Answers: Local SPAN 2

Wendell
By Wendell September 30, 2016 09:10

Configuring local SPAN does not take a lot of commands. The bigger danger is capturing too much, which risks losing some of the messages and also causing you more work to see the content that you want to see. As usual, for these config labs, start by doing the lab for yourself, then check back to this answer post for my suggested answer and some explanation.

Answers

Figure 1: Single Switch Topology for Local SPAN Configuration

 

Example 2: SW1 Config

 

Commentary

This lab gives you what appears to be an obvious primary goal: to capture all frames sent within VLAN 2. However, that requirement coupled with the secondary goal of capturing no more messages than is required sets you up for a common mistake: capturing frames in both directions.

First, the suggested answer creates a monitor session number 2, monitoring frames received on ports in VLAN 2. That means that any frames the SPAN session will capture frames received in (a) access ports in VLAN 2 or (b) trunk ports with the frame tagged as VLAN 2.

The danger is to consider using the both direction, that is, for frames both sent and received. If you configured this lab and instead used a direction of both, SPAN would capture each frame twice. For example, a frame sent by PC1 to PC2 (both in VLAN 2) would be received in G0/1 (an access port in VLAN 2) and forwarded out port G0/2 (an access port in VLAN 2), so SPAN would capture at both points.

As a result, the two best answers for the SPAN source are either the answer listed in Example 3, or the similar monitor session 2 source vlan 2 tx global command.

The monitor session 2 destination command simply references the outgoing interface, which should point to the interface connected to the host that is running wireshark.

IPv6 Extended ACLs 1
Local Span 2
Wendell
By Wendell September 30, 2016 09:10
Write a comment

No Comments

No Comments Yet!

Let me tell You a sad story ! There are no comments yet, but You can be first one to comment this article.

Write a comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Search

Categories