Summary

SPAN enables you to capture traffic on one or more ports, including VLANs, and to redirect the captured traffic to a port with a protocol analyzer or probe connected to it. RSPAN has the destination port located on a different switch. You can capture traffic from Layer 2 and Layer 3 interfaces, including EtherChannels. Use the monitor session command to set up SPAN. The NAM is an RMON probe that fits into the chassis of a Catalyst 6500 switch. It has no physical ports, but two logical ports. It requires an RMON management station to process the captured traffic.

You should assign passwords to your switch with the password and enable secret commands as well as restricting telnets with the access-list and access-class commands.

You can implement AAA (authentication, authorization, and accounting) to create a more robust security solution. AAA can be performed by the switch or by an external security server running TACACS+ or RADIUS. 802.1X can be used to authenticate users before they're allowed access to the switched network. Until authenticated, the user's port allows only EAPOL authentication traffic all other traffic is dropped.

Port security can be used to lock down which users are allowed to be connected to which ports. This can be done statically or dynamically. You can have a maximum of 132 secured addresses associated with a port. Use the switchport port-security command to enable port security. If the switch port is disabled because of a security violation, it turns amber.

VACLs enable you to filter VLAN traffic. You create a VLAN map with the vlan access-map command. This map specifies matching traffic (match command) and the action to perform when a match occurs (action command). The VACL is then activated with the vlan filter command.

PVLANs are used to restrict traffic flows within a broadcast domain. PVLANs have primary (promiscuous ports) and secondary (isolated and community ports) PVLANs. They are used because they reduce your addressing requirements as compared to normal VLANs.