Perhaps you can share why you are considering a SPAN port? Generally not something that I see implemented, the logistics and management make the deployment difficult.
------------------------------
Carson Hulcher, ACEX#110
------------------------------
Original Message:
Sent: Oct 06, 2025 01:44 PM
From: harriman
Subject: ClearPass SPAN for Profiling
I'm looking for guidance and best practices around using the SPAN (mirror) port on a ClearPass hardware appliance for device profiling.
Specifically:
What are the recommended configurations and limitations when using SPAN-based profiling (for example, throughput limits, CPU impact, interface selection)?
Are there any hardware model differences (for example, N3001 vs. N3000 appliances) that affect profiling capacity or performance?
What are the best practices for connecting the SPAN source, such as whether to filter traffic, aggregate multiple VLANs, or use a dedicated switch port?
Any watch-outs or common issues (duplicate MACs, VLAN tagging, asymmetric traffic, etc.) when using SPAN profiling in production?
Can anyone recommend using a separate dedicated profiler node or VM instead of relying on SPAN on the same ClearPass appliance that handles authentication?
-------------------------------------------