[Cisco] ต้องการทำ SPAN port เพื่อ sniff packet

ต้องการทำ SPAN port เพื่อ sniff packet พอไป search เห็นจาก web
How to limit traffic spanned
มีวิธีการ config อยู่หลายวิธีนอกจาก command monitor

Example to monitor HTTP traffic.

c6509(config)# access-list 100 permit tcp any any eq 80
c6509(config)# access-list 101 permit ip any any
c6509(config)# vlan access-map MyCap 10
c6509(config-access-map)# match ip address 101
c6509(config-access-map)# action forward
c6509(config)# vlan access-map MyCap 20
c6509(config-access-map)# match ip address 100
c6509(config-access-map)# action forward capture
c6509(config)# vlan filter MyCap vlan-list 200 , 201
c6509(config)# interface gi3/1
c6509(config-if)# switchport capture

===================

Configuration to capture HTTP traffic on VLAN 20 and send to fa0/24.

c3550(config-access-map)#action forward
c3550(config-access-map)#match ip address SA-TRAFFIC
c3550(config-access-map)#vlan filter RSPAN-VACL vlan-list 100
c3550(config)#interface vlan100
c3550(config-if)#description RSPAN Destination VLAN
c3550(config-if)#no ip address
c3550(config-if)#ip access-list extended SA-TRAFFIC
c3550(config-ext-nacl)#permit tcp any any eq 80
c3550(config)#monitor session 1 source vlan 20 rx
c3550(config)#monitor session 1 destination remote vlan 100 reflector-port fa0/24
c3550(config)#vlan access-map RSPAN-VACL 10


====================

Configuration of Http traffic on VLANs 200 and 201 sent to 3/1.

c6509(config)#ip access-list extended SA-Capture
c6509(config-ext-nacl)# permit tcp any any eq 80
c6509(config-ext-nacl)#exit
c6509(config)#int vlan 200
c6509(config-if)#mls ip ids SA-Capture
c6509(config)#int vlan 201
c6509(config-if)#mls ip ids SA-Capture
c6509(config-if)#int gig3/1
c6509(config-if)#switchport capture