On devices with Layer 3 routing, do not source a monitor session from only one direction of a VLAN. SPAN only monitors data transmitted or received by a physical port. When a packet enters a device from Layer 3 and is routed into the VLAN, the packet is not seen until it is transmitted. As a result, when a VSPAN is sourced from only one single direction, one side of a TCP conversation is missing.
The preceding illustration shows that the SPAN configuration does not see traffic that enters VLAN 10 from Layer 3, because no physical interface is involved. Packets are seen only as they are received by an interface in VLAN 10. Packets destined for hosts in VLAN 10 (TX) are missed. Traffic coming from VLAN 20 or from end users is missed.
The following commands represent the configuration in the illustration:
(config)# monitor session 1 source vlan 10 rx (config)# monitor session 1 destination interface f2/13
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|