SPAN and RSPAN: Port mirroring in the Catalyst

Описание: There's not a lot of occasions when I need to configure a switchport analyzer (or SPAN)... but there are times when it can really help your troubleshooting! Knowing the principles behind this setup can be a help, even if it's not something you do very often.

I realize that this, like many of my other deep dives, is somewhat specific to Cisco architecture, at least in the specifics... but the principles are still applicable to equipment from other vendors!

EXTRA CREDIT:
In an environment where I didn't have managed switches, but still needed to sniff the traffic (to diagnose SSL authentication failures during EAP-PEAP / RADIUS authentication), I once built a dedicated "sniffing station" that would transparently relay traffic between two network cards while recording everything to a packet capture. But since it couldn't be accessed remotely while in operation, it had to be tested pretty thoroughly and completely scripted. (Unfortunately for me, it didn't work out as I had hoped--I ended up diagnosing it later through a fortunate error message I found logged within Windows that included the failed certificate.)
More recently, I considered setting this up to make a point to a vendor who decides to use unsecured, text-based communication across the Internet--such a system is far too easily snooped, and the communication can be modified in transit. But I didn't have the spare time (or the motivation, honestly) to spend on catastrophically breaking their system just for the sake of getting my point across...