Layer 2 Technologies - SPAN, RSPAN and 802.3x Flow Control

This should be the last blueprint topic specifically covering ethernet, and it is a relatively short one... (That's not to say that I wont need to come back and clarify or elaborate on this or the previously documented topics)

1.50    Implement Switched Port Analyzer (SPAN), Remote Switched Port Analyzer (RSPAN), and flow control
(a) SPAN and RSPAN
(b) Flow Control


SPAN and RSPAN

The Switch Port Analyser (SPAN) and Remote SPAN (RSPAN) functions are Well documented on CCO. SPAN is particularly handy for troubleshooting with packet analysis tools like Wireshark or for use with security appliances like an IDS to determine if your network is under attack.

A SPAN port is contained locally on a switch, while RSPAN is configured across multiple switches and delivered over a dedicated VLAN (intermediate transport switches do not have to be RSPAN capable unless they are interacting with the RSPAN VLAN)


While it is possible to have multiple sessions in operation, these are the basic rules around SPAN/RSPAN ports:

•     For SPAN sources, you can monitor traffic for a single port or VLAN or a series or range of ports or VLANs for each session. You cannot mix source ports and source VLANs within a single SPAN session.
•     The destination port cannot be a source port; a source port cannot be a destination port.
•     You cannot have two SPAN sessions using the same destination port.
•     When you configure a switch port as a SPAN destination port, it is no longer a normal switch port; only monitored traffic passes through the SPAN destination port

SPAN ports have the capability to include the source interface encapsulation headers if the "encapsulation replicate" configuration setting is included.  RSPAN transports monitored frames without the encapsulation headers

Flow Control

There is a very good article about Ethernet Flow Control by Petr Lapukhov The main take away is that Cisco switches do not generate PAUSE Frames (though they can receive them) the issue is in QoS enabled networks, the pausing frames is an indiscriminate action that can impact priority traffic as well as best effort.  Flow control is disabled by default and is not recommended for QoS enabled networks.

These are the impacts on flow control settings for an interface:

flowcontrol receive on (or flowcontrol receive desired) - The interface cannot send pause frames but can operate with an attached device that is required to or can send pause frames; the interface can receive pause frames.

flowcontrol receive off - Flow control does not operate in either direction. In case of congestion, no indication is given to the link partner, and no pause frames are sent or received by either device.