Appendix A – SPAN Port Configuration
HP/Aruba Switches
See: https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=25100
-
Create the session and assign the local mirroring port (where your IDS
Intrusion Detections System is connected):mirror session-# port exit-port-# [name name-str]"
session-#" is a value from 1 to 4.Example:
mirror 1 port 11 -
Assign the monitored ports, vlans or mac addresses to any of the created local port mirroring sessions:
-
interface {port | trunk | mesh} monitor all {in | out | both} mirror {session-# | name-str} [{session-# | name-str}] [{session-# | name-str}] | [{session-# | name-str}] [no-tag-added]Example:
interface 28 monitor all both mirror 1OR
-
vlan vid-# monitor all {in | out | both} mirror {session-# | name-str} [{session-# | name-str}] [{session-# | name-str}] [{session-# | name-str}]Example:
vlan 32 monitor all both mirror 1
-
Cisco Switches
-
Enter the switch configuration mode:
configure terminal
-
Create the monitoring session"
monitor session {session_number} type localExample:
monitor session 1 type local
-
Designate the source port with 'both' for ingress and egress"
source interface interface_type {list(,) or give range(-) of interfaces} bothExample:
source interface gigabitethernet 2/1 both -
Designate the destination port"
destination interface interface_type {list(,) or give range(-) of interfaces} bothExample:
destination interface gigabitethernet 2/4
-
Enable the SPAN session"
no shutdown
Complete Example:
Switch# configure terminal
Switch(config)# monitor session 1 type local
Switch(config-mon-local)# source interface gigabitethernet 2/1
Switch(config-mon-local)# destination interface gigabitethernet 2/4
Switch(config-mon-local)# no shutdown