How to Quickly configure a SPAN port

A SPAN or mirror port sends a copy of all network packets seen on one port or VLAN and sends it to another port, where a packet sniffer can analyze the traffic.

I’ve provided step by step instructions for setting up a SPAN port on a Cisco switch.  I also provided links to documentation for brocade, HP, juniper, D-Link, and Meraki switches.  If anyone has step by step instructions for these other switch please email me or post it in the comments and I’ll update the post.

Cisco

All examples where done on a Cisco 2960-x, these commands should work on most Cisco switches. The client PC is on port gi1/0/3, the network sniffer is on port gi1/0/2 and the server is on port gi1/0/1.

Example 1: SPAN port for a single interface

In this example I’ll be monitoring all traffic transmitted and received on interface gi1/01, this is the interface the server is on.

1. Enter config mode

2960x#config t

2. Configure the source interface

2960x(config)#monitor session 1 source interface gi1/0/1

3. Configure destination interface

2960x(config)#monitor session 1 destination interface gi1/0/2

4. Very config

2960x(config)#show monitor session 1

Example 2: Monitor a single VLAN

The only thing that is different in this example is the step 2.

1. Enter config mode

2960x#config t

2. Configure the source interface

2960x(config)#monitor session 1 source VLAN 200

3. Configure destination interface

2960x(config)#monitor session 1 destination interface gi1/0/2

4. Very config

2960x(config)#show monitor session 1

Example 3: Monitor all VLANS

Again, the only thing that changes is step 3. You will need to know what all VLANS you are using and include them in the range.

1. Enter config mode

2960x#config t

2. Configure the source interface

2960x(config)#monitor session 1 source VLAN 1 – 900

3. Configure destination interface

2960x(config)#monitor session 1 destination interface gi1/0/2

4. Very config

If the commands are not working on your Cisco switch check out Cisco’s documentation below.

http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/10570-41.html

Documentation for other switches

Brocade

http://www.brocade.com/content/html/en/configuration-guide/FI_08030_L2/GUID-A49CD129-9770-48E8-A36E-052995DF5CD6.html

Juniper

https://www.juniper.net/documentation/en_US/junos/topics/example/port-mirroring-local-ex-series.html

D-Link DGS

http://www.dlink.com/uk/en/support/faq/switches/layer-2-gigabit/dgs-series/es_dgs_1210_como_monitorear_trafico_de_un_puerto_port_mirroring

Meraki Switch

https://documentation.meraki.com/MS/Monitoring_and_Reporting/Packet_Captures_and_Port_Mirroring_on_the_MS_Switch

The post How to Quickly configure a SPAN port appeared first on Network Security Tools.