. Suppose I had two Cisco switches each outputting some network traffic to a SPAN port, and I needed to send the sum of all that traffic to a third device for monitoring that traffic via libpcap. You can create SPAN sessions to designate sources and destinations to monitor. The interfaces from which traffic can be monitored are called SPAN sources. See the up to 32 alphanumeric characters. Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide. -You cannot configure multiple flow monitors of same type (ipv4, ipv6 or datalink) on the same interface for same direction. SPAN sources include the following: Ethernet ports description. This chapter describes how to configure an Ethernet switched port analyzer (SPAN) to analyze traffic between ports on Cisco TCAM carving is not required for SPAN/ERSPAN on the following line cards: All other switches supporting SPAN/ERSPAN must use TCAM carving. When the UDF qualifier is added, the TCAM region goes from single wide to double wide. Cisco Nexus 7000 Series Module Shutdown and . If SPAN is not supported for management ports. This limitation does not apply to the following switch platforms which support VLAN spanning in both directions: Cisco Nexus 9504, 9508, and 9516 switches with the 97160YC-EX line card. Cisco Nexus 9500 platform switches support FEX ports as SPAN sources in the ingress direction for all traffic and in the egress . . Satellite ports and host interface port channels on the Cisco Nexus 2000 Series Fabric Extender (FEX). line rate on the Cisco Nexus 9200 platform switches. Precision Time Protocol with hardware Pulse-Per-Second port: The Cisco Nexus 3548 supports PTP operations with hardware assistance. The Cisco Nexus 9408 (N9K-C9408) is a 4 rack unit (RU) 8-slot modular chassis switch, which is configurable with up to 128 200-Gigabit QSFP56 (256 100-Gigabit by breakout) ports or 64 400-Gigabit ports. Nexus 9508 - SPAN Limitations. Configuring access ports for a Cisco Nexus switch 8.3.5. Session filtering functionality (VLAN or ACL filters) is supported only for Rx sources. The Cisco Nexus 9200 platform switches do not support Multiple ACL filters on the same source. the packets may still reach the SPAN destination port. Tx or both (Tx and Rx) are not supported. You must first configure the The no form of the command enables the SPAN session. 14. in the ingress direction for all traffic and in the egress direction only for known Layer 2 unicast traffic flows through Configuring trunk ports for a Cisco Nexus switch 8.3.3. This example shows how to configure UDF-based SPAN to match regular IP packets with a packet signature (DEADBEEF) at 6 bytes and N9K-X9636Q-R line cards. session number. Some examples of this behavior on source ports are as follows: SPAN sessions cannot capture packets with broadcast or multicast MAC addresses that reach the supervisor, such as ARP requests https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/system_management/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_System_Management_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_System_Management_Configuration_ Find answers to your questions by entering keywords or phrases in the Search bar above. Packets with FCS errors are not mirrored in a SPAN session. 9508 switches with N9K-X9636C-R and N9K-X9636Q-R line cards. interface. ports have the following characteristics: A port either a series of comma-separated entries or a range of numbers. description. Enters the monitor configuration mode. On Cisco Nexus 9500 platform switches with EX/FX modules, SPAN and sFlow cannot both be enabled simultaneously. For the Cisco Nexus 9732C-EX line card, one copy is made per unit that has members. To configure a SPAN for all traffic to and from a downstream switch on port 5/2 using a Cisco Nexus 5000 SPAN . The SPAN feature supports stateless For more information, see the "Configuring ACL TCAM Region If one is SPAN sessions are shutdown and enabled using either 'shutdown' or 'no shutdown' commands. monitor You can configure a SPAN session on the local device only. match for the same list of UDFs. specify the traffic direction to copy as ingress (rx), egress (tx), or both. Set the interface to monitor mode. that is larger than the configured MTU size is truncated to the given size. slot/port. Rx is from the perspective of the ASIC (traffic egresses from the supervisor over the inband and is received by the ASIC/SPAN). Therefore, the TTL, VLAN ID, any remarking due to egress policy, type [rx | tx | both] | [vlan {number | range}[rx]} | [vsan {number | range}[rx]}. On the Cisco Nexus 9300-EX/FX/FX2/FX3/GX platform switches, the CPU SPAN source can be added only for the Rx direction (SPAN packets coming from the CPU). Rx direction. port-channels are specified as a SPAN source or SPAN destination, the software displays an unsupported error. Enables the SPAN session. Cisco Nexus 9508 switches with 9636C-R and 9636Q-R line cards. ternary content addressable memory (TCAM) regions in the hardware. Enters the monitor configuration mode. switches using non-EX line cards. to not monitor the ports on which this flow is forwarded. If you are configuring a multiple destination port for a SPAN session on a Cisco Nexus 7000 switch, do the following: Remove the module type restriction when configuring multiple SPAN destination port to allow a SPAN session. configure one or more sources, as either a series of comma-separated entries or The optional keyword shut specifies a Enters global configuration shut. Truncation helps to decrease SPAN bandwidth by reducing the size of monitored packets. tx | You Enabling Unidirectional Link Detection (UDLD) on the SPAN source and destination ports simultaneously is not supported. This chapter contains the following sections: SPAN analyzes all traffic between source ports by directing the SPAN (Otherwise, the slice unidirectional session, the direction of the source must match the direction Configures the ACL to match only on UDFs (example 1) or to match on UDFs along with the current access control entries (ACEs) You can change the rate limit Shuts down the specified SPAN sessions. All SPAN replication is performed in the hardware. On the Cisco Nexus 9200 platform switches, SPAN packets to the CPU are rate limited and are dropped in the inband path. SPAN source ports Select the Smartports option in the CNA menu. You can configure one or more VLANs, as either a series of comma-separated configuration. Please reference this sample configuration for the Cisco Nexus 7000 Series: The SPAN TCAM size is 128 or 256, depending on the ASIC. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Cisco Nexus 9300 and 9500 platform switches support FEX ports as SPAN sources in the ingress direction for all traffic and FNF limitations. VLAN Tx SPAN is supported on Cisco Nexus 9300-EX and FX platform switches. Manager System Events and Configuration Examples, Configuration Limits for Cisco NX-OS System Management, Characteristics of Source Ports, SPAN Destinations, Characteristics of Destination Ports, SPAN Sessions, Localized SPAN Sessions, ACL TCAM Regions, High Availability, Licensing Requirements for SPAN, Prerequisites for SPAN, Default Settings for SPAN, Configuring SPAN, Configuring a SPAN Session, Shutting Down or Resuming a SPAN Session, Verifying the SPAN Configuration, Configuration Examples for SPAN, Configuration Example for a SPAN Session, Configuration Example for a Unidirectional SPAN Session, Configuration Example for a SPAN ACL, Additional References, Related Documents, Configuration Example for a Unidirectional SPAN Session. can alleviate this problem as well as traffic overload on the source forwarding instance by configuring a source rate limit for each SPAN session. Rx SPAN is supported. to enable another session. You can resume (enable) SPAN sessions to resume the copying of packets from sources to destinations. The Cisco Catalyst 2950 and 3550 switches can forward traffic on a destination SPAN port in Cisco IOS Software Release 12.1(13)EA1 and later. Open a monitor session. refer to the interfaces that monitor source ports. UDF-SPAN acl-filtering only supports source interface rx. These features are not supported for Layer 3 port sources, FEX ports (with unicast or multicast The port GE0/8 is where the user device is connected. By default, the session is created in the shut state. udf-nameSpecifies the name of the UDF. End with CNTL/Z. type and the Bridge Protocol Data Unit (BPDU) class of packets are sent using SOBMH. By default, SPAN sessions are created in the shut Due to the hardware limitation, only the span-acl. This applies to all switches except Cisco Nexus 9300-EX/-FX/-FX2/-FX3/-GX platform switches, and Cisco Nexus 9500 series platform switches with -EX/-FX line cards. A SPAN session with a VLAN source is not localized. [rx | Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 6.x, View with Adobe Reader on a variety of devices. and the session is a local SPAN session. Limitations of SPAN on Cisco Catalyst Models. Note: . to copy ingress (Rx), egress (Tx), or both directions of traffic. Select the Smartports option in the CNA menu. Source) on a different ASIC instance, then a Tx mirrored packet has a VLAN ID of 4095 on Cisco Nexus 9300 platform switches By default, sessions are created in the shut state. The following guidelines and limitations apply to Cisco Nexus 9200 and 9300-EX Series switches: Copies the running configuration to the startup configuration. This guideline does not apply for Cisco Nexus 9508 switches with SPAN session. SPAN truncation is disabled by default. Cisco Catalyst switches can forward traffic on a destination SPAN port in Cisco IOS 12.1(13)EA1 and later; Cisco Catalyst 3550, 3560 and 3750 switches can support up to two SPAN sessions at a time and can monitor source ports as well as VLANs . monitored. The bytes specified are retained starting from the header of the packets. An access-group filter in a SPAN session must be configured as vlan-accessmap. down the specified SPAN sessions. ethernet slot/port. interface as a SPAN destination. The documentation set for this product strives to use bias-free language. select from the configured sources. Destination ports do not participate in any spanning tree instance. Destination If this were a local SPAN port, there would be monitoring limitations on a single port. VLAN and ACL filters are not supported for FEX ports. A SPAN copy of Cisco Nexus 9300 platform switch 40G uplink interfaces will miss the dot1q information when spanned in the After a reboot or supervisor switchover, the running session . The Cisco Nexus 5000 Series switch supports Ethernet, Fibre Channel, virtual Fibre Channel, port channels, SAN port channels, VLANs, and VSANs as SPAN sources. An egress SPAN copy of an access port on Cisco Nexus N3100 Series switch interfaces will always have a dot1q header. This guideline does not apply for Cisco Nexus designate sources and destinations to monitor. Beginning with Cisco NX-OS Release 7.0(3)I7(1), you can configure the truncation of source packets for each SPAN session based state. NX-OS devices. When SPAN/ERSPAN is used to capture the Rx traffic on the FEX HIF ports, additional VNTAG and 802.1q tags are present in the In addition, if for any reason one or more of entries or a range of numbers. This limitation applies to the Cisco Nexus 97160YC-EX line card. EOR switches and SPAN sessions that have Tx port sources. Enter interface configuration mode for the specified Ethernet interface selected by the port values. Configuring LACP for a Cisco Nexus switch 8.3.8. traffic in the direction specified is copied. MTU value specified. destination interface The number of SPAN sessions per line card reduces to two if the same interface is configured as a bidirectional source in interface always has a dot1q header. ports, a port channel, an inband interface, a range of VLANs, or a satellite Configuring LACP on the physical NIC 8.3.7. Configures the Ethernet SPAN destination port. By default, SPAN sessions are created in the shut state. SPAN session. Supervisor-generated stream of bytes module header (SOBMH) packets have all of the information to go out on an interface and Cisco Nexus 9300-EX/FX/FX2/FX3/FXP platform switches support FEX ports as SPAN sources only in the ingress direction. Security Configuration Guide. monitor session You can shut down one command. Clears the configuration of A session destination Design Choices. Enables the SPAN session. The following guidelines and limitations apply to egress (Tx) SPAN: SPAN copies for multicast packets are made prior to rewrite. and the Bridge Protocol Data Unit (BPDU) class of packets are sent using SOBMH. To display the SPAN 9508 switches with N9K-X9636C-R and N9K-X9636Q-R line cards. Truncation is supported only for local and ERSPAN source sessions. The bytes specified are retained starting from the header of the packets. You can configure only one destination port in a SPAN session. This example shows how to set up SPAN session 1 for monitoring source port traffic to a destination port. For Tx interface SPAN with Layer 2 switch port and port-channel sources on Cisco Nexus 9300-EX/FX/FX2/FX3/GX platform switches, only one copy is made per receiver unit regardless of how many Layer 2 members are receiving the stream