20-8
Catalyst 2940 Switch Software Configuration Guide
78-15507-02
Chapter 20 Configuring SPAN
Configuring SPAN
Creating a SPAN Session and Enabling Ingress Traffic
Beginning in privileged EXEC mode, follow these steps to create a SPAN session, to specify the source
and destination ports, and to enable ingress traffic on the destination port for a network security device
(such as a Cisco IDS Sensor Appliance):
This example shows how to configure the destination port for ingress traffic on VLAN 5 by using a
security device that does not support 802.1Q encapsulation.
Switch(config)# monitor session 1 destination interface Fa 0/5 ingress vlan 5
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
no monitor session {session_number | all |
local | remote}
Clear any existing SPAN configuration for the session.
For session_number, specify 1.
Specify all to remove all SPAN sessions, local to remove all local
sessions, or remote to remove all remote SPAN sessions.
Step 3
monitor session session_number source
interface interface-id [, | -] [both | rx | tx]
Specify the SPAN session and the source port (monitored port).
For session_number, specify 1.
For interface-id, specify the source port to monitor. Valid interfaces
include physical interfaces and port-channel logical interfaces
(port-channel port-channel-number).
(Optional) [, | -] Specify a series or range of interfaces. Enter a space
before and after the comma; enter a space before and after the
hyphen.
(Optional) Specify the direction of traffic to monitor. If you do not
specify a traffic direction, the source interface sends both sent and
received traffic.
• both—Monitor both received and sent traffic.
• rx—Monitor received traffic.
• tx—Monitor sent traffic.
Step 4
monitor session session_number
destination interface interface-id
[encapsulation {dot1q}] [ingress vlan
vlan id]
Specify the SPAN session, the destination port (monitoring port), the
packet encapsulation, and the ingress VLAN.
For session_number, specify 1.
For interface-id, specify the destination port. Valid interfaces include
physical interfaces.
(Optional) Specify the encapsulation header for outgoing packets. If
not specified, packets are sent in native form.
• dot1q—Use 802.1Q encapsulation.
(Optional) Enter ingress vlan vlan id to enable ingress forwarding
and specify a default VLAN.
Step 5
end Return to privileged EXEC mode.
Step 6
show monitor [session session_number] Verify your entries.
Step 7
copy running-config startup-config (Optional) Save your entries in the configuration file.
