Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SPAN Sessions on a Catalyst 6513

To Whom It May Concern-

I am trying to setup an IDS Sensor for monitoring VLANs on a Catalyst 6513 Switch running CATOS 12.1(19) GD (I think). The most logical solution seems to be setup a bi-directional SPAN session (Rx & Tx) with all the source ports sending to the sensor on a destination port. However, my dilema is that everything I'm being told is that the 6513 is limited to 2 Full Span sessions. We already have the NAM blade installed so that takes 1 SPAN session. We were contemplating going with the CISCO IDSM blade, and that would take a SPAN session as well. So with those 2 SPAN sessions gone, how would one go about performing network analysis, running sniffers etc? It just seems a little "off" to me that the 6513, one of the flagship switches offered by Cisco, would be limited to 2 full SPAN sessions. I would think that the blade itself, like the NAM or IDSM blade would be able to manage it's own SPAN session, completely independent of the chassis.

Can anyone shed some light on this for me? Maybe even provide a workable solution for monitoring VLANs on a 6513?

2 REPLIES
Cisco Employee

Re: SPAN Sessions on a Catalyst 6513

2 full span sessions (Rx & Tx) are indeed the limit in CatOS. Or you can have 4 half spans (TX or RX only). Have you investigated using VACLs (Vlan ACLs) with the "capture" keyword. We use them for getting IDS traffic all the time and they generally work fine. There are some peculiarities with using VACLs if you are also routing on the switch with an MSFC in the supervisor. It lies in what VLAN packets are tagged as being on when captured. VACLs would probably also work for the NAM as well.

SC

Cisco Employee

Re: SPAN Sessions on a Catalyst 6513

Hi Kirby,

Here are some links to help you understand VACL Capture as well as Span. I'm not certain what switch software you're running. 12.1(19) is an IOS (not CatOS version). So, I'll provide links for CatOS and IOS.

Note: I don't see a link for IOS 12.1(19)E. I'll provide links to IOS 12.1E in the meantime.

***** VACL capture *****

Here are links to description of the VACL (VLAN ACL) feature: (links for CatOS and Native IOS)

-- CatOS

http://www.cisco.com/en/US/partner/products/hw/switches/ps708/products_configuration_guide_chapter09186a008007ec06.html#1053650

http://www.cisco.com/en/US/partner/products/hw/switches/ps708/products_configuration_guide_chapter09186a008007ec06.html#1020697

-- Native IOS

http://www.cisco.com/en/US/partner/products/hw/switches/ps708/products_configuration_guide_chapter09186a008007e70d.html#1043908

Here's a link to configuring the VACL capture feature to get traffic to the IDSM2:

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2113/products_installation_and_configuration_guide_chapter09186a00801a0c95.html#589679

***** SPAN *****

Here's a link to a description of SPAN (appears that you're already familiar with SPAN, though):

-- CatOS

http://www.cisco.com/en/US/partner/products/hw/switches/ps708/products_configuration_guide_chapter09186a008007ebe7.html

-- Native IOS

http://www.cisco.com/en/US/partner/products/hw/switches/ps708/products_configuration_guide_chapter09186a008007e6fa.html

Here's a link to configuring SPAN for the IDSM2:

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2113/products_installation_and_configuration_guide_chapter09186a00801a0c95.html#589909

306
Views
0
Helpful
2
Replies