Port Mirroring on Cisco Switches

D

A source port, also called a monitored port, is a switched or routed port that you monitor for network traffic analysis. In a single local SPAN session or RSPAN source session, you can monitor source port traffic, such as received (Rx), transmitted (Tx), or bidirectional (both). The switch supports any number of source ports (up to the maximum number of available ports on the switch) and any number of source VLANs.

A source port has these characteristics:

It can be any port type, such as EtherChannel, Fast Ethernet, Gigabit Ethernet, and so forth.

It can be monitored in multiple SPAN sessions.

It cannot be a destination port.

Each source port can be configured with a direction (ingress, egress, or both) to monitor. For EtherChannel sources, the monitored direction applies to all physical ports in the group. Source ports can be in the same or different VLANs. For VLAN SPAN sources, all active ports in the source VLAN are included as source ports.

The feature that can be used to monitor traffic on a switch by replicating it to another port or ports on the same switch is called SPAN (Switch Port Analyzer), which is also known as port mirroring.

SPAN is a network monitoring feature in Cisco switches that allows administrators to selectively copy traffic from one or more switch ports to another port for analysis, troubleshooting, or security purposes. SPAN can be used to capture traffic for network intrusion detection, performance monitoring, and other network analysis tasks.

To configure SPAN, the administrator needs to identify the source port(s) from which the traffic will be monitored and the destination port(s) to which the traffic will be replicated. The destination port(s) can be a physical port or a VLAN (Virtual Local Area Network) interface. Once configured, the switch will replicate all traffic from the source port(s) to the destination port(s), allowing the monitoring tool to capture and analyze the traffic.

The other options listed in the question are not related to monitoring traffic on a switch.

• "Copy run start" is a command used to save the running configuration of a Cisco device to its non-volatile memory (NVRAM) for persistent storage.
• "Traceroute" is a diagnostic tool used to trace the path that a packet takes from a source device to a destination device in a network.
• "ICMP Echo IP SLA" is a feature used to measure network performance by generating synthetic traffic and measuring its round-trip time between two devices.