SPAN Session
SPAN session means to mirror the data flow of one or multiple monitor ports on the device and send to the destination port. The mirrored data flow can be the input data flow and also can be the output data flow or mirror the input and output data flow at the same time. We can configure SPAN for the disabled port and the SPAN session does not take effect, but as long as the related port is enabled, SPAN takes effect.
Local SPAN
Local SPAN supports the port mirror on one device. All mirror ports and destination ports are on the same device.
Remote SPAN
Remote SPAN, also called RSPAN (Remote Switched Port Analyzer), supports that the mirror port can destination port are not on one device, realizing the remote monitoring across the L2 network. In the specified RSPAN VLAN, each RSPAN Session makes the mirror packets be forwarded in the L2 network. RSPAN includes RSPAN Source Session, RSPAN VLAN, and RSPAN Destination Session. We need to configure RSPAN source session and RSPAN destination session on different devices. When configuring the RSPAN source session, we need to specify one or multiple mirror ports and one or multiple RSPAN VLANs. The data mirrored by the monitor port is sent to RSPAN VLAN. To configure RSPAN destination session on another device, we need to specify the destination port and one RSPAN VLAN. RSPAN destination session sends RSPAN VLAN data to the destination port.
Encapsulated Remote SPAN
Encapsulated remote SPAN, also called ERSPAN (Encapsulated Remote Switched Port Analyzer), encapsulates the mirror packets via the specified tunnel, traversing the L3 network, so as to mirror the data. When configuring the ERSPAN session, we need to specify one or multiple mirror ports, the source IP address and destination IP address.
VLAN SPAN
VLAN SPAN supports the VLAN mirror on one device. Mirror one or multiple monitor VLAN data flow and send to the destination port. The mirrored data flow can be the input data flow and also can be output data flow or mirror the input and output flow at the same time.
Traffic Type
Traffic type includes Receive (Rx) (the received traffic of the mirror port, Transmit (Tx) (the forwarded traffic of the mirror port, and Both (the received and forwarded traffic of the mirror port).
SPAN Source Port
SPAN source port is also called monitored port. Its data is monitored for network analysis. The monitored data flow can be at the input direction, output direction or both. It can function in different VLANs. The source port can be general port or aggregation group. One source port can only belong to one SPAN session.
SPAN Destination Port
SPAN destination port can only be one separate actual physical port or aggregation group. One destination port can only be used in one SPAN session. The destination port can be general port or aggregation group.
The device supports taking the destination port as the general forwarding port, but for universality and to make the monitored data not be interfered by other data flow, it is suggested to delete the destination port from all VLANs.
- The destination port should not be connected to other device. Otherwise, it may result in the network loop.
- The destination port cannot bear other services any more.
- The destination port should be larger than or equal to the bandwidth of the mirror port. Otherwise, there may be packet loss.
- The destination port cannot enable LACP (Link Aggregation Control Protocol), so as to prevent the mirror data from being affected.
- The destination ports of one session can be four at most. According to the chip, different cards may support different numbers of the destination ports.
RSPAN VLAN
RSPAN VLAN should be one idle VLAN, specially used by RSPAN. We can select one idle VLAN during configuration, but should ensure that the other devices on the path from the mirror port to the destination port are all configured with the VLAN and add the corresponding ports of the other devices on the path to the VLAN.
Switch
.png){kind=icon}
.png){kind=logo}
.jpg)
.png){kind=logo}
