Cisco Systems 5, NAM Understanding How the NAM Uses SPAN, Understanding How the NAM Uses VACLs

1-14

User Guide for the Cisco Network Analysis Module (NAM) Traffic Analyzer, 5.0

OL-22617-01

Chapter 1 Overview

Understanding How the NAM Works

• Understanding How the NAM Uses NDE, page 1-15

• Understanding How the NAM Uses WAAS, page 1-16

Understanding How the NAM Uses SPAN

A switched port analyzer (SPAN) session is an association of a destination port with a set of source ports,

configured with parameters that specify the monitored network traffic. You can configure up to two

SPAN sessions in a Catalyst 6500 or 7600 Routers chassis. Newer Cisco IOS images may support more

than two SPAN sessions. Consult the Cisco IOS document for the number of SPAN sessions supported

per switch or router.

The WS-SVC-NAM-1 platform provides a single destination port for SPAN sessions. The

WS-SVC-NAM-2 platform provides two possible destination ports for SPAN and VLAN access control

list (VACL) sessions. Multiple SPAN sessions to the NAM are supported, but they must be destined for

different ports. The NAM destination ports for use by the SPAN graphical user interface (GUI) are

named DATA PORT 1 and DATA PORT 2 by default. In the CLI, SPAN ports are named as shown in

Table 1-2.

For more information about SPAN and how to configure it on the Catalyst 6500 series switches, see the

Catalyst 6500 Series Switch Software Configuration Guide:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/

guide/span.html

For more information about SPAN and how to configure it on the Cisco 7600 series router, see the Cisco

7600 Series Cisco IOS Software Configuration Guide, 12.2SX:

http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SXF/configuration/guide/span.html

Note Due to potentially very high volume of ERSPAN traffic from the source, we recommend that you do not

terminate the ERSPAN session on the NAM management port. Instead, you should terminate ERSPAN

on the switch, and use the switch’s SPAN feature to SPAN the traffic to NAM data ports.

Understanding How the NAM Uses VACLs

A VLAN access control list can forward traffic from either a WAN interface or VLANs to a data port on

the NAM. A VACL provides an alternative to using SPAN; a VACL can provide access control based on

Layer 3 addresses for IP and IPX protocols. The unsupported protocols are access controlled through the

MAC addresses. A MAC VACL cannot be used to access control IP or IPX addresses.

There are two types of VACLs: one that captures all bridged or routed VLAN packets and another that

captures a selected subset of all bridged or routed VLAN packets. Catalyst operating system VACLs can

only be used to capture VLAN packets because they are initially routed or bridged into the VLAN on

the switch.

Tab l e 1-2 SPAN Port Names

Module Cisco IOS Software

WS-SVC-NAM-1 data port

WS-SVC-NAM-2 data port 1 and data port 2