07-27-2009 11:08 AM - edited 03-06-2019 06:58 AM
Platform: Cisco 6500 with Sup 720 running 12.2(18).
I guess my question is more general than a specific switch. I understand that only two local SPAN session is allowed to run at a time. What if I need more sessions? In a fairly large network environment, request of span port on a core switch configuration could come from Telecomm, Monitoring, Security department and so on. Please advise the best practice configuration of creating multiple monitoring sessions more than just two.
07-27-2009 11:21 AM
You'll need to use hardware taps. Here's a link to some products for a reference.
http://www.networkcritical.com/What-are-Network-Taps.aspx
Hope it helps.
07-27-2009 11:29 AM
The problems is that the 6500 series is limited to two local span sessions, even with an additional module like a NAM you will have some issues trying to set different sessions.
Not much we can do about it but a really good solution is to do VLAN-ACL captures.
It's like using and ACL on a VLAN with the action of capturing the traffic on a physical port that is configured as "switchport capture".
This is a really good option.
VACL Capture for Granular Traffic Analysis with Cisco Catalyst 6000/6500 Running Cisco IOS Software
http://www.cisco.com/en/US/tech/tk389/tk814/technologies_configuration_example09186a00808122ac.shtml
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide