Real World Application & Core Knowledge
Have you ever wanted to replicate traffic switch port to another switchport so you can view the traffic with Wireshark? Well there is a way to achieve that; its called Switch Port Analyzer Session, commonly referred to as a SPAN. The industry knows this type of technology as “Port Mirroring” which is port traffic replication from one interface to another for analysis.
SPAN’s prove to be extremely beneficial in a production environment when troubleshooting issues with Ethernet links between a switch and another device such as a router, firewall, server or host.
They may sound complex at first but they are very easy to configure, typically involve two lines of configuration and your all set.
Cisco Catalyst Series switches typically have a limit on the number of SPAN sessions they support. The NM-16ESW which is used in GNS3 only supports two SPAN sessions.
Note that you’ll be able to configure a SPAN session in GNS3 using a Cisco Router with the NM-16ESW installed however you will not be able to verify the SPAN session is actually working using Wireshark as you cannot link an NIO connection to a NM-16ESW switchport within GNS3.
In this lab you’ll familiarize yourself with the following commands;
|monitor session 1 source interface interfacename#/#||This command is executed in global configuration and creates a new SPAN session # and specifies the source interface(s) which are the interfaces which traffic is to be replicated to the specified destination.|
|monitor session 1 destination interface interfacename#/#||This command is executed in global configuration and creates a SPAN session # and specifies the destination interface that all traffic is replicated to.|
|show monitor session #||This command is executed in privileged mode which displays the current configuration for the specified span number.|
- If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2 and SW1.
- Establish a console session with devices R1, R2 and SW1 than configure the devices respected hostname(s).
- Configure the IP Address 10.1.1.1/24 on R1’s Fa0/0 interface than configure SW1’s Vlan1 interface with the IP Address 10.1.1.10/24 than verify IP connectivity between R1 and SW1’s VLAN 1 interface before continuing.
- Configure a new SPAN session on SW1 using the first available SPAN session number. Configure the source interface of the SPAN as SW1’s Fa1/1 interface and the SPAN’s destination interface of Fa1/2.
- OPTIONAL: Verify that the span is functioning properly by using WireShark to sniff traffic that on the span’s destination interface. If you choose to verify this configuration you’ll need real hardware and set the span destination to a port that you’re PC is plugged into.
Step 1. – Configure a new SPAN session on SW1 using the first available SPAN session number. Configure the source interface of the SPAN as SW1’s Fa1/1 interface and the SPAN’s destination interface of Fa1/2.
To create a new span session you’ll use the monitor command in global configuration as shown below;
SW1 con0 is now available
Press RETURN to get started.
SW1#<span class="config_cmd">configure terminal</span>
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#<span class="config_cmd">monitor session 1 source interface fa1/1</span>
SW1(config)#<span class="config_cmd">monitor session 1 destination interface fa1/2</span>
SW1#<span class="config_cmd">show monitor session 1</span>
RX Only: None
TX Only: None
RX Only: None
TX Only: None
Destination Ports: Fa1/2
Filter VLANs: None