Configuring SPAN for the Catalyst 2900XL, 3500XL, 2950, and 3550 Switch Series
| [ LiB ] |
When preparing for the exam, you must know how you can configure different families of switches to mirror traffic to a destination port for input into the IDS Sensor appliance or IDS Module 2 (IDSM2). These sections cover simple SPAN and RSPAN configurations for switches running both Catalyst operating system (OS) and Internetwork Operating System (IOS) software. Later sections move into more complex configurations using VACLs, multiple VLAN monitoring with MLSs, and the IDSM2.This chapter assumes that you're already familiar and comfortable with Layer 2 switching, multilayer switching, VLANs, and inter-VLAN routing concepts, as well as the Cisco switch product line. So if you're a little bit rusty with these foundations, we highly recommend that you review your switching basics before diving into port mirroring, VACLs, and MLS IP IDS configurations.
 | There is no escape from the finer details of command syntax when discussing different methods of capturing traffic for IDS analysis. Being able to distinguish between Catalyst OS and IOS commands will get you through the first hurdle , but the exam requires that you know the configuration sequences, command syntax and keywords, and even the valid options for command parameters. You can alleviate fear of the unknown by investing the time needed to secure your grasp on these commands. |
Configuring SPAN on the 2900XL and 3500XL Switches
The steps to configure SPAN on the 2900XL and 3500XL switches are as follows :
- Enter interface mode for the destination port.
- Enable SPAN monitoring on the destination port and assign source ports.
The following commands set port 1 as the destination SPAN port, enable SPAN on the switch, and assign ports 2 and 5 as the source ports to be monitored and mirrored to port 1:
switch(config)#interface fastEthernet 0/1 switch(config-if)#port monitor fastEthernet 0/2 switch(config-if)#port monitor fastEthernet 0/5
Configuring SPAN on the 2950 and 3550 Switches
The steps and commands to configure SPAN on the 2950 and 3550 switches are as follows:
- Enable SPAN monitoring and assign source ports.
- Enable SPAN monitoring and assign destination ports.
The following commands assign source ports 2 and 4 for monitoring to SPAN port 1:
switch(config)# switch(config)# monitor session 1 source interface fastEthernet 0/2 switch(config)# monitor session 1 source interface fastEthernet 0/4 switch(config)# monitor session 1 destination interface fastEthernet 0/1
Both of the monitor session commands, whether assigning source or destination ports, enable SPAN monitoring on one or multiple ports on the switch; the command sequence is therefore not important. The complete syntax for the monitor session commands is as follows:
[no] monitor session { session } {source {interface interface id } [, - rxtxboth]} Table 4.1 lists and describes the command syntax for the monitor session command.
Table 4.1. Syntax for the monitor session Command
| Command Syntax | Description |
|---|---|
| session | Number of the SPAN session. The only valid value for the 2950 switch is 1; for the 3550, valid values are 1 and 2. |
| source | The SPAN source interface. |
| interface interface-id | The interface type and number. (Optional) Specify multiple ports. Enter a space after the comma. (Optional) Specify a range of ports. Enter a space before and after the hyphen. |
| rx | (Optional) Monitor only received traffic. |
| tx | (Optional) Monitor only sent traffic. |
| both | (Optional) Monitor both received and sent traffic. |
| | For SPAN configuration, the 2900XL and 3500XL series switches use the port monitor commands; the 2950 and 3550 use the monitor session commands. Remember this information in preparing for the exam. |
| [ LiB ] |
