Home > SPAN Questions

SPAN Questions

March 24th, 2017 in SWITCH 300-115 Go to comments

Question 1

Explanation

We can add the “monitor session 1 filter vlan 10” command to limit monitored trafic from VLAN 10 only.

Question 2

Explanation

The network engineer is connecting to the Distribution switch but he wants to monitor an access switch -> remote SPAN must be used. An example of configuring remote SPAN which uses vlan 40 is shown below:

Access-Switch(config)# monitor session 1 source interface FastEthernet 0/1
Access-Switch(config)# monitor session 1 destination remote vlan 40
Distribution-Switch(config)#monitor session 2 source remote vlan 40
Distribution-Switch(config)# monitor session 2 destination interface FastEthernet 0/5

Question 3

Explanation

This command limits the monitored trafic on VLAN 1 to 8, 39, 52 only

Question 4

Explanation

From the output we see the status of gi0/12 is “monitoring”. It means this port is currently the destination of a SPAN session.

Question 5

Explanation

This is how to configure Remote SPAN (RSPAN) feature on two switches. Traffic on FastEthernet0/1 of Switch 1 will be sent to Fa0/10 of Switch2 via VLAN 40.

+ Configure on both switches
Switch1,2(config)#vlan 40
Switch1,2(config-vlan)#remote-span
+ Configure on Switch1
Switch1(config)# monitor session 1 source interface FastEthernet 0/1
Switch1(config)# monitor session 1 destination remote vlan 40
+ Configure on Switch2
Switch2(config)#monitor session 5 source remote vlan 40
Switch2(config)# monitor session 5 destination interface FastEthernet 0/10

So without the command “remote-span” on both switches, RSPAN cannot works properly.

Question 6

Explanation

The first command points out the source interface and the direction to be monitored, which is Gi0/4 and inbound traffic (rx) in this case. The second command tells our device to monitor only VLAN 3 running on Gi0/4 (notice that Gi0/4 is a trunk link). The last command requests monitored traffic to be sent to the destination port Gi0/5.

Question 7

Explanation

A source port can be monitored by some SPAN sessions but a destination port can be used for one session only. A destination port or a reflector port does not participate in STP while its SPAN session is active.

For more limitations of configuring SPAN please visit this link: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/system_management/configuration/guide/sm_nx_os_cg/sm_14span.html#wp1239658

Question 8

Explanation

From the outputs we learn that the SPAN session 1 is incomplete because only source port is configured:

monitor session 1 source remote vlan 50

-> It needs to specify the destination port

while SPAN session 2 is configured correctly with source and destination ports:

monitor session 2 source interface fa0/14 (both)
monitor session 2 destination interface fa0/15

Comments
  1. Need Helping
    May 1st, 2015

    @ ICE, very good observation, it must have been a typo mistake

  2. Fit
    May 2nd, 2015

    The session number is only locally significant so it DOESN’T have to be the same on both switches.

  3. Jose
    June 27th, 2015

    Q 3 has an ambiguos answer.

    B. Traffic from VLAN 4 is not sent to the SPAN destination interface.

    from the filter that can also be determined. so in theory. that answer is correct as well

  4. neat.boar
    June 28th, 2015

    Q2
    Answer D is correct but stupid. For me.
    There is simple configuration. You dont need to create monitor session on the distribution switch. Why do need it?? Just pass the vlan40 to Sniffer (in trunk or access) and you get the traffic you wanted.
    Or I missed something?:)

  5. Anonish
    July 12th, 2015

    Great video on youtube about RSPAN.

    https://www.youtube.com/watch?v=GyDpkVoix00

  6. perplexed
    July 20th, 2015

    Q2:
    If I have to monitor an interface that is ON the Distribution Switch (connected to the Access Switch, but still on the DSW) and I’m sending the traffic out through another interface of the same switch, why do I need Remote SPAN?
    It’s all on DSW.

  7. Breeze
    July 20th, 2015

    @Jose
    The answer B says that the traffic from VLAN 4 is NOT sent to the SPAN, but the filter includes VLANs 1 to 8 (and also 39 and 52), so the traffic from VLAN 4 is also sent.

  8. perplexed
    July 23rd, 2015

    Q2:
    Oh, apparently when they mention “an interface that is connected to an access switch” they mean an interface on the access switch itself. Looking at the picture I thought that they were asking about the interface on the DSW that is connected to the ASW. So yeah, OK.

  9. ccnp
    August 11th, 2015

    Not ale to see the questions.

  10. AlexNP
    August 14th, 2015

    Hi Guys, I don’t understand the answer for Q4. why the port is down ?! Always the destination port for monitoring remain down ?!

  11. jslim
    August 16th, 2015

    one question i had was a network engineer is having trouble getting SPAN to work on a few ports. What could be the cause of the issue?

    i chose the ports might have been issued the no switchport command

  12. CCNP All
    August 25th, 2015

    I am not able to see the questions , what to do please , do I need to be premium member ?

  13. Aditya
    August 26th, 2015

    @ferry…Q1–(tricky)–d is incorrect because making source vlan 10 will cause all vlan 10 traffic which could be on other ports as well to be mirrored..Q specifies “VLAN 10 on the GigabitEthernet0/1 port”

  14. ccnp
    January 3rd, 2016

    Hi Guys,
    Me too, I don’t understand the answer for Q4. why the port is down ?! Always the destination port for monitoring remain down ?!

  15. jboy
    January 3rd, 2016

    @ccnp

    source: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/10570-41.html

    SPAN Destination Port Up/Down

    When ports are spanned for monitoring, the port state shows as UP/DOWN.
    When you configure a SPAN session to monitor the port, the destination interface shows the state down (monitoring), by design. The interface shows the port in this state in order to make it evident that the port is currently not usable as a production port. The port as up/down monitoring is normal.

    A network engineer investigates a recent network failure and notices that one of the interfaces on the switch is still down. What is causing the line protocol on this interface to be shown as down?
    A. There is a layer 1 physical issue.
    B. There is a speed mismatch on the interface.
    C. The interface is configured as the target of the SPAN session.
    D. The interface is configured as the source of the SPAN session.
    E. There is a duplex mismatch on the interface.

  16. ccnp
    January 3rd, 2016

    @jboy
    thanks you very much :)

  17. poomsa
    January 6th, 2016

    Are these questions still valid ? i heard they have changed the questions anyone can confirm please?

  18. Jovin
    February 9th, 2016

    They have changed the pattern, I attended exam without reading book, and ended up with 711. Please read the book completely. Few questions I will share here.

    1. Minimum Number of DHCP Snooping binding – Hopefully 8000
    2. IP Source Gusrd works with which layer – Hopefully Layer 3
    3. SPAN and RSPAN based questions, scenario based
    4. Etherchannel Load balancing – with requirements of source/destination mac or ip or port

    etc etc.,

  19. wmohammad
    March 5th, 2016

    Hi guys,
    I have scheduled my exam on next Wensda, 09/03.
    I got the “SWITCH_July_2015” dumb

    is this the latest dumb ?

  20. CLE
    March 10th, 2016

    Hi all,

    Can someone send me the latest switch dump to “dooeebear” at hotmail dot com.

  21. Leon
    April 8th, 2016

    1. Minimum Number of DHCP Snooping binding. Answer= 2000 entries supported.
    2. IP Source Gusrd works with which layer. I think it is Layer 2 since the documentation mentions the following:

    The switch uses the IP source binding table only when IP source guard is enabled.
    IP source guard is supported only on Layer 2 ports, including access and trunk ports.

  22. CCNP Bound
    May 23rd, 2016

    Just curious which of the following documents are still valid for the current switch test:

    300-115(191q)
    SWITCH 300-115 (word doc)
    SWITCH_Feb_2016
    SWITCH_July_2015

    I’d like to stick to just one and labs if possible. Thank you.

  23. Veritrini
    May 30th, 2016

    https://www.scribd.com/doc/304946109/Cisco-Exam-300-115

    Question 96

    Which statement about the SPAN and RSPAN configuration on SW1 is true?

    A. SPAN session 2 only monitors egress traffic exiting port FastEthernet 0/14.
    B. RSPAN session 1 monitors activity on VLAN 50 of a remote switch.
    C. RSPAN session 1 is incompletely configured for monitoring.
    D. SPAN session 2 monitors all traffic entering and exiting port FastEthernet 0/15.

    The answer is C, according to all sites. but why?

  24. Kangas
    June 5th, 2016

    @Veritrini because for that Rspan session 1 it only has source and no destination monitoring. hope it makes sence….

  25. GAlarcon
    July 22nd, 2016

    @perplexed, i agree with you about it of Q2, everything be on DSW….is not necessary make set up on the Access Sw.

    Q2:
    If I have to monitor an interface that is ON the Distribution Switch (connected to the Access Switch, but still on the DSW) and I’m sending the traffic out through another interface of the same switch, why do I need Remote SPAN?
    It’s all on DSW.

  26. Himo
    August 24th, 2016

    Hi guys,

    How can i show the questions ?

  27. fred
    August 30th, 2016

    Q1:

    interface GigabitEthernet0/48
    switchport
    switchport mode access

    For this question, if G0/48 is an access port, and not a trunk – it can only be associated with a single VLAN.

    Why is A not also a correct answer?

  28. Anonymous
    September 22nd, 2016

    @Veritrini.
    Can you please share dumps.
    ti.7 at live com

  29. z3r0
    September 25th, 2016

    An access switch has been configured with an EtherChannel port. After configuring SPAN to
    monitor this port, the network administrator notices that not all traffic is being replicated to the
    management server. What is a cause for this issue?
    A. VLAN filters are required to ensure traffic mirrors effectively.
    B. SPAN encapsulation replication must be enabled to capture EtherChannel destination traffic.
    C. The port channel can be used as a SPAN source, but not a destination.
    D. RSPAN must be used to capture EtherChannel bidirectional traffic.

    Answer correct is B

    The default configuration for local SPAN session ports is to send all packets untagged. SPAN also does not normally monitor bridge protocol data unit (BPDU) packets and Layer 2 protocols, such as Cisco Discovery Protocol (CDP), VLAN Trunk Protocol (VTP), Dynamic Trunking Protocol (DTP), Spanning Tree Protocol (STP), and Port Aggregation Protocol (PAgP). However, when you enter the encapsulation replicate keywords when configuring a destination port, these changes occur:

    •Packets are sent on the destination port with the same encapsulation—untagged, Inter-Switch Link (ISL), or IEEE 802.1Q—that they had on the source port.

    •Packets of all types, including BPDU and Layer 2 protocol packets, are monitored.

    Therefore, a local SPAN session with encapsulation replicate enabled can have a mixture of untagged, ISL, and IEEE 802.1Q tagged packets appear on the destination port.

    http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_52_se/configuration/guide/3750scg/swspan.html

  30. gunb1rd
    October 9th, 2016

    @z3r0, http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_52_se/configuration/guide/3750scg/swspan.html

    Destination Port
    •It cannot be an EtherChannel group or a VLAN.

    Answer correct is C

  31. Lili
    November 17th, 2016

    I recommended http://www.testmayor.com ! I passed my exam yesterday with the score 96%. You can try the demo before you pay for the order. 100% money back guarantee. You will lose nothing.

  32. qamq
    November 27th, 2016

    how can i see the questions?

  33. Sam
    December 9th, 2016

    @z3r0 u r absolutely right dear :) thanks for bringing it up:)

  34. Mia
    December 13th, 2016

    I recommended http://www.grades4sure.com/400-101-exam-questions.html ! I passed my CCIE Routing and Switching 400-101 exam yesterday with the score 92%. You can try the demo before you pay for the order. 100% money back guarantee. You will lose nothing.

  35. Lorry
    January 11th, 2017

    Passed my Switch Exam! 191Q is valid. I’m pretty sure information on this site is helpful but I used study materials from this ebay seller I came across on my CCNA/CCNP Route cert prep journey. He tends to have the latest updates for all the exams he provides. He seems to not have the TShoot Cert Prep but will see if he has that lol. Onto completing my CCNP Certification!

    Information to the exam:

    37 Multiple Choice Questions
    OSPF TShoot Simlet
    LACP-STP Simulation
    AAAdot1x Simulation

    If you would like to use the study materials I used, here is the ebay link:

    e b a y . c o m / i t m / – / 3 2 2 3 8 7 2 5 8 8 3 4 ? (without spaces)

    Cheers and Good Luck!

  36. Want it ?
    January 15th, 2017

    i have the 191q and plenty of other study matierla.
    Asking for 12.00 USD
    paypal ciscoted at techie dot com
    I will zip it up for you and email

  37. JOJO
    January 24th, 2017

    Hi.Would you please give me latest dumps.im sitting for an exam switching 300 115 next week . my email address is {email not allowed}

  38. Miki123
    May 17th, 2017

    Where are the questions? i cannot see any questions on the website?

  1. No trackbacks yet.