Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1523
Views
0
Helpful
1
Replies

3560 RSPAN ACL

mgiagnocavo
Level 1
Level 1

‎07-27-2010 11:27 AM - edited ‎03-06-2019 12:12 PM

Hello,

The config guide* for the 3560 states:

"You can apply an output ACL to RSPAN traffic to selectively filter or monitor specific packets. Specify these ACLs on the RSPAN VLAN in the RSPAN source switches."

Unless I'm misreading it, this should mean that I can configure a SPAN session from an interface to a remote-span vlan, then use vlan access-map to filter which packets get sent on that vlan. Thus, I should be able to configure a switchport to carry the RSPAN VLAN, and only packets matching the VACL will get sent out.

Unfortunately, this doesn't seem to be the case. No matter what combination of ACLs I try, I am unable to get any filtering to apply to the RSPAN VLAN. The output simply acts as if it's completely unfiltered.

The 3560 does not support VACL "action forward capture", nor does it support FSPAN (monitor session x filter ip ...). Additionally, no traffic is passed if you configure 2 sessions (from interface to rspan vlan, from rspan vlan to dest interface), unlike the 6500 (the "Using RSPAN with VACLs for Granular Traffic Analysis" won't work).

Is the documentation just incorrect? Any other ideas on how to apply an ACL so as to filter a 1G+ port/vlan to 100M or 10G to 1G?

Thanks.

* http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swspan.html

Labels:
0 Helpful
1 Reply 1

Jayakrishna Mada
Cisco Employee
Cisco Employee

‎07-30-2010 11:32 AM

Hi ,

For 3560 (and 3750/2960) doesn't support applying ACLs on packets spanned locally. 
However, any traffic passing through 3560(intermediate or
destination) in the RSPAN vlan from other switches can be filtered by an ACL.

JayaKrishna
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card