Switched Port Analyzer (SPAN), sometimes called port mirroring or port monitoring, copies switch network traffic and forwards it out the SPAN port for analysis by a network analyzer. By enabling the SPAN, you can monitor traffic on a switch port by forwarding incoming and outgoing traffic to another port for data collection and analysis. You can use a network analyzer on this monitor port to troubleshoot network problems by examining traffic on other ports or segments without taking the network out of service. Show Suppose, for instance, that you want to examine traffic flowing in and out of a port, or within a virtual local-area network (VLAN). In a shared network, such as Ethernet, you would attach a network analyzer to an available port on the hub and your analyzer would listen to all traffic on the segment, as illustrated in Figure 11-12. Figure 11-12. Network Analyzer in a Shared Network The analyzer decodes the frames and provides you with an analysis of the frame contents, such as the packets and other higher-layer protocol information. In a switched network, however, this is not as simple as in a shared network. In a switched network, the switch filters frames from transmitting out a port unless the bridge/switch table believes the frame's destination is on that port, or the frame needs to be flooded, such as during a spanning-tree update. This is not going to work for you because you want to see all the switch traffic, from all the VLANs. The SPAN switch feature enables you to attach an analyzer on a switch port and capture traffic from other ports in the switch, as illustrated in Figure 11-13. Figure 11-13. Network Analyzer in a Switched NetworkThe SPAN port mirrors traffic from one or more source interfaces on any VLAN, or from one or more VLANs to a destination port for analysis. The network analyzer attaches to the SPAN port and examines the traffic as it passes through the switch. The network analyzer enables you to dig into the details of your network traffic. For SPAN configuration, the source interfaces and the destination interface must be on the same switch. note
Please note: this is legacy documentation. Please check out https://docs.miarec.com/all/ for the most up-to-date documentation and user guides.Port Mirroring, also known as SPAN (Switched Port Analyzer), is a method of monitoring network traffic. With port mirroring enabled, the switch sends a copy of all network packets seen on one port (or an entire VLAN) to another port, where the packet can be analyzed. Port Mirroring function is supported by almost all enterprise-class switches (managed switches). The Port Mirroring function is best described when comparing a regular switch and a switch with port mirroring support. Regular SwitchHere, you see network the traffic sent between computers A and B. The MAC table in the memory of the switch contains information on which port is connected to a particular computer. Switch knows that:
When the switch receives a packet from A to B, it routers this packet to port #3 (because B is on port #3). Other computers (C and D) do not see this network traffic. It is hidden from them. Conclusion: With a regular switch the network traffic is visible only to computers, which directly participate in a communication. Other computers do not see the traffic, which is not destined for them. Switch With Port MirroringIn Figure 2 you see a similar scenario: the network traffic is sent between computers A and B. But there is a small difference: this switch supports port mirroring function. And administrator has configured the switch to mirror to computer D all network packets, which are transmitted between computers A and B. Computer D is a listener to the traffic. Computer D can be used for network logging or call recording if we have IP phones instead of computers A and B . Conclusion: Port mirroring allows a particular computer to see the network traffic, which is normally hidden from it. How Port Mirroring function is used for VoIP call recording?The image below illustrates the usual configuration of the network, which enables call recording. In this example, one of the IP Phones makes a call to a remote phone outside of the local network (whether it is an analog phone, cellular, or another IP Phone). Network traffic from IP Phones goes through a network switch with port mirroring. The switch sends to MiaRec a copy of every network packet, sent or received by IP Phone. By using intelligent packet capturing technology, MiaRec detects VoIP-related packets inside the network traffic, decodes them, and saves audio on a disk. What is span port on Cisco switch?The Switched Port Analyzer (SPAN) feature (sometimes called port mirroring or port monitoring) selects network traffic for analysis by a network analyzer. The network analyzer can be a Cisco SwitchProbe, a Fibre Channel Analyzer, or other Remote Monitoring (RMON) probes.
What is Span on switch?SPAN (Switched Port Analyzer) is a dedicated port on a switch that takes a mirrored copy of network traffic from within the switch to be sent to a destination. The destination is typically a monitoring device, or other tools used for troubleshooting or traffic analysis.
What is the difference between tap and span?A tap is a purpose-built device that passively makes a copy of network data but does not alter the data. Once you install it, you are done. No programming is required. SPAN ports, also called mirror ports, are part of Layer 2 and 3 network switches.
Is span the same as port mirroring?SPAN (Switched Port Analyzer) is a Cisco-specific way of handling port mirroring. For the purposes of our discussion, we can use these terms interchangeably, but you should keep in mind that every network vendor provides some sort of port mirroring.
|
