Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1243
Views
5
Helpful
1
Replies

VACL or SPAN persistant captures from performance perspective?

geoff.porter
Level 1
Level 1

‎09-09-2011 08:44 AM - edited ‎03-07-2019 02:08 AM

Is there a recommendation or preference to performing persistant  packet captures on the Cat6509 and Cat4948 platforms in regards to VACLs  vs. SPANs?

We're interesting in capturing ALL TRAFFIC on some heavily utilized switches.

From a performance perspective, is one better on the system resources than the other?

thanks in advanced,

Geoff

Labels:
0 Helpful
1 Reply 1

Richard Michael
Cisco Employee
Cisco Employee

‎09-09-2011 11:01 AM

Hello Geoff,

Please find the difference between SPAN and VACL capture.

SPAN:

1) Limited number of SPAN ports/switch (varies based on platform).

2) If you're using TCP Resets (not recommended!) some switch platforms do not allow incoming packets on a SPAN destination port (port connected to the IDS sensor).

3) Supported on most switch platforms.

3) Copies ALL packets from source VLANS or ports to a destination port.

VACL Capture:

1) Unlimited number of capture ports.

2) Copies filtered packets from source VLANS to a destination port (this allows you to get very granular in the type of traffic (e.g. only web traffic) that you want to capture/monitor via IDS.

3) Offloads processing from Supervisor engine to the Policy Feature Card (PFC), which is required to use this feature in 6500.

4) Can be applied to all packets, whether routed or switched, and can be configured on any VLAN.

Some useful links shown below,

https://supportforums.cisco.com/docs/DOC-4455

https://supportforums.cisco.com/message/619352#619352

Thanks,

Ricky Micky

*Pls rate useful posts

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card