Guest

Cisco Nexus 7000 Series Switches

Nexus 7000 Series Switch ERSPAN Configuration Example

Document ID: 113480

Updated: Apr 27, 2012

   Print

Introduction

This document describes how to configure an encapsulated remote switched port analyzer (ERSPAN) session on a Nexus 7000 Series Switch that monitors the traffic between Ethernet ports on two different Nexus 7000 Series Switches.

Prerequisites

Requirements

Make sure that you meet these requirements before you attempt this configuration:

  • Have basic knowledge of configuration on Nexus 7000 Series Switches

  • Have basic knowledge of ERSPAN

Components Used

The information in this document is based on Nexus 7018 Series Switch on Cisco NX-OS Software Release 5.1(3).

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to the Cisco Technical Tips Conventions for more information on document conventions.

Background Information

About ERSPAN

  • ERSPAN enables remote monitoring of multiple switches across your network.

  • ERSPAN transports mirrored traffic from source ports of different switches to the destination port, where the network analyzer has connected.

  • The traffic is encapsulated at the source switch and is transferred to the destination switch, where the packet is decapsulated and then sent to the destination port.

  • ERSPAN consists of an ERSPAN source session, routable ERSPAN generic routing encapsulation (GRE)-encapsulated traffic, and an ERSPAN destination session.

  • You can configure ERSPAN source sessions and destination sessions on different switches separately.

  • ERSPAN does not monitor any packets that are generated by the supervisor, regardless of their source.

ERSPAN sources

  • The interfaces from which traffic can be monitored are called ERSPAN sources.

  • You can monitor all the packets for the source port which is received (ingress), transmitted (egress), or bidirectional (both).

  • ERSPAN sources include source ports, source VLANs, or source VSANs. When a VLAN is specified as an ERSPAN source, all supported interfaces in the VLAN are ERSPAN sources.

ERSPAN Destinations

  • Destination ports receive the copied traffic from ERSPAN sources.

  • The destination port is a port that was connected to the device such as SwitchProbe device or other Remote Monitoring (RMON) probe or security device that can receive and analyze the copied packets from single or multiple source port.

  • Destination ports do not participate in any spanning tree instance or any Layer 3 protocols.

Configure

This configuration example uses a source port on Nexus 7000 Series Switch 1 and a destination port on another Nexus 7000 Switch, where the network analyzer has connected. There is an Ethernet link between both the switches, as shown in the diagram.

Note: Use the Command Lookup Tool (registered customers only) to obtain more information on the commands used in this section.

Network Diagram

This document uses this network setup:

erspan-nexus-7k-01.gif

Configurations

This document uses these configurations:

Nexus 7000 switch 1
switch_1#configure terminal


!--- Configures an ERSPAN source session.

switch_1(config)#monitor session 48 type erspan-source

!--- Configure the sources and traffic direction.

switch_1(config-erspan-src)#source interface Ethernet2/10 both

!--- Configure the destination IP address in the ERSPAN session.

switch_1(config-erspan-src)#destination ip 10.11.11.3

!--- Configure the ERSPAN ID.

switch_1(config-erspan-src)#erspan-id 902

!--- Configure the VRF.

switch_1(config-erspan-src)#vrf default

!--- Enable the ERSPAN source session (by default the session is 
!--- in shutdown state).

switch_1(config-erspan-src)#no shut
switch_1(config-erspan-src)#exit


!--- Configure the ERSPAN global origin IP address.

switch_1(config)#monitor erspan origin ip-address 10.254.254.21 global



!--- Configure the IP address for loopback interface, which is used
!--- as source of the ERSPAN traffic.

switch_1(config)#interface loopback1
switch_1(config-if)#ip address 10.254.254.21/32
switch_1(config-if)#exit

switch_1(config)#interface Ethernet1/1
switch_1(config-if)#switchport
switch_1(config-if)#switchport mode trunk
switch_1(config-if)#no shutdown
switch_1(config-if)#exit

switch_1(config)#feature interface-vlan
switch_1(config)#interface Vlan 11
switch_1(config-if)#ip address 10.11.11.2/29
switch_1(config-if)#no ip redirects
switch_1(config-if)#no shutdown
switch_1(config-if)#exit


!--- Save the configurations in the device.

switch_1(config)#copy running-config startup-config
Switch_1(config)#exit

Nexus 7000 switch 2
switch_2#configure terminal


!--- Configures an ERSPAN destination session.

switch_2(config)#monitor session 47 type erspan-destination

!--- Configures the source IP address.

switch_2(config-erspan-src)#source ip 10.11.11.3

!--- Configures a destination for copied source packets.

switch_2(config-erspan-src)#destination interface Ethernet2/34

!--- Configure the ERSPAN ID.

switch_2(config-erspan-src)#erspan-id 902

!--- Configure the VRF.

switch_2(config-erspan-src)#vrf default

!--- Enable the ERSPAN destination session (by default the session is 
!--- in shutdown state).

switch_2(config-erspan-src)#no shut
switch_2(config-erspan-src)#exit

switch_2(config)#interface Ethernet2/34
switch_2(config-if)#switchport monitor
switch_2(config-if)#exit

switch_2(config)#feature interface-vlan
switch_2(config)#interface Vlan 11
switch_2(config-if)#ip address 10.11.11.3/29
switch_2(config-if)#no ip redirects
switch_2(config-if)#no shutdown
switch_2(config-if)#exit

switch_2(config)#interface Ethernet1/2
switch_2(config-if)#switchport
switch_2(config-if)#switchport mode trunk
switch_2(config-if)#no shutdown
switch_2(config-if)#exit


!--- Save the configurations in the device.

switch_2(config)#copy running-config startup-config
Switch_2(config)#exit

Verify

Use this section in order to confirm that your configuration works properly.

The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output.

These are some of the ERSPAN verification commands:

  • Use the show monitor command in order to display the status of the ERSPAN sessions:

    switch_1# show monitor
    Session  State        Reason                  Description
    -------  -----------  ----------------------  --------------------------------
    4        up           The session is up
  • Use the show monitor session [session session_number] command in order to display the ERSPAN session configuration:

    switch_1# show monitor session 48
       session 48
    ---------------
    type              : erspan-source
    state             : up
    erspan-id         : 902
    vrf-name          : default
    acl-name          : acl-name not specified
    ip-ttl            : 255
    ip-dscp           : 0
    destination-ip    : 10.11.11.3
    origin-ip         : 10.254.254.21 (global)
    source intf       :
        rx            : Eth2/10
        tx            : Eth2/10
        both          : Eth2/10
    source VLANs      :
        rx            :
        tx            :
        both          :
    filter VLANs      : filter not specified
  • Use the show monitor session all command in order to display all ERSPAN sessions configuration in the device.

  • Use the show running-config monitor command in order to display the running ERSPAN configuration:

    switch_1# show running-config monitor
    
    !Command: show running-config monitor
    !Time: Thu Apr 19 10:15:33 2012
    
    version 5.1(3)
    monitor session 48 type erspan-source
      erspan-id 902
      vrf default
      destination ip 10.11.11.3
      source interface Ethernet2/10 both
      no shut
    
    monitor erspan origin ip-address 10.254.254.21 global
  • Use the show startup-config monitor command in order to display the ERSPAN startup configuration.

Related Information

Updated: Apr 27, 2012
Document ID: 113480