Hello Geoff,
Please find the difference between SPAN and VACL capture.
SPAN:
1) Limited number of SPAN ports/switch (varies based on platform).
2) If you're using TCP Resets (not recommended!) some switch platforms do not allow incoming packets on a SPAN destination port (port connected to the IDS sensor).
3) Supported on most switch platforms.
3) Copies ALL packets from source VLANS or ports to a destination port.
VACL Capture:
1) Unlimited number of capture ports.
2) Copies filtered packets from source VLANS to a destination port (this allows you to get very granular in the type of traffic (e.g. only web traffic) that you want to capture/monitor via IDS.
3) Offloads processing from Supervisor engine to the Policy Feature Card (PFC), which is required to use this feature in 6500.
4) Can be applied to all packets, whether routed or switched, and can be configured on any VLAN.
Some useful links shown below,
https://supportforums.cisco.com/docs/DOC-4455
https://supportforums.cisco.com/message/619352#619352
Thanks,
Ricky Micky
*Pls rate useful posts