"You can apply an output ACL to RSPAN traffic to selectively filter or monitor specific packets. Specify these ACLs on the RSPAN VLAN in the RSPAN source switches."
Unless I'm misreading it, this should mean that I can configure a SPAN session from an interface to a remote-span vlan, then use vlan access-map to filter which packets get sent on that vlan. Thus, I should be able to configure a switchport to carry the RSPAN VLAN, and only packets matching the VACL will get sent out.
Unfortunately, this doesn't seem to be the case. No matter what combination of ACLs I try, I am unable to get any filtering to apply to the RSPAN VLAN. The output simply acts as if it's completely unfiltered.
The 3560 does not support VACL "action forward capture", nor does it support FSPAN (monitor session x filter ip ...). Additionally, no traffic is passed if you configure 2 sessions (from interface to rspan vlan, from rspan vlan to dest interface), unlike the 6500 (the "Using RSPAN with VACLs for Granular Traffic Analysis" won't work).
Is the documentation just incorrect? Any other ideas on how to apply an ACL so as to filter a 1G+ port/vlan to 100M or 10G to 1G?
For 3560 (and 3750/2960) doesn't support applying ACLs on packets spanned locally. However, any traffic passing through 3560(intermediate or destination) in the RSPAN vlan from other switches can be filtered by an ACL.
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...