Hello! We have a 6500 running Cat OS 8.8-5-8. We have a snort device that we would like to monitor our server vlan with, Vlan 101. I setup this snort on a port, 2/28, which is a GB port on a WS-X6548-GE-TX card.
We have experienced some server performance issues since I setup the span. Intermittently we cannot gain access to a server, ping is slow to respond, drops ping requests, no rdp, etc. It sure seems suspicious that it is due to this span. I moved some of the servers that were connected in the same banks as this snort port to another card and port, and they now perform fine.
My question is, am I doing this wrong? Is there a different way to accomplish this and not effect performance?
My command I ran on the switch was:
#switch port analyzer
set span permit-list disable
set span 101 2/28 both session 1 inpkts disable learning enable multicast enable
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...