Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
912
Views
0
Helpful
2
Replies

Need more than two local SPAN session on a switch

jackawang
Level 5
Level 5

‎07-27-2009 11:08 AM - edited ‎03-06-2019 06:58 AM

Platform: Cisco 6500 with Sup 720 running 12.2(18).

I guess my question is more general than a specific switch. I understand that only two local SPAN session is allowed to run at a time. What if I need more sessions? In a fairly large network environment, request of span port on a core switch configuration could come from Telecomm, Monitoring, Security department and so on. Please advise the best practice configuration of creating multiple monitoring sessions more than just two.

Labels:
0 Helpful
2 Replies 2

Collin Clark
VIP Alumni
VIP Alumni

‎07-27-2009 11:21 AM

You'll need to use hardware taps. Here's a link to some products for a reference.

http://www.networkcritical.com/What-are-Network-Taps.aspx

Hope it helps.

0 Helpful

jbrenesj
Level 3
Level 3
In response to Collin Clark

‎07-27-2009 11:29 AM

The problems is that the 6500 series is limited to two local span sessions, even with an additional module like a NAM you will have some issues trying to set different sessions.

Not much we can do about it but a really good solution is to do VLAN-ACL captures.

It's like using and ACL on a VLAN with the action of capturing the traffic on a physical port that is configured as "switchport capture".

This is a really good option.

VACL Capture for Granular Traffic Analysis with Cisco Catalyst 6000/6500 Running Cisco IOS Software

http://www.cisco.com/en/US/tech/tk389/tk814/technologies_configuration_example09186a00808122ac.shtml

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card