span sessions [7:65531]
hey all quick q for ya. I have a cat 6509 sitting on the core of a 5000 users network with both 100mbit and gigabit links. I have to watch a couple boxes on a very busy vlan for session data for analysis, but there is s much traffic on the specific vlan that it literally made my little laptop scream and makes other stronger boxes kinda just die. Well the application (ntop). I'd like to see if there is a way to use regexp or filtering somehow to apply to span to kinda not get the 1gig/s backup traffic that blows my application up. I've dug through various manuals and "?" is certainly my friend but I can't get anything to work and theres just way too much data off the pipe. Kinda like drinking from a fire hose ya know. If anyone has a suggestions on how to limit traffic on a span port to hosts, please let me know. Possibly also if anyone knows any neato applications that can do application stream reporting per port etc with bw graphing for the folks who think computers are like books let me know. One caveat, it has to run in a GNU enviroment eg Linux/FreeBSD.. no Microsoft 'solutions' Thanks in advance, Eo Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65531&t=65531 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
span sessions [7:65531]
hey all quick q for ya. I have a cat 6509 sitting on the core of a 5000 users network with both 100mbit and gigabit links. I have to watch a couple boxes on a very busy vlan for session data for analysis, but there is s much traffic on the specific vlan that it literally made my little laptop scream and makes other stronger boxes kinda just die. Well the application (ntop). I'd like to see if there is a way to use regexp or filtering somehow to apply to span to kinda not get the 1gig/s backup traffic that blows my application up. I've dug through various manuals and "?" is certainly my friend but I can't get anything to work and theres just way too much data off the pipe. Kinda like drinking from a fire hose ya know. If anyone has a suggestions on how to limit traffic on a span port to hosts, please let me know. Possibly also if anyone knows any neato applications that can do application stream reporting per port etc with bw graphing for the folks who think computers are like books let me know. One caveat, it has to run in a GNU enviroment eg Linux/FreeBSD.. no Microsoft 'solutions' Thanks in advance, Eo Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65799&t=65531 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: span sessions [7:65531]
David, You might want to check out the CAPTURE option on the SET SECURITY command. Below is a quote from the configuration guide: " Capturing Traffic Flows on Specified Ports You can use the capture option in the set security acl (ip, ipx, and mac) commands to specify that packets that match the specified flows are captured and transmitted out of capture ports. You can specify capture ports using the set security acl capture-ports mod/ports... command. When you use the capture option, packets that match the specified flows are switched normally but are also captured and transmitted out of the capture ports. Capture ports do not send out all the captured traffic; they send out only the traffic belonging to the VLANs of the captured port. " -Bob Sinclair CCIE #10427, MCSE Senior Network Engineer Networking For Future, Inc. www.nffinc.com - Original Message - From: "David Cooper" To: Sent: Sunday, March 16, 2003 1:04 AM Subject: span sessions [7:65531] > hey all quick q for ya. I have a cat 6509 sitting on the core of a 5000 > users > network with both 100mbit and gigabit links. I have to watch a couple boxes > on a very busy vlan for session data for analysis, but there is s much > traffic on the specific vlan that it literally made my little laptop scream > and makes other stronger boxes kinda just die. Well the application (ntop). > > I'd like to see if there is a way to use regexp or filtering somehow to > apply > to span to kinda not get the 1gig/s backup traffic that blows my application > up. I've dug through various manuals and "?" is certainly my friend but I > can't get anything to work and theres just way too much data off the pipe. > Kinda like drinking from a fire hose ya know. > > If anyone has a suggestions on how to limit traffic on a span port to hosts, > please let me know. > > Possibly also if anyone knows any neato applications that can do application > stream reporting per port etc with bw graphing for the folks who think > computers are like books let me know. One caveat, it has to run in a GNU > enviroment eg Linux/FreeBSD.. no Microsoft 'solutions' > > Thanks in advance, > Eo Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65545&t=65531 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
