Tip

This is the documentation for the 19.02 version. Looking for the documentation of the latest version? Have a look here.

orphan:

Switch Port Analyzer (SPAN) Interfaces

A SPAN interface ties two interfaces together such that packets from one interface (the source) are directly copied to another (the destination). This feature is also known as a “mirror port” on some platforms. SPAN ports are commonly used with IDS/IPS, monitoring systems, and traffic logging/statistical systems. The target interface is typically monitored by a traffic analyzer, such as snort, that receives and processes the packets.

A SPAN port mirrors traffic to another interface which is typically a local receiver. To send SPAN packets to a remote destination, see GRE ERSPAN Example Use Case which can carry mirrored packets across GRE.

SPAN instances are configured from config mode using the span <source interface> command. Upon entering that command, TNSR enters config-span mode, as in the following example:

tnsr(config)# span GigabitEthernet0/14/0
tnsr(config-span)# onto memif1/1 hw both
tnsr(config-span)# exit

A SPAN instance may have one or more destinations, configured with the onto <destination interface> <layer> <state> command from within config-span mode. The parameters to the onto command are:

destination interface:

The interface which will receive copies of packets from the source interface. The destination interface can be any interface available to TNSR.

layer:

Sets the layer above which packet information is forwarded to the destination. Can be one of the following choices:

hw:

Mirror hardware layer packets.

l2:

Mirror Layer 2 packets.

state:

Can be one of the following choices:

rx:

Enables receive packets

tx:

Enables transmit packets

both:

Enables both transmit and receive packets

disabled:

Disables both transmit and receive