Dec 2 2008 7:30AM GMT
Posted by: Yasir Irfan
It’s quite important for Network Engineers and an essential network troubleshooting technique to utilize the ability of Cisco Catalyst Switches to mirror the traffic and send it to a sniffer for analysis. All Cisco Catalyst Switches support the Switched Port Analyzer (SPAN) feature. The SPAN copies traffic from the specified interface or VLANs and mirrors this traffic to a specified destination interface (SPAN interface). Then you can connect the PC with a sniffing tool (Wireshark) installed on the destination SPAN interface to capture all the mirrored traffic.Let’s see how to configure the SPAN in Cisco Catalyst Switches.
To enable the switch SPAN mirroring feature configure the following on the catalyst switch: Configuration Example – Monitoring traffic from a specific interfaceITKEAS01#configure tITKEAS01(config) monitor session 1 source interface gigabitEthernet 0/5
ITKEAS01(config)#monitor session 1 destination interface gigabitEthernet 0/10
The above configuration will capture all traffic from interface gigabitEthernet 0/5 and send it to SPAN port interface gigabitEthernet 0/10
Configuration Example – Monitoring an entire VLAN traffic
ITKEAS01(config)#monitor session 1 source vlan 100
ITKEAS01(config) monitor session 1 destination interface gigabitEthernet 0/10The above configuration will capture all traffic of VLAN 100 and send it to SPAN port interface gigabitEthernet 0/10
Use show monitor session 1 to verify your configuration.