Solved: Using VACLs to replace SPAN

jdevoll · ‎10-17-2007

Due to the limitations in the number of SPAN sessions across all switching platforms, I am planning on using a VACL w/ the capture option to mimic a SPAN session. Below is a copy of the config that I believe will safely achieve this:

ip access-list extended span_acl

permit ip host 192.168.1.1 any

permit any ip host 192.168.1.1

ip access-list permit_all

permit ip any any

vlan access-map test

match ip address span_acl

action forward capture

match ip address permit_all

action forward

vlan filter test vlan-list 101,102

int G1/1

switchport capture allowed vlan all

switchport capture

Two questions:

1. Is this necessary or is it already implied (the config guide wasn't 100% clear)

match ip address permit_all

action forward

2. In order to capture bi-directional traffic, is it necessary to configure mirror ACE entries as I have done, or is this also implied?

permit ip host 192.168.1.1 any

permit any ip host 192.168.1.1

Thanks much! Any additional constructive input will be appreciated.

Prashanth Krishnappa · ‎10-18-2007

Yes to both your questions. It is not implied otherwise. But for 1, the syntax would be something like this

vlan access-map test 10

match ip address span_acl

action forward capture

vlan access-map test 20

match ip address permit_all

action forward

View solution in original post

Prashanth Krishnappa · ‎10-18-2007

Yes to both your questions. It is not implied otherwise. But for 1, the syntax would be something like this

vlan access-map test 10

match ip address span_acl

action forward capture

vlan access-map test 20

match ip address permit_all

action forward

jdevoll · ‎10-19-2007

Sweet! Thank you for your input.