Recently I am doing mass configuration of WS3750-24G switches. The final configuration is different from the initial configuration which I have done for the PoC.
Customer has wanted a VSPAN and want to be monitored from interface gi1/0/21 to 22, I studied my colleague’s configuration and found that the destination ports are within the same vlan as the source port, I think he did not realise or forgot that SPAN has several limitations.
It is normal we do not remember all the limitations and characteristics of SPAN, ESPAN, ERSPAN and VSPAN, however it is a good practice to research and not depend on gut feeling.
If destination ports are the same vlan as the source vlan, then the destination ports will be removed from the source list and not monitored. Hence if gi1/0/21 to 22 are the same vlan as vlan 10, then these two ports cannot be monitored. This is logical because when you put vlan 10 as source, then all ports that are members of vlan 10 are the source, how can a source port be destination port at the same time?
These are the configurations from the file:
monitor session 2 source vlan 10
monitor session 2 destination interface Gi2/0/21 – 22
interface GigabitEthernet2/0/21
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet2/0/22
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
Characteristics of VSPAN
1. All active ports which are the member of the source vlan are included in the source list, traffic can be both directions (ingress and egress)
2. Only traffic of the monitored vlan is sent to the destination port
3. If the destination port belongs to a source vlan, it is excluded from the source list and not monitored.
4. If vlan membership is added to or removed from the active port, traffic of this port will be added to or removed from the source list.
5. Only ethernet vlans can be monitored.
Characteristics of destination port
1. Only one session is allowed for the destination port at a time, in other words destination port of session 1 cannot be destination port of session 2.
2. A destination port cannot be a source port.
3. A destination port cannot be an etherchannel, this makes destination port cannot be a trunk link too.
4. A destination port can be any physical ports.
5. A destination port must be in the same ethernet switch of the source port.
cyruslab 