Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
505
Views
0
Helpful
2
Replies

SPAN Sessions on a Catalyst 6513

kbfromvt
Level 1
Level 1

‎08-18-2003 05:04 AM - edited ‎03-09-2019 04:27 AM

To Whom It May Concern-

I am trying to setup an IDS Sensor for monitoring VLANs on a Catalyst 6513 Switch running CATOS 12.1(19) GD (I think). The most logical solution seems to be setup a bi-directional SPAN session (Rx & Tx) with all the source ports sending to the sensor on a destination port. However, my dilema is that everything I'm being told is that the 6513 is limited to 2 Full Span sessions. We already have the NAM blade installed so that takes 1 SPAN session. We were contemplating going with the CISCO IDSM blade, and that would take a SPAN session as well. So with those 2 SPAN sessions gone, how would one go about performing network analysis, running sniffers etc? It just seems a little "off" to me that the 6513, one of the flagship switches offered by Cisco, would be limited to 2 full SPAN sessions. I would think that the blade itself, like the NAM or IDSM blade would be able to manage it's own SPAN session, completely independent of the chassis.

Can anyone shed some light on this for me? Maybe even provide a workable solution for monitoring VLANs on a 6513?

Labels:
0 Helpful
2 Replies 2

scothrel
Level 3
Level 3

‎08-18-2003 07:13 AM

2 full span sessions (Rx & Tx) are indeed the limit in CatOS. Or you can have 4 half spans (TX or RX only). Have you investigated using VACLs (Vlan ACLs) with the "capture" keyword. We use them for getting IDS traffic all the time and they generally work fine. There are some peculiarities with using VACLs if you are also routing on the switch with an MSFC in the supervisor. It lies in what VLAN packets are tagged as being on when captured. VACLs would probably also work for the NAM as well.

SC

0 Helpful

wardwalk
Cisco Employee
Cisco Employee

‎08-18-2003 07:25 AM

Hi Kirby,

Here are some links to help you understand VACL Capture as well as Span. I'm not certain what switch software you're running. 12.1(19) is an IOS (not CatOS version). So, I'll provide links for CatOS and IOS.

Note: I don't see a link for IOS 12.1(19)E. I'll provide links to IOS 12.1E in the meantime.

***** VACL capture *****

Here are links to description of the VACL (VLAN ACL) feature: (links for CatOS and Native IOS)

-- CatOS

http://www.cisco.com/en/US/partner/products/hw/switches/ps708/products_configuration_guide_chapter09186a008007ec06.html#1053650

http://www.cisco.com/en/US/partner/products/hw/switches/ps708/products_configuration_guide_chapter09186a008007ec06.html#1020697

-- Native IOS

http://www.cisco.com/en/US/partner/products/hw/switches/ps708/products_configuration_guide_chapter09186a008007e70d.html#1043908

Here's a link to configuring the VACL capture feature to get traffic to the IDSM2:

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2113/products_installation_and_configuration_guide_chapter09186a00801a0c95.html#589679

***** SPAN *****

Here's a link to a description of SPAN (appears that you're already familiar with SPAN, though):

-- CatOS

http://www.cisco.com/en/US/partner/products/hw/switches/ps708/products_configuration_guide_chapter09186a008007ebe7.html

-- Native IOS

http://www.cisco.com/en/US/partner/products/hw/switches/ps708/products_configuration_guide_chapter09186a008007e6fa.html

Here's a link to configuring SPAN for the IDSM2:

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2113/products_installation_and_configuration_guide_chapter09186a00801a0c95.html#589909

0 Helpful
Customers Also Viewed These Support Documents