Can I add a capture port to a port-channel?

tlandeis · ‎07-24-2007

We have an IDS appliance that we want to send server farm traffic to. We tried to set three capture ports, add them to a port channel, with the idea that we would aggregate the traffic onto a 3 Gig link. However, the result was three individual streams of the same traffic. The switch accepted the config, but didn't seem to aggregate the traffic.

Should this work? I know we can configure our VACL to limit the traffic, but since we have the IDS ports, we'd rather see it.

Amit Singh · ‎07-24-2007

You cannot have a SPAN destination as an ether-cahhanel group. Its not supported. Please give us a little idea on how is the network topology and the switches used along with the config.

-amit singh

davmag · ‎08-06-2007

Hello Amit,

I'm answering this for Tom Landeis, the original poster from Safeco. We have a 6509E running 12.2(18)SXE4 that we want to configure as capture ports. These ports are connected directly to an IDS (Intrusion Detection System). We want traffic from 3 different vlans to go to that IDS device.

Currently each port is configured as a capture port and sending traffic for 1 vlan to the IDS device. Each port is sending traffic for a different vlan. This is inefficient, because 1 of the vlans is much busier than the other 2. So it would make sense to create a port-channel for those 3 ports and send all 3 vlans worth of traffic across the port-channel, rather than individual ports. Can you set the port-channel as switchport capture, and leave the individual ports as access ports? Thanks,

Dave Magorty

Network

Safeco Insurance Company