02-17-2009 09:05 PM - edited 03-06-2019 04:05 AM
I'm running into a problem with the span session limits on the 6500's...right now we have two 6500's connected to each other with Layer 2 ether channel trunks, and both use monitor session 1 for the IDS. I use monitor session 2 for general trouble shooting when I need to...however now I have the need to add a 3rd and 4th session (for a net management tool and a filter)...how can I go about doing this with a 2 session limit?
Should I think about adding another switch (a 3750 or something like that) and just have a few RSPAN sessions on the 6500's sending traffic over to the 3750, and set up all the management tools as well as the IDS on there?
02-18-2009 06:48 AM
shameless bump...any help would really be appreciated.
02-18-2009 07:39 AM
In a similar situation , I have replicated the span session with a network tap device. You only use one span session , but the tap device replicates this session within its ports.
There are many suppliers for this device , you can choose one of them.
Hope to help,
Kerem
02-18-2009 07:45 AM
02-18-2009 08:03 AM
I like both ideas...I want to give the virtual span session a try before getting another device.
I have a question about Virtual SPAN though, you can filter vlans to the destination port to only allow traffic captured on that vlan source...what if the source is an interface or multiple interfaces?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: