CS23016 | Seemeen Patel

LAB 3- : Implement SPAN Technologies (Switch Port Analyzer)

What is a SPAN port?

SPAN (Switched Port Analyzer) is a dedicated port on a switch that takes a mirrored copy of
network traffic from within the switch to be sent to a destination.

The destination is typically a monitoring device, or other tools used for troubleshooting or
traffic analysis.

SPAN ports present a readily available mechanism through which to access detailed packet
information.

• One SPAN session contains only one destination port.

• No two SPAN sessions have same destination port.
• Destination port can’t be used as source port.
• A SPAN session may contain multiple source ports.
• A SPAN session can not mix ports and vlans

Background / Scenario
As the network administrator you want to analyze traffic entering and exiting the local network.
To do this, you will set up port mirroring on the switch port connected to the router and mirror
all traffic to another switch port. The goal is to send all mirrored traffic to an intrusion detection
system (IDS) for analysis. In this initial implementation, you will send all mirrored traffic to a PC
which will capture the traffic for analysis using a port sniffing program. To set up port mirroring
you will use the Switched Port Analyzer (SPAN) feature on the Cisco switch. SPAN is a type of
port mirroring that sends copies of a frame entering a port, out another porton the same
switch. It is common to find a device running a packet sniffer or Intrusion Detection System
(IDS) connected to the mirrored port.

Objective
Part 1: Build the Network and Verify Connectivity

Part 2: Configure Local SPAN

Page | 1
 CS23016 | Seemeen Patel

Part 1: Build the Network and Verify Connectivity

Step 1: Cable the network as shown in the topology.

Step 2: Configure basic settings for each switch

Step 3:- Setting VLANS

Step 4:- show vlan brief

Page | 2
 CS23016 | Seemeen Patel

Step 3:- Adding ports in the VLANs SW1:

Step 4:- Verify Vlans

Page | 3
 CS23016 | Seemeen Patel

Part 2: Configure Local SPAN

Step 1: Configure SPAN on S1.

Console into S1 and configure the source and destination monitor ports on S1.

Step 2: Run the show run to see the configurations

Page | 4
CS23016 | Seemeen Patel

Page | 5
 CS23016 | Seemeen Patel

Step 3:- Represent ingress and egress for VLAN 20 and will see the same in g0/2. This
ingress disabled means we are not actually monitoring anything that comes in from G 0

Step 4:-Run (sh mon det).Source ports none because we aren’t monitoring ports we
are monitoring VLAN 20

Step 5:- Run Wireshark on this PC put it in promiscuous mode and we could pick up all
the traffic that was going to in and out of VLAN 20 it said that's how we would configure and
use the Cisco port.

Page | 6