is used on a network switch
to send a copy of all network packets
seen on one switch port (or an entire VLAN
) to a network monitoring connection on another switch port. This is commonly used for network appliances that require monitoring of network traffic, such as an intrusion-detection system
. Port mirroring on a Cisco Systems
switch is generally referred to as Switched Port Analyzer (SPAN); some other vendors have other names for it, such as Roving Analysis Port (RAP) on 3Com
An example of a SPAN configuration on a Cisco 2950 Switch is below.
Monitor session 1 source interface fastethernet 0/1, 0/2, 0/3
Monitor session 1 destination interface fastethernet 0/4 encap ingress vlan 1
The above example mirrors data from ports 0/1, 0/2 and 0/3 to the destination port 0/4 using vlan1 for vlan tagging.
To show the status of a SPAN monitor session use the following command.
show monitor session 1
Where 1 is the session number from the above statement.