Using VACLs to replace SPAN

Answered Question
Oct 17th, 2007

Due to the limitations in the number of SPAN sessions across all switching platforms, I am planning on using a VACL w/ the capture option to mimic a SPAN session. Below is a copy of the config that I believe will safely achieve this:


ip access-list extended span_acl

permit ip host 192.168.1.1 any

permit any ip host 192.168.1.1


ip access-list permit_all

permit ip any any


vlan access-map test

match ip address span_acl

action forward capture

match ip address permit_all

action forward


vlan filter test vlan-list 101,102


int G1/1

switchport capture allowed vlan all

switchport capture


Two questions:


1. Is this necessary or is it already implied (the config guide wasn't 100% clear)


match ip address permit_all

action forward


2. In order to capture bi-directional traffic, is it necessary to configure mirror ACE entries as I have done, or is this also implied?


permit ip host 192.168.1.1 any

permit any ip host 192.168.1.1


Thanks much! Any additional constructive input will be appreciated.

Correct Answer by Prashanth Krishnappa about 9 years 4 months ago

Yes to both your questions. It is not implied otherwise. But for 1, the syntax would be something like this

vlan access-map test 10

match ip address span_acl

action forward capture

vlan access-map test 20

match ip address permit_all

action forward


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Prashanth Krishnappa Thu, 10/18/2007 - 18:03

Yes to both your questions. It is not implied otherwise. But for 1, the syntax would be something like this

vlan access-map test 10

match ip address span_acl

action forward capture

vlan access-map test 20

match ip address permit_all

action forward


Actions

This Discussion