Which of the following would you be most likely to implement in order to monitor the traffic?

• 350-601 : All Parts

You would be most likely to implement Remote Switched Port Analyzer (RSPAN) to monitor all traffic on a Layer 2 switched network from a single switch. RSPAN enables you to monitor traffic on a network by capturing and sending traffic from a source port on one device to a destination port on a different device on a nonrouted network. For example, to monitor traffic on a port on a neighboring switch, you would need to perform the following tasks:
– Create an RSPAN virtual local area network (VLAN) on both switches.
– Create a monitor session on the neighboring switch with the monitored port as the source and the RSPAN VLAN as the destination.
– Create a monitor session on the local switch with the RSPAN VLAN as the source and the monitoring port as the destination.
You would not implement SPAN to monitor all traffic on a Layer 2 switched network from a single switch. SPAN is limited to monitoring traffic on only the local device and cannot direct traffic to destination ports on a separate device for analysis. In a SPAN configuration, both the source port and the destination port must exist on the same device. You cannot configure the same port as both source and destination. The source port can be a physical or virtual Ethernet port, a port channel, or a VLAN if VLAN-based SPAN (VSPAN) is being used. The destination port can be a physical or virtual Ethernet port or a port channel.
You would not implement Encapsulated RSPAN (ERSPAN) to monitor all traffic on a Layer 2 switched network from a single switch. ERSPAN enables an administrator to capture and analyze traffic across a routed network. Therefore, ERSPAN can monitor traffic across multiple routers on a network that spans multiple locations.
You would not implement VSPAN to monitor all traffic on a Layer 2 switched network from a single switch in this scenario, because no additional VLANs have been configured in this scenario. VSPAN uses a VLAN, not a single port, as a source for capturing network traffic. All ports in a source VLAN become SPAN source ports. SPAN, RSPAN, and ERSPAN are all capable of using VLANs as sources by implementing VSPAN; however, you would not implement VSPAN by itself to monitor all traffic on a Layer 2 network from a single switch. To filter monitoring so that only traffic from specific VLANs is captured, you should issue the monitor session session filter vlan vlan-range command from global configuration mode. You can specify multiple VLANs separated by commas, and you can specify a range of contiguous VLANs by using a dash. For example, the monitor session 3 filter vlan 2, 5, 8 – 14, 27 command will monitor traffic from VLANs 2, 5, 8 through 14, and 27.