Re: Local SPAN session limit on 6509-E w/ WS-SUP720-3B - Page 2

yuchenglai · ‎04-24-2008

I am getting the following error message when I try create a second local SPAN session on my 6509-E w/ WS-SUP720-3B

% Local Session limit has been exceeded

There are currently two SPAN sessions already running

Session 1

---------

Type : Service Module Session

Modules allowed : 1-9

Modules active : 1-2

BPDUs allowed : Yes

Session 2

---------

Type : Local Session

Source VLANs :

Both : 8

Destination Ports : Gi3/8

How do I go about creating local SPAN session sourcing another VLAN w/o getting this error message?

yuchenglai · ‎06-05-2008

Well, I've done this test again and made sure I captured the results.

The captures do support what serg and RCarret posted.

Ryan Carretta · ‎06-05-2008

Serg,

The official name for these are 'internal vlans' (not very exciting I know).

You can actually find out which vlans map to which layer-3 ports. Get on your 6k and issue a 'show vlan internal usage'.

-Ryan

t814687 · ‎06-06-2008

Thanks Ryan, nice piece of information.

-serg

ovt · ‎06-05-2008

The most interesting part of this post from Marcoa Caballero is the phrase "usually be marked as a vlan 10...". It seems that sometimes the packet can be marked by an ingress VLAN number, rather then the egress VLAN number.

IDS documentation:

"Using VACL capture or SPAN (promiscuous monitoring) is inconsistent with regard to VLAN tagging, which causes problems with VLAN groups.

-When using Cisco IOS software, a VACL capture port or a SPAN target does not always receive tagged packets even if it is configured for trunking.

-When using the MSFC, fast path switching of learned routes changes the behavior of VACL captures and SPAN."

Can anybody shed some light on this?

chintan-shah · ‎08-08-2008

Hi,

I configured VACL for all IP traffic for vlan 300 and vlan 301 and when i ping device connected to vlan 301 i only see in sniffer echo request not echo reply. It means it only capture outgoing traffic not incomming. Any specific config needed ???

Configuration:

ip access-list extended ALL_IP_TRAFIC

permit ip any any

vlan access-map MONITOR 10

match ip address ALL_IP_TRAFIC

action forward capture

!

vlan filter MONITOR vlan-list 300-301

# configure below two lines under gi1/47 - Port connected to sniffer

switchport capture

switchport capture allowed vlan 300,301

Chintan.

chintan-shah · ‎08-08-2008

Hi,

Further to my mail above, i have 6500 box having SVI 300 and 301 configured. it is trunk to other voice box and uplink of 6500 box is connected to my IP core network ( L3 GE interface). Now if I ping from remote pop to IP on voice box ( VLAN 301) i only see outgoign packet (echo request) in sniffer and don't see echo reply.

Sniffer port is configured with trunk and capture all vlan.

How do i get echo reply also in sniffer so that i can also capture the traffic from my voice box to IP core ?

Any help apprcieated.

Chintan.