Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VACL question

Hi All

I have implemented VACLs in my environment to overcome the limitation of having only 2 span ports on a 6500 series switch. I have used up the availble 2 ports for spannign traffic for some other applications.

I am using VACLs specifically for capturing traffic and forwarding it to a capture port. In my setup what I see is that I am seeing only one way traffic for the vlan that I have setup in my capture. This is different than a span port as on a span port I was seeing traffic to/from vlan or an individual port. Is this by design and if it is, my question is what is it getting someone by seeing one way traffic. It does not make sense to me why anyone would like to see one way i missing something.

I would really appreciate if someone can clarify this for me.

Thanks in advance


New Member

Re: VACL question

how does your filter list looks like?

Say if you want to monitor traffic from VLAN to VLAN2 both direction, you should have both vlan specified in filter list and also on capture port.



New Member

Re: VACL question

Tx for the reply Chintan. What I want to monitor is all the traffic to/from the internet to our users PCs. I have the FW connected to vlan 200 and user PCs are on vlan 10,20,30 and so on. I have the filter applied to vlan 200. If I apply the vlan filter as vlan 200,10,20,30....I would see the traffic between vlans 10,20 and 30 and that is going to skew my statistics. I am only interested to know the traffic coming in and out of vlan 200.

Let me know if I can do this via VACL.