From: Tim (ccie2be@nyc.rr.com)
Date: Thu Dec 01 2005 - 09:39:39 GMT-3
Hi guys,
I've got a couple questions about the snippet below from the IDS Student
Guide on page 8-10:
Ports 7 and 8 are the monitoring ports. One of these ports can be configured
as the SPAN
monitor port.
**Do the limits below mean I can only use one port - port 7 or port 8 - for
monitoring at a time?
With SPAN enabled on a source port or VLAN, a copy of all received traffic,
all transmitted
traffic, or all received and transmitted traffic from the SPAN source port
or VLAN is sent to the
SPAN destination port.
On the Catalyst 6500 switch, there is a limit to the number of SPAN ports
that can be configured.
For RX SPAN sessions, you can have a maximum of 2 per chassis. For TX SPAN
sessions, you
can have a maximum of 4 sessions per chassis. For SPAN
8-10 Cisco Secure Intrusion Detection System 4.0 Copyright C 2003, Cisco
Systems, Inc.
sessions that copy and send both RX and TX traffic from a port, you can
configure a maximum
of 2 SPAN sessions per chassis.
**When they say "limit to the number of SPAN ports" above, they mean the
number of SPAN source ports, right?
I guess I'm a bit confused by what they mean by "session"?
On the 3550, a span session is defined by a number and every command with
the same session number is part of the same session. But, the number of
source ports in a session is independent of the number of sessions. With
the 3550 you can have 2 span sessions but I don't recall a specific limit on
how many ports can be part of a session.
So, if someone could clear up this terminology, I'd be very appreciative.
TIA, Tim
This archive was generated by hypermail 2.1.4 : Mon Jan 09 2006 - 07:07:50 GMT-3