Mirroring Techniques – Cisco

Cisco network switches are used across OT infrastructure for providing connectivity among typical layer 2 and layer 1 devices.

Mirroring configurations in Cisco switches are performed from its command-line interface. Following are the generic mirroring configuration steps for cisco catalyst 2960 and 3850:

Local SPAN

  1. Log in to the switch.
  2. To enter global configuration mode, enter configure terminal.
  3. To remove any existing session, enter no monitor session all.
  4. To specify the SPAN session and the source Interface/VLAN, enter monitor session 1 source interface interface-id/vlan vlan-id.
  5. To specify the destination interface for monitoring the mirrored ports, enter monitor session 1 destination interface interface-id.

Your configuration is completed.

Remote SPAN

  1. Log in to all the switches through which the mirrored network traffic will traverse from the source switch to a destination switch.
  2. To enter global configuration mode, enter configure terminal.
  3. To create a VLAN, enter VLAN xx and configure it to a remote span VLAN and enter remote span.
  4. Remember to allow the created VLAN in the trunk port.
  5. To create a monitor session in the source switch with the source interface, enter monitor session 1 source interface interface-id.
  6. For selecting the destination as the created RSPAN VLAN, enter monitor session 1 destination remote vlan xx.
  7. To create a monitor session in the destination switch with source as RSPAN VLAN, enter monitor session 1 source remote vlan xx.
  8. To select the destination as the interface where the Network Passive Sensor has been deployed, enter monitor session 1 destination interface interface-id.

Your configuration is completed.

For more information on mirroring techniques for Cisco Switches, refer to the Official website.

 

 

© 2026 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: March, 2026