Port Spanning

To configure a Cisco switch, such as a Cisco 2950 switch, for port spanning, aka mirroring, log into the switch via a serial, telnet, or SSH connection. Then enter privileged mode by entering the enable command. Provide the enable secret when prompted for "password". Once you are in privileged mode, you can enter configuration mode by entering the config terminal command. 

My_Switch>enable
Password:
My_Switch#config terminal
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line.  End with CNTL/Z.
My_Switch(config)#

Let's say I want to view all traffic to/from a system connected to port 16 on my switch. I want to view the traffic using a system connected to port 10. So, I mirror the traffic to/from port 16 to port 10 with the following commands: 

My_Switch(config)#monitor session 1 source interface Fa0/16 both
My_Switch(config)#monitor session 1 destination interface Fa0/10
My_Switch(config)#

Then on a system connected to port 10, I can monitor network traffic using a utility, such as snoop, tcpdump, WinDump Wireshark, or some other packet sniffer utility.

In Cisco terminology a monitor port is also a destination Switched Port Analyzer (SPAN) port.

You can exit from configuration mode by typing exit. You can see which ports are being mirrored using the show monitor command. 

My_Switch>show monitor
Session 1
---------
Type              : Local Session
Source Ports      :
    Both          : Fa0/16
Destination Ports : Fa0/10
    Encapsulation : Native
          Ingress: Disabled

You can add additional source ports for monitoring, if you wish.

My_Switch(config)#monitor session 1 source interface Fa0/18 both
My_Switch(config)#exit
My_Switch#show monitor
Session 1
---------
Type              : Local Session
Source Ports      :
    Both          : Fa0/16,Fa0/18
Destination Ports : Fa0/10
    Encapsulation : Native
          Ingress: Disabled

You can turn off monitoring from configuration mode using no monitor session session_number.

My_Switch(config)#no monitor session 1
My_Switch(config)#exit
My_Switch#show monitor
 No SPAN configuration is present in the system.

References:

  1. Port Sniffing Port Mirroring with SPAN
    Date: May 8, 2008
    Who's Your ITDaddy? - CCNA Blog!

 

TechRabbit ad 300x250 newegg.com

Justdeals Daily Electronics Deals1x1 px

Valid HTML 4.01 Transitional

Created: Saturday December 19, 2009