Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Need more than two local SPAN session on a switch

Platform: Cisco 6500 with Sup 720 running 12.2(18).

I guess my question is more general than a specific switch. I understand that only two local SPAN session is allowed to run at a time. What if I need more sessions? In a fairly large network environment, request of span port on a core switch configuration could come from Telecomm, Monitoring, Security department and so on. Please advise the best practice configuration of creating multiple monitoring sessions more than just two.

2 REPLIES

Re: Need more than two local SPAN session on a switch

You'll need to use hardware taps. Here's a link to some products for a reference.

http://www.networkcritical.com/What-are-Network-Taps.aspx

Hope it helps.

Silver

Re: Need more than two local SPAN session on a switch

The problems is that the 6500 series is limited to two local span sessions, even with an additional module like a NAM you will have some issues trying to set different sessions.

Not much we can do about it but a really good solution is to do VLAN-ACL captures.

It's like using and ACL on a VLAN with the action of capturing the traffic on a physical port that is configured as "switchport capture".

This is a really good option.

VACL Capture for Granular Traffic Analysis with Cisco Catalyst 6000/6500 Running Cisco IOS Software

http://www.cisco.com/en/US/tech/tk389/tk814/technologies_configuration_example09186a00808122ac.shtml

721
Views
0
Helpful
2
Replies
CreatePlease to create content