Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
961
Views
0
Helpful
5
Replies

CatOs Span session

scott.hammond
Level 1
Level 1

‎06-24-2009 04:27 AM - edited ‎03-06-2019 06:25 AM

Okay so I set up a SPAN session on our CatOs 6500, and everything was fine for like 12 hours.

Then suddenly in the middle of the night the helpdesk calls and says the website isnt reachable from the inside. (behind an f5 in the DMZ) Not even sort of directly connected to the old core switch with the SPAN on it.

So the other network guy killed the span, since that was the only change made that day and things started working.

That makes no sense at all. Has anyone ever heard of a span affecting connectivity?

Labels:
0 Helpful
5 Replies 5

pciaccio
Level 4
Level 4

‎06-24-2009 04:37 AM

Yes I have.... Depending upon what you are monitoring. Running a SPAN on your switch multiplyies your traffic. So if you are spanning a VLAN then all traffic on that VLAN will be copied and spill over to the SPAN port. If running multiple SPAN ports then all the traffic you are monitoring will be duplicated . All this traffic can strangle a port or backplane....

0 Helpful

scott.hammond
Level 1
Level 1
In response to pciaccio

‎06-24-2009 04:57 AM

CPU was <15% at the time and he didnt check port utilization.

We were spanning all vlans to that one port though.

0 Helpful

pciaccio
Level 4
Level 4
In response to scott.hammond

‎06-24-2009 06:44 AM

I would recommend that you span only one VLAN or just a port. Not all VLANs. That menas that all traffic on the switch was duplicated and sent to the one SPAN port. that also includes all BPDU packets as well as all ARP and broadcasts on your network.. Try to define your span to look at less traffic or set your span and when done remove it.

0 Helpful

scott.hammond
Level 1
Level 1
In response to pciaccio

‎06-24-2009 06:48 AM

yeah thats always been my best practice, but we have a fluke rep in here with some gee whiz application analysis tool and he suggested spanning all VLANs.

So I did, cautiously with "set span dis" ready to past into the console, and the CPU didnt flinch. The SPAN port hit about 40% utilization on the top talker report and I considered it stable.

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to scott.hammond

‎06-24-2009 10:09 AM

hello Scott

Spanning all vlans over a single destination port can cause problems also with Cisco IOS 6500:

we had a span session to IDS of internet traffic: when average traffic reached 3 Gbps with a destination port of a single GE the cpu rised to 100% and we had to disable it.

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card