Despite being fairly seasoned in Information Technology, I am still quite new when it comes to Cisco commands. That being said, I am constantly learning more and more useful commands as I dive deeper into Cisco networking. For example, I recently came across using Cisco Switched Port Analyzer (SPAN) in order to troubleshoot the connectivity for a networked device. While this is probably something that many people who are formally trained in Cisco are already aware of, I figured I would share it with those of us who are not. Before we get into the setup of SPAN, you should first understand what it does, along with its use.
When implemented, Cisco SPAN allows you to have the traffic being sent/received on a specific switch port mirrored over to another port on the same switch. This allows you to connect your own device into this second port on the switch and perform analysis on the network traffic using tools such as Wireshark. By using this, you do not have to use any form of network tap, nor is there any impact on the device who's port you are mirroring. This is extremely useful when troubleshooting a "dumb" network device that has a minimal, if any, GUI/Command interface for you to use. Setting up a SPAN session is fairly simple, and can be performed via the following Cisco commands.
To best perform this, you should connect to your Cisco switch by way of a console cable. You should then use an application such as PuTTY in order to log into the switch. Once logged in, you should get into the configuration terminal via the following command:
config t
Once you are in the configuration terminal, you can then create the SPAN monitoring session. In order to do this you must setup the source interface and the destination interface. Naturally, the source interface is the network port who's traffic you wish to see, and the destination interface is the port that you are connected to. Setting up these interfaces can be accomplished via the following commands:
monitor session [Session #] source interface [Switch Port]
monitor session [Session #] destination interface [Switch Port]
Example of setting up a SPAN session.
Once you have ran these commands, you can go ahead and exit the configuration terminal (exit command), and then verify your SPAN session via the following:
show monitor
Verifying our SPAN session.
At this point, you will now be able to run a tool such as Wireshark in order to capture the network packets being sent/received on the source switch port from your own PC. Keep in mind that since you are now mirroring the network traffic on the source port to the port that you are connected to, you will no longer be able to access any network resources. An easy way around this would be to utilize a wireless connection if you do need to access any network resources while performing this network troubleshooting.
Assuming that you were able to obtain your packet capture successfully and are now finished using the SPAN session, you can go ahead and disable it. To do so, get back into the configuration terminal just as before. Once in the configuration terminal, you can run the following command to end the SPAN session.
no monitor session [Session #]
Ending our SPAN session.
As stated before, this is very likely something that anyone with formal Cisco training would already know how to do, but it is still a handy command for anyone who finds themselves troubleshooting network issues. Being able to get your hands on a packet capture of a troublesome device can allow you to more easily determine where the problem exists, thus saving you precious time.
When implemented, Cisco SPAN allows you to have the traffic being sent/received on a specific switch port mirrored over to another port on the same switch. This allows you to connect your own device into this second port on the switch and perform analysis on the network traffic using tools such as Wireshark. By using this, you do not have to use any form of network tap, nor is there any impact on the device who's port you are mirroring. This is extremely useful when troubleshooting a "dumb" network device that has a minimal, if any, GUI/Command interface for you to use. Setting up a SPAN session is fairly simple, and can be performed via the following Cisco commands.
To best perform this, you should connect to your Cisco switch by way of a console cable. You should then use an application such as PuTTY in order to log into the switch. Once logged in, you should get into the configuration terminal via the following command:
config t
Once you are in the configuration terminal, you can then create the SPAN monitoring session. In order to do this you must setup the source interface and the destination interface. Naturally, the source interface is the network port who's traffic you wish to see, and the destination interface is the port that you are connected to. Setting up these interfaces can be accomplished via the following commands:
monitor session [Session #] source interface [Switch Port]
monitor session [Session #] destination interface [Switch Port]
Once you have ran these commands, you can go ahead and exit the configuration terminal (exit command), and then verify your SPAN session via the following:
show monitor
At this point, you will now be able to run a tool such as Wireshark in order to capture the network packets being sent/received on the source switch port from your own PC. Keep in mind that since you are now mirroring the network traffic on the source port to the port that you are connected to, you will no longer be able to access any network resources. An easy way around this would be to utilize a wireless connection if you do need to access any network resources while performing this network troubleshooting.
Assuming that you were able to obtain your packet capture successfully and are now finished using the SPAN session, you can go ahead and disable it. To do so, get back into the configuration terminal just as before. Once in the configuration terminal, you can run the following command to end the SPAN session.
no monitor session [Session #]
As stated before, this is very likely something that anyone with formal Cisco training would already know how to do, but it is still a handy command for anyone who finds themselves troubleshooting network issues. Being able to get your hands on a packet capture of a troublesome device can allow you to more easily determine where the problem exists, thus saving you precious time.