Nexus 5000 Series Switch ERSPAN Configuration Example

Available Languages

Download Options

  • PDF     (24.5 KB)
    View with Adobe Reader on a variety of devices
Updated:April 26, 2012
Document ID:113501

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes how to configure an encapsulated remote switched port analyzer (ERSPAN) session on a Nexus 5000 Series Switch that transports mirrored traffic over an IP network, which provides remote monitoring across your network.

Prerequisites

Requirements

Ensure that you meet these requirements before you attempt this configuration:

  • Have basic knowledge of configuration on Nexus 5000 Series Switches

  • Have basic knowledge of configuration on Nexus 7000 Series Switches

  • Have basic knowledge of ERSPAN

Components Used

The information in this document is based on these software and hardware versions:

  • Nexus 5000 Switch: Cisco Nexus 5010 Series Switch on Cisco NX-OS Software Release 5.1(3)N1(1) or later

  • Nexus 7000 Switch: Cisco Nexus 7018 Series Switch on Cisco NX-OS Software Release 5.1(3) or later

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to the Cisco Technical Tips Conventions for more information on document conventions.

Background Information

  • ERSPAN enables remote monitoring of multiple switches across your network.

  • Cisco Nexus 5000 Series Switches support only ERSPAN source sessions. Destination sessions are not supported in Nexus 5000 Switch. So in this document Nexus 7000 Switch is used as ERSPAN destination session to monitor the mirrored traffic from Nexus 5000 Switch.

  • ERSPAN consists of an ERSPAN source session, routable ERSPAN generic routing encapsulation (GRE)-encapsulated traffic, and an ERSPAN destination session.

  • ERSPAN transports mirrored traffic from source ports of different switches to the destination port, where the network analyzer has connected. The traffic is encapsulated at the source switch and is transferred to the destination switch, where the packet is decapsulated and then sent to the destination port.

  • You can configure ERSPAN source sessions and destination sessions on different switches separately.

ERSPAN Sources

  • The interfaces from which traffic can be monitored are called ERSPAN sources.

  • You can monitor all the packets for the source port which is received (ingress), transmitted (egress), or bidirectional (both).

  • ERSPAN sources include source ports, source VLANs, or source VSANs. When a VLAN is specified as an ERSPAN source, all supported interfaces in the VLAN are ERSPAN sources.

ERSPAN Destinations

  • Destination ports receive the copied traffic from ERSPAN sources.

  • The destination port is a port that was connected to the device such as a SwitchProbe device or other Remote Monitoring (RMON) probe, or security device that can receive and analyze the copied packets from a single or multiple source port.

  • Destination ports do not participate in any spanning tree instance or any Layer 3 protocols.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: Use the Command Lookup Tool (registered customers only) to obtain more information on the commands used in this section.

Network Diagram

This document uses this network setup:

nexus5000-erspan-config-01.gif

Configurations

This document uses these configurations:

Nexus 5000 Switch 
Nexus 5000#configure terminal


!--- Configures an ERSPAN source session

Nexus 5000(config)#monitor session 3 type erspan-source

!--- Configure the sources and traffic direction

Nexus 5000(config-erspan-src)#source interface Ethernet1/10 both

!--- Configure the destination IP address in the ERSPAN session

Nexus 5000(config-erspan-src)#destination ip 10.23.21.8

!--- Configure the ERSPAN ID

Nexus 5000(config-erspan-src)#erspan-id 903

!--- Configure the VRF

Nexus 5000(config-erspan-src)#vrf default

!--- Enable the ERSPAN source session (by default the session is in shutdown state)

Nexus 5000(config-erspan-src)#no shut
Nexus 5000(config-erspan-src)#exit


!--- Configure the ERSPAN global origin IP address

Nexus 5000(config)#monitor erspan origin ip-address 10.254.254.30 global



!--- Configure the IP address for loopback interface, which is used as source of the ERSPAN traffic

Nexus 5000(config)#interface loopback1
Nexus 5000(config-if)#ip address 10.254.254.30/32
Nexus 5000(config-if)#exit

Nexus 5000(config)#interface Ethernet1/1
Nexus 5000(config-if)#switchport
Nexus 5000(config-if)#switchport mode trunk
Nexus 5000(config-if)#no shutdown

Nexus 5000(config)#feature interface-vlan
Nexus 5000(config)#interface Vlan 12
Nexus 5000(config-if)#ip address 10.23.21.7/29
Nexus 5000(config-if)#no ip redirects
Nexus 5000(config-if)#no shutdown
Nexus 5000(config-if)#exit


!--- Save the configurations in the device.

switch(config)#copy running-config startup-config
Switch(config)#exit

Nexus 7000 Switch 
Nexus 7000#configure terminal


!--- Configures an ERSPAN destination session

Nexus 7000(config)#monitor session 4 type erspan-destination

!--- Configures the source IP address

Nexus 7000(config-erspan-src)#source ip 10.23.21.8

!--- Configures a destination for copied source packets

Nexus 7000(config-erspan-src)#destination interface Ethernet1/24

!--- Configure the ERSPAN ID

Nexus 7000(config-erspan-src)#erspan-id 903

!--- Configure the VRF

Nexus 7000(config-erspan-src)#vrf default

!--- Enable the ERSPAN destination session (by default the session is in shutdown state)

Nexus 7000(config-erspan-src)#no shutdown
Nexus 7000(config-erspan-src)#exit

Nexus 7000(config)#interface Ethernet1/24
Nexus 7000(config-if)#switchport monitor
Nexus 7000(config-if)#exit

Nexus 7000(config)#feature interface-vlan
Nexus 7000(config)#interface Vlan 12
Nexus 7000(config-if)#ip address 10.23.21.8/29
Nexus 7000(config-if)#no ip redirects
Nexus 7000(config-if)#no shutdown
Nexus 7000(config-if)#exit

Nexus 7000(config)#interface Ethernet1/1
Nexus 7000(config-if)#switchport
Nexus 7000(config-if)#switchport mode trunk
Nexus 7000(config-if)#no shutdown
Nexus 7000(config-if)#exit


!--- Save the configurations in the device.

Nexus 7000(config)#copy running-config startup-config
Nexus 7000(config)#exit

Verify

Use this section to confirm that your configuration works properly.

The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output.

Nexus 5000 Series Switch:

Use the show monitor command in order to display the status of the ERSPAN sessions.

Nexus 5000# show monitor
Session  State        Reason                  Description
-------  -----------  ----------------------  --------------------------------
3        up           The session is up

Use the show monitor session [session session_number] command in order to display the ERSPAN session configuration.

Nexus 5000# show monitor session 3
   session 3
---------------
type              : erspan-source
state             : up
erspan-id         : 903
vrf-name          : default
destination-ip    : 10.23.21.8
ip-ttl            : 255
ip-dscp           : 0
origin-ip         : 10.254.254.30 (global)
source intf       :
    rx            : Eth1/10
    tx            : Eth1/10
    both          : Eth1/10
source VLANs      :
    rx            :

Use the show running-config monitor command in order to display the running ERSPAN configuration.

Nexus 5000# show running-config monitor

!Command: show running-config monitor
!Time: Thu Apr 19 09:32:27 2012

version 5.1(3)N1(1)
monitor session 3 type erspan-source
  erspan-id 903
  vrf default
  destination ip 10.23.21.8
  source interface Ethernet1/10 both
  no shut

monitor erspan origin ip-address 10.254.254.30 global

Nexus 7000 Series Switch:

Use the show monitor command in order to display the status of the ERSPAN sessions.

Nexus 7000# show monitor
Session  State        Reason                  Description
-------  -----------  ----------------------  --------------------------------
4        up           The session is up

Use the show monitor session [session session_number] command in order to display the ERSPAN session configuration.

Nexus 7000# show monitor session 4
   session 4
---------------
type              : erspan-destination
state             : up
erspan-id         : 903
vrf-name          : default
source-ip         : 10.23.21.8
destination ports : Eth1/24

Legend: f = forwarding enabled, l = learning enabled

Use the show running-config monitor command in order to display the running ERSPAN configuration.

Nexus 7000# show running-config monitor

!Command: show running-config monitor
!Time: Thu Apr 19 11:13:28 2012

version 5.1(3)
monitor session 4 type erspan-destination
  erspan-id 903
  vrf default
  source ip 10.23.21.8
  destination interface Ethernet1/24
  no shut

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Related Information

Revision History

Revision Publish Date Comments
1.0
26-Apr-2012
Initial Release

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products