Hello! We have a 6500 running Cat OS 8.8-5-8. We have a snort device that we would like to monitor our server vlan with, Vlan 101. I setup this snort on a port, 2/28, which is a GB port on a WS-X6548-GE-TX card.
We have experienced some server performance issues since I setup the span. Intermittently we cannot gain access to a server, ping is slow to respond, drops ping requests, no rdp, etc. It sure seems suspicious that it is due to this span. I moved some of the servers that were connected in the same banks as this snort port to another card and port, and they now perform fine.
My question is, am I doing this wrong? Is there a different way to accomplish this and not effect performance?
My command I ran on the switch was:
#switch port analyzer
set span permit-list disable
set span 101 2/28 both session 1 inpkts disable learning enable multicast enable