Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Using VACLs to replace SPAN

Due to the limitations in the number of SPAN sessions across all switching platforms, I am planning on using a VACL w/ the capture option to mimic a SPAN session. Below is a copy of the config that I believe will safely achieve this:

ip access-list extended span_acl

permit ip host 192.168.1.1 any

permit any ip host 192.168.1.1

ip access-list permit_all

permit ip any any

vlan access-map test

match ip address span_acl

action forward capture

match ip address permit_all

action forward

vlan filter test vlan-list 101,102

int G1/1

switchport capture allowed vlan all

switchport capture

Two questions:

1. Is this necessary or is it already implied (the config guide wasn't 100% clear)

match ip address permit_all

action forward

2. In order to capture bi-directional traffic, is it necessary to configure mirror ACE entries as I have done, or is this also implied?

permit ip host 192.168.1.1 any

permit any ip host 192.168.1.1

Thanks much! Any additional constructive input will be appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Using VACLs to replace SPAN

Yes to both your questions. It is not implied otherwise. But for 1, the syntax would be something like this

vlan access-map test 10

match ip address span_acl

action forward capture

vlan access-map test 20

match ip address permit_all

action forward

2 REPLIES
Cisco Employee

Re: Using VACLs to replace SPAN

Yes to both your questions. It is not implied otherwise. But for 1, the syntax would be something like this

vlan access-map test 10

match ip address span_acl

action forward capture

vlan access-map test 20

match ip address permit_all

action forward

New Member

Re: Using VACLs to replace SPAN

Sweet! Thank you for your input.

176
Views
0
Helpful
2
Replies