Home / Cisco R&S / Introduction to SPAN, RSPAN and ERSPAN

Introduction to SPAN, RSPAN and ERSPAN

Switch port Analyzer (SPAN)
It is an high efficient traffic monitoring protocol and used to duplicated network traffic to one or more monitor interfaces as it transverse the switch. SPAN is used for network troubleshooting connectivity problems and measuring network utilization and performance.

In the case if SPAN only, the port will get the mirrors traffic from one or more interface on the switch to one or more interfaces on the same switch which means there is a source port whose traffic needs to be monitored and will mirror the full traffic information on the alternate port which will be called as SPAN port.

Fig 1.1- SPAN 
Basic Configuration for SPAN Port with Source and Destination ports
RouteXP_SW1# configure terminal
RouteXP_SW1 (config)# monitor session 1 source interface Fa0/21
RouteXP_SW1 (config)# monitor session 1 destination interface Fa0/11
RouteXP_SW1 (config)#end

Remote SPAN (RSPAN):
Similarly SPAN, we have the other kind of the SPAN protocol called as Remote SPAN. It is an  extension of SPAN. RSPAN permits admin to monitor traffic from source ports distributed over multiple switches, which means that admin can monitor centrally network capture devices. RSPAN works by duplicating or mirroring the traffic from the source ports of an RSPAN session onto a VLAN that is precisely for the RSPAN session. 

This VLAN is then trunked to other switches, allowing the RSPAN session traffic to be transported across multiple switches. On the switch that contains the destination port for the session, traffic from the RSPAN session VLAN is simply mirrored out the destination port.

In order to configure RSPAN you need to have an RSPAN VLAN, those VLANs have special properties and can’t be assigned to any access ports. To create a VLAN for RSPAN on Cisco IOS, you must create the VLAN via the config-vlan configuration mode, as opposed to using the older VLAN database configuration mode. During the process of defining VLAN parameters, you must specify that the new VLAN is an RSPAN VLAN by configuring the remote-span VLAN configuration command.

We will discuss the scenario with the configuration for RSPAN

Encapsulated remote SPAN (ERSPAN):
Encapsulated Remote SPAN (ERSPAN), as the name says, offers generic routing encapsulation (GRE) for all captured traffic and permits it to be extended across Layer 3 domains.

ERSPAN is a basically a Cisco proprietary feature and is available only to Catalyst 6500, 7600, Nexus, and ASR 1000 platforms to date. The ASR 1000 supports ERSPAN source (monitoring) only on Fast Ethernet, Gigabit Ethernet, and port-channel interfaces.

We will discuss the scenario with the configuration for ERSPAN