04-24-2008 05:23 AM - edited 03-05-2019 10:35 PM
I am getting the following error message when I try create a second local SPAN session on my 6509-E w/ WS-SUP720-3B
% Local Session limit has been exceeded
There are currently two SPAN sessions already running
Session 1
---------
Type : Service Module Session
Modules allowed : 1-9
Modules active : 1-2
BPDUs allowed : Yes
Session 2
---------
Type : Local Session
Source VLANs :
Both : 8
Destination Ports : Gi3/8
How do I go about creating local SPAN session sourcing another VLAN w/o getting this error message?
06-05-2008 11:48 AM
06-05-2008 12:38 PM
Serg,
The official name for these are 'internal vlans' (not very exciting I know).
You can actually find out which vlans map to which layer-3 ports. Get on your 6k and issue a 'show vlan internal usage'.
-Ryan
06-06-2008 05:03 AM
Thanks Ryan, nice piece of information.
-serg
06-05-2008 10:01 PM
The most interesting part of this post from Marcoa Caballero is the phrase "usually be marked as a vlan 10...". It seems that sometimes the packet can be marked by an ingress VLAN number, rather then the egress VLAN number.
IDS documentation:
"Using VACL capture or SPAN (promiscuous monitoring) is inconsistent with regard to VLAN tagging, which causes problems with VLAN groups.
-When using Cisco IOS software, a VACL capture port or a SPAN target does not always receive tagged packets even if it is configured for trunking.
-When using the MSFC, fast path switching of learned routes changes the behavior of VACL captures and SPAN."
Can anybody shed some light on this?
08-08-2008 01:41 AM
Hi,
I configured VACL for all IP traffic for vlan 300 and vlan 301 and when i ping device connected to vlan 301 i only see in sniffer echo request not echo reply. It means it only capture outgoing traffic not incomming. Any specific config needed ???
Configuration:
ip access-list extended ALL_IP_TRAFIC
permit ip any any
vlan access-map MONITOR 10
match ip address ALL_IP_TRAFIC
action forward capture
!
vlan filter MONITOR vlan-list 300-301
# configure below two lines under gi1/47 - Port connected to sniffer
switchport capture
switchport capture allowed vlan 300,301
Chintan.
08-08-2008 03:19 AM
Hi,
Further to my mail above, i have 6500 box having SVI 300 and 301 configured. it is trunk to other voice box and uplink of 6500 box is connected to my IP core network ( L3 GE interface). Now if I ping from remote pop to IP on voice box ( VLAN 301) i only see outgoign packet (echo request) in sniffer and don't see echo reply.
Sniffer port is configured with trunk and capture all vlan.
How do i get echo reply also in sniffer so that i can also capture the traffic from my voice box to IP core ?
Any help apprcieated.
Chintan.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: