I did port spanning on 6500(gig port RJ45 WAN uplink) switch CPU
utilization went up to 55% and caused huge packet drops which I think
unusual or is it a normal behavior?
Spanned out put (not even 1 minute) was huge even wire shark could not afford it.
The architecture of Catalyst 6000/6500 Series Switches, SPAN sessions do not affect the performance of the switch, but, if the SPAN session includes a high traffic / uplink port or an EtherChannel, it can increase the load on the processor. If it then singles out a specific VLAN, it increases the workload even more. If there is bad traffic on the link, that can further increase the workload.
Try to restrict the source packets as much as possible.. If you are trying to troubleshoot issues, and want to configure port mirroring for that, you can probably configure an access-list and associate it with your monitor session command, to narrow the traffic you are monitoring... if you are spanning for IPS/IDS functionality, then you might have to monitor the whole traffic...
Switch(config)# monitor session 1 filter ip access-group 100
Also try to isolate bad traffic.. you have a traffic type option on the monitor session command. you can select good on that option...
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...