We can add the “monitor session 1 filter vlan 10” command to limit monitored trafic from VLAN 10 only.
The network engineer is connecting to the Distribution switch but he wants to monitor an access switch -> remote SPAN must be used. An example of configuring remote SPAN which uses vlan 40 is shown below:
|Access-Switch(config)# monitor session 1 source interface FastEthernet 0/1
Access-Switch(config)# monitor session 1 destination remote vlan 40
Distribution-Switch(config)#monitor session 2 source remote vlan 40
Distribution-Switch(config)# monitor session 2 destination interface FastEthernet 0/5
This command limits the monitored trafic on VLAN 1 to 8, 39, 52 only
From the output we see the status of gi0/12 is “monitoring”. It means this port is currently the destination of a SPAN session.
This is how to configure Remote SPAN (RSPAN) feature on two switches. Traffic on FastEthernet0/1 of Switch 1 will be sent to Fa0/10 of Switch2 via VLAN 40.
+ Configure on both switches
+ Configure on Switch1
Switch1(config)# monitor session 1 source interface FastEthernet 0/1
Switch1(config)# monitor session 1 destination remote vlan 40
+ Configure on Switch2
Switch2(config)#monitor session 5 source remote vlan 40
Switch2(config)# monitor session 5 destination interface FastEthernet 0/10
So without the command “remote-span” on both switches, RSPAN cannot works properly.
The first command points out the source interface and the direction to be monitored, which is Gi0/4 and inbound traffic (rx) in this case. The second command tells our device to monitor only VLAN 3 running on Gi0/4 (notice that Gi0/4 is a trunk link). The last command requests monitored traffic to be sent to the destination port Gi0/5.
A source port can be monitored by some SPAN sessions but a destination port can be used for one session only. A destination port or a reflector port does not participate in STP while its SPAN session is active.
For more limitations of configuring SPAN please visit this link: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/system_management/configuration/guide/sm_nx_os_cg/sm_14span.html#wp1239658
From the outputs we learn that the SPAN session 1 is incomplete because only source port is configured:
monitor session 1 source remote vlan 50
-> It needs to specify the destination port
while SPAN session 2 is configured correctly with source and destination ports:
monitor session 2 source interface fa0/14 (both)
monitor session 2 destination interface fa0/15