Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1603
Views
0
Helpful
0
Comments

With NAM-2, the "Create SPAN session failed for SPAN source(2)" error message is displayed during SPAN configuration

TCC_2
Level 10
Level 10

‎06-22-2009 05:39 PM - edited ‎03-01-2019 04:14 PM

Core issue

A switched port analyzer (SPAN) session is an association of a destination port with a set of source ports, configured with parameters that specify the monitored network traffic. A switched network allows the configuration of multiple SPAN sessions.

The WS-SVC-NAM-1 platform provides a single destination port for SPAN sessions. The WS-SVC-NAM-2 platform provides two possible destination ports for SPAN and VLAN Access Control List (VACL) sessions. Network Analysis Module (NAM) supports multiple SPAN sessions, provided the sessions are destined for different ports.

NAM-2 supports two data ports for SPAN and VACL traffic with Cisco NAM Software 3.1 and later, whereas NAM-1 supports one data port only. With the second data port, the Cisco NAM-2 can receive two SPAN sessions, two VACL-based captures, or one of each data source. The SPAN sessions, each with multiple ports, VLANs, or Cisco EtherChannel  connections, can be used independently or together. This feature helps to view traffic on each side of a full-duplex trunk, or dedicate one data port to troubleshooting and the other data port to reporting.

During the creation of a SPAN session with the NAM-2, the Create SPAN session failed for SPAN source(2): {whatever port or interface picked} error message is displayed.

If the switch has the Firewall Service Module (FWSM) or any other service module, only one SPAN session is available to monitor. In the case of WS-SVC-NAM-2, which has two monitor ports, FWSM takes one of the ports.

For Cisco IOS Software Release 12.2(17d)SXB7, after stateful switchover (SSO), the SPAN monitor session no longer forwards traffic to NAM or Intrusion Detection System (IDSM). Refer to Cisco bug ID CSCeh21723

Resolution

Use VACL monitor or capture in place of SPAN for SSO.  VACL provides an alternative to SPAN for similar purposes. The Traffic Analyzer uses VACLs to capture or filter selected VLAN or WAN traffic to the NAM port(s). In Cisco IOS Software Release 12.1(13)E or later, VACLs can also be applied to WAN interfaces. The VACL data-analysis capability is not supported with the first generation NAM.

For more information, refer to the Understanding How the NAM Uses VACLs section of Catalyst 6500 Series Switch and Cisco 7600 Series Router Network Analysis Module Installation and Configuration Note Release 3.3.

For further assistance and support, please open a service request with Cisco Technical Support.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents