Span server vlan on Catalyst 6509

Unanswered Question
Oct 29th, 2009

Hello! We have a 6500 running Cat OS 8.8-5-8. We have a snort device that we would like to monitor our server vlan with, Vlan 101. I setup this snort on a port, 2/28, which is a GB port on a WS-X6548-GE-TX card.

We have experienced some server performance issues since I setup the span. Intermittently we cannot gain access to a server, ping is slow to respond, drops ping requests, no rdp, etc. It sure seems suspicious that it is due to this span. I moved some of the servers that were connected in the same banks as this snort port to another card and port, and they now perform fine.


My question is, am I doing this wrong? Is there a different way to accomplish this and not effect performance?


My command I ran on the switch was:

#switch port analyzer

set span permit-list disable

set span 101 2/28 both session 1 inpkts disable learning enable multicast enable


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
pete_chirpich Thu, 10/29/2009 - 13:19

Perfect. Now what I wanted to hear, but it explains alot! Thanks for the quick reply.

Actions

This Discussion