Configuring the Cisco ASA 5505 for Port Mirroring

The Cisco ASA 5505 Adaptive Security Appliance supports SPAN, also known as switch port monitoring, to monitor traffic that enters or exits one or more switch ports. The port where you enable SPAN (destination port) receives a copy of every packet transmitted or received on a specified source port. You can only enable SPAN for one destination port.

Note: USM Anywhere supports SPAN, RSPAN, ERSPAN, and VMware Encapsulated Remote Mirroring (L3) Source, which is an ERSPAN-like feature.

To configure the device

  1. Open a monitoring session.
  2. Configure the interface.

    #interface <port>

  3. Specify the destination port.

    #switchport monitor<destination_port>

  4. Specify the source port.

    #switchport monitor<source_port>

To learn more about configuring port mirroring in the Cisco ASA 5505 device, refer to the Cisco ASA 5500-X Series Firewalls - Configuration Guides on the vendor website.