Manualshelf

user manual

ManualsBrandsCisco Systems ManualsSwitchCisco Flexstack Plus Stacking Module Component C2960XSTACK
71727374757677787980
name}
Both the filter vlan and filter ip access-group commands cannot be configured at the
same time. Configuring one results in rejection of the other.
Note
EtherChannels are not supported in an FSPAN session.
FSPAN ACLs with TCP flags or the log keyword are not supported.
If you configure an IPv6 FSPAN ACL when the switch is running the advanced IP Services feature set
but later run a different feature set, after rebooting the switch, the switch might lose the IPv6 FSPAN
ACL configuration.
IPv6 FSPAN ACLs are supported only on IPv6-enabled SDM templates. If you configure an IPv6
FSPAN ACL when running an IPv6 enabled SDM template, but later configure a non-IPv6 SDM template
and reboot the switch, you lose the IPv6 FSPAN ACL configuration.
Information About SPAN and RSPAN
SPAN and RSPAN
You can analyze network traffic passing through ports or VLANs by using SPAN or RSPAN to send a copy
of the traffic to another port on the switch or on another switch that has been connected to a network analyzer
or other monitoring or security device. SPAN copies (or mirrors) traffic received or sent (or both) on source
ports or source VLANs to a destination port for analysis. SPAN does not affect the switching of network
traffic on the source ports or VLANs. You must dedicate the destination port for SPAN use. Except for traffic
that is required for the SPAN or RSPAN session, destination ports do not receive or forward traffic.
Only traffic that enters or leaves source ports or traffic that enters or leaves source VLANs can be monitored
by using SPAN; traffic routed to a source VLAN cannot be monitored. For example, if incoming traffic is
being monitored, traffic that gets routed from another VLAN to the source VLAN cannot be monitored;
however, traffic that is received on the source VLAN and routed to another VLAN can be monitored.
You can use the SPAN or RSPAN destination port to inject traffic from a network security device. For example,
if you connect a Cisco Intrusion Detection System (IDS) sensor appliance to a destination port, the IDS device
can send TCP reset packets to close down the TCP session of a suspected attacker.
Local SPAN
Local SPAN supports a SPAN session entirely within one switch; all source ports or source VLANs and
destination ports are in the same switch or switch stack. Local SPAN copies traffic from one or more source
ports in any VLAN or from one or more VLANs to a destination port for analysis.
Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX
68 OL-29044-01
Configuring SPAN and RSPAN
Information About SPAN and RSPAN