Configuring Port Mirroring SPAN Session Cisco

By | 11/05/2017

Real World Application & Core Knowledge

Have you ever wanted to replicate traffic switch port to another switchport so you can view the traffic with Wireshark? Well there is a way to achieve that; its called Switch Port Analyzer Session, commonly referred to as a SPAN. The industry knows this type of technology as “Port Mirroring” which is port traffic replication from one interface to another for analysis.

SPAN’s prove to be extremely beneficial in a production environment when troubleshooting issues with Ethernet links between a switch and another device such as a router, firewall, server or host.

They may sound complex at first but they are very easy to configure, typically involve two lines of configuration and your all set.

Cisco Catalyst Series switches typically have a limit on the number of SPAN sessions they support. The NM-16ESW which is used in GNS3 only supports two SPAN sessions.

Note that you’ll be able to configure a SPAN session in GNS3 using a Cisco Router with the NM-16ESW installed however you will not be able to verify the SPAN session is actually working using Wireshark as you cannot link an NIO connection to a NM-16ESW switchport within GNS3.

In this lab you’ll familiarize yourself with the following commands;

Command Description
monitor session 1 source interface interfacename#/# This command is executed in global configuration and creates a new SPAN session # and specifies the source interface(s) which are the interfaces which traffic is to be replicated to the specified destination.
monitor session 1 destination interface interfacename#/# This command is executed in global configuration and creates a SPAN session # and specifies the destination interface that all traffic is replicated to.
show monitor session # This command is executed in privileged mode which displays the current configuration for the specified span number.

Lab Prerequisites

  • If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; R1, R2 and SW1.
  • Establish a console session with devices R1, R2 and SW1 than configure the devices respected hostname(s).
  • Configure the IP Address 10.1.1.1/24 on R1’s Fa0/0 interface than configure SW1’s Vlan1 interface with the IP Address 10.1.1.10/24 than verify IP connectivity between R1 and SW1’s VLAN 1 interface before continuing.

Lab Objectives

  • Configure a new SPAN session on SW1 using the first available SPAN session number. Configure the source interface of the SPAN as SW1’s Fa1/1 interface and the SPAN’s destination interface of Fa1/2.
  • OPTIONAL: Verify that the span is functioning properly by using WireShark to sniff traffic that on the span’s destination interface. If you choose to verify this configuration you’ll need real hardware and set the span destination to a port that you’re PC is plugged into.

Lab Instruction

Step 1. – Configure a new SPAN session on SW1 using the first available SPAN session number. Configure the source interface of the SPAN as SW1’s Fa1/1 interface and the SPAN’s destination interface of Fa1/2.

To create a new span session you’ll use the monitor command in global configuration as shown below;

Leave a Reply

Your email address will not be published. Required fields are marked *