of the monitoring port is preferably greater than or equal to the bandwidth of the controlled port. Otherwise, packet loss may occur.
4.Reflector Port-- reflection port
* Used only in the reflection port RSPAN RSPAN * in the controlled port (port monitoring not on this switch), it is used to locally controlled port on the same data stream sent to the switch in another RSPAN The remote monitoring port on the switch. The reflective port can only be an actual physical port.
* Reflected port cannot belong to any VLAN*
*RSPAN also uses a dedicated VLAN to forward traffic * . The reflective port uses this private VLAN to send traffic through the TRUNK port to other switches. The remote switch thensends the data stream to the monitoring port through this private VLAN . Analyzer.
When using RSPAN VLAN , all switches participating in RSPAN should be in the same VTP domain. You cannot use VLAN 1 or 1002-1005 . This is reserved for Token Ring and FDDI . If it is 2-1001 standard. The VLAN can be created on the VTP server (all the switches can be manually created after the switch VTP mode is set to Transparent ). Other switches will learn automatically. If it is an extended VLAN of 1006-4094 , it needs to be on all switches. Create this private VLAN .
The bandwidth of the reflective port is preferably greater than or equal to the bandwidth of the controlled port. Otherwise, packet loss may occur.
5. Need to pay attention to the problem
The monitoring port does not participate in many communications! And will have an impact on some other communications! The reflection port has a smaller effect, but it can also be problematic. Most of the errors are caused by this.
When you use SPAN to monitor a VLAN , you can only monitor the traffic received by all active ports in the VLAN . If the monitoring port also belongs to this VLAN , the port is not in the monitoring range.
When using the monitor SPAN VLAN, does not monitor the VLAN routing data between, for example, I open a SPAN monitoring data flow Rx direction of a three-tier exchange of a VLAN (also only in this direction), when a data stream is from another When a VLAN is routed to this VLAN , this data flow is not monitored.
A port configured with port security (such as the maximum number of addresses learned) cannot be set as a monitoring port.
6. Configuration commands
Local SPAN :
No monitor session all ' Clear first SPAN settings already exist
(The SPAN is not enabled by default . A monitor session is a combination of a monitoring port and a monitored port. You can only set two monitor sessions on a switch , 1 and 2 )
Monitor session 1 source interface fastethernet0/10 [both/rx/tx] ' Set the controlled port of SPAN and the direction of monitoring. The default is both.
Monitor session 1 destination interface fastethernet0/20 ' Set the monitoring port of SPAN , the added default monitoring rx direction
Monitor session 1 source interface fastethernet0/11 - 13 ' Add a SPAN controlled port
Monitor session 1 destination interface fastethernet0/20 ingress ' Set the SPAN monitoring port to enable Layer 2 forwarding, even when IDS is used.
#show monitor
Monitor session 2 source vlan 101 - 102 rx 'The monitoring port is multiple VLANs (can also be added as above)
Monitor session 2 destination interface fastethernet0/30
Look at the filter again, assuming fa0/24 is trunk
Monitor session 2 source interface fastethernet0/48 rx
Monitor session 2 filter vlan 100 - 102 ' Specify the monitored VLAN range
Monitor session 2 destination interface fastethernet0/30
RSPAN :
Suppose there are three switches SW1 , SW2 , SW3 . If the controlled port is on SW1 , the monitoring port is on SW3 , and which switch is the reflected port? Also on SW1 ! ! Go wrong and go out for a lap!
SW1 configuration:
Vlan 333
Remote-span
Exit
No monitor session 1
Monitor session 1 source interface fastethernet0/10
Monitor session 1 source interface fastethernet0/13 - 15 rx
Monitor session 1 destination remote vlan 333 reflector-port fastethernet0/18
SW2 configuration
Vlan 333
Exit ' It's very simple, as long as there is a vlan 333 on SW2 , you don't need to configure it as remote-span vlan .
SW3 configuration
Monitor session 1 source remote vlan 333
Monitor session 1 destination interface fastethernet0/10
This example is very simple . When doing VLAN monitoring, put the above things together . follow SPOTO if you wanna get more information about Cisco Exam,
More you may be interested:
How Important would be the CCNA Security?
Top 5 best free antivirus for MAC in 2019
How to prepare for CCNP RS?
- Tags:
- SPAN
- RSPAN
- CCIE
- CCIE RS LAB