Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter NX-OS Configuration Guide
Configuring SPAN
Downloads: This chapterpdf (PDF - 119.0KB) The complete bookPDF (PDF - 4.46MB) | Feedback

Configuring SPAN

Table Of Contents

Configuring SPAN

SPAN Sources

Characteristics of Source Ports

SPAN Destinations

Characteristics of Destination Ports

Configuring SPAN

Creating and Deleting a SPAN Session

Configuring the Destination Port

Configuring Source Ports

Configuring Source Port Channels or VLANs

Configuring the Description of a SPAN Session

Suspending or Activating a SPAN Session

Displaying SPAN Information


Configuring SPAN


The Switched Port Analyzer (SPAN) feature (sometimes called port mirroring or port monitoring) selects network traffic for analysis by a network analyzer. The network analyzer can be a Cisco SwitchProbe or other Remote Monitoring (RMON) probes.

This chapter includes the following sections:

SPAN Sources

SPAN Destinations

Configuring SPAN

SPAN Sources

SPAN sources refer to the interfaces from which traffic can be monitored. The Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter supports Ethernet, port channels, and VLANs as SPAN sources. With VLANs, all supported interfaces in the specified VLAN are included as SPAN sources. You can choose the SPAN traffic in the ingress direction, the egress direction, or both directions for Ethernet interfaces:

Ingress source (Rx)—Traffic entering the switch through this source port is copied to the SPAN destination port.

Egress source (Tx)—Traffic exiting the switch through this source port is copied to the SPAN destination port.

Characteristics of Source Ports

A source port, also called a monitored port, is a switched interface that you monitor for network traffic analysis. The switch supports any number of ingress source ports (up to the maximum number of available ports on the switch) and any number of source VLANs.

A source port has these characteristics:

Can be of any port type: Ethernet, port channel, and VLAN.

Cannot be monitored in multiple SPAN sessions.

Cannot be a destination port.

Each source port can be configured with a direction (ingress, egress, or both) to monitor. For VLAN, port channel sources, the monitored direction can only be ingress and applies to all physical ports in the group. The rx/tx option is not available for VLAN sessions.

Source ports can be in the same or different VLANs.

For VLAN SPAN sources, all active ports in the source VLAN are included as source ports.

The switch supports a maximum of two egress SPAN source ports.

SPAN Destinations

SPAN destinations refer to the interfaces that monitors source ports. The switch supports Ethernet interfaces as SPAN destinations.

Characteristics of Destination Ports

Each local SPAN session must have a destination port (also called a monitoring port) that receives a copy of traffic from the source ports, VLANs. A destination port has these characteristics:

Can be any physical Ethernet port.

Cannot be a source port.

Cannot be the destination port for two different sessions.

Cannot be a port channel.

Does not participate in spanning tree while the SPAN session is active.

Is excluded from the source list and is not monitored if it belongs to a source VLAN of any SPAN session.

Receives copies of sent and received traffic for all monitored source ports. If a destination port is oversubscribed, it can become congested.

Configuring SPAN

You can configure a SPAN session to duplicate packets from source ports to the specified destination ports on the switch. This section includes the following topics:

Creating and Deleting a SPAN Session

Configuring the Destination Port

Configuring Source Ports

Configuring Source Port Channels or VLANs

Configuring the Description of a SPAN Session

Suspending or Activating a SPAN Session

Displaying SPAN Information

Creating and Deleting a SPAN Session

You create a SPAN session by assigning a session number using the monitor command. If the session already exists, any additional configuration is added to that session.

To create a SPAN session, perform this task:

 
Command
Purpose

Step 1 

switch# configure terminal

Enters configuration mode.

Step 2 

switch(config)# monitor session session-number

Enters the monitor configuration mode. New session configuration is added to the existing session configuration.

The following example shows creating a SPAN session:

switch# configure terminal
switch(config)# monitor session 2

To ensure that you are working with a completely new session, you can delete the desired session number or all SPAN sessions.

To delete SPAN sessions, perform this task:

Command
Purpose

switch(config)# no monitor session {all | session-number}

Deletes the configuration of the specified SPAN session or all sessions.


Configuring the Destination Port

The SPAN destination port can only be a physical port on the switch. To configure an Ethernet interface as a SPAN destination port, perform this task:

 
Command
Purpose

Step 1 

switch# configure terminal

Enters configuration mode.

Step 2 

switch(config)# interface ethernet slot/port

Enters interface configuration mode for the specified Ethernet interface selected by the slot and port values.

Step 3 

switch(config-if)# switchport monitor

Sets the interface to monitor mode. Priority flow control is disabled when the port is configured as a SPAN destination.

Step 4 

switch(config-if)# exit

Reverts to global configuration mode.

Step 5 

switch(config)# monitor session session-number

Enters the monitor configuration mode.

Step 6 

switch(config-monitor)# destination interface ethernet slot/port

Configures the Ethernet destination port.

The following example shows configuring an Ethernet SPAN destination port:

switch# configure terminal
switch(config)# interface ethernet 1/3
switch(config-if)# switchport monitor
switch(config-if)# exit
switch(config)# monitor session 2
switch(config-monitor)# destination interface ethernet 1/3

Configuring Source Ports

You can configure the source ports for a SPAN session. The source ports are Ethernet ports.

To configure the source ports for a SPAN session, perform this task:

Command
Purpose

switch(config-monitor)# source interface type slot/port [rx | tx | both]

Configures sources and the traffic direction in which to duplicate packets. You can enter a range of Ethernet ports. You can specify the traffic direction to duplicate as ingress (rx), egress (tx), or both. By default, the direction is both.


The following example shows configuring an Ethernet SPAN source port:

switch# configure terminal
switch(config)# monitor session 2
switch(config-monitor)# source interface ethernet 1/16

Configuring Source Port Channels or VLANs

You can configure the source channels for a SPAN session. These ports can be port channels and VLANs. The monitored direction can only be ingress and applies to all physical ports in the group.

To configure the source channels for a SPAN session, perform this task:

Command
Purpose

switch(config-monitor)# source {interface {port-channel | channel-number rx | ethernet slot/port | vlan vlan-range}

Configures port channel or VLAN sources. The monitored direction can only be ingress and applies to all physical ports in the group. For VLAN sources, the monitored direction is implicit.


The following example shows configuring a port channel SPAN source:

switch# configure terminal
switch(config)# monitor session 2
switch(config-monitor)# source interface port-channel 1 rx

The following example shows configuring a VLAN SPAN source:

...
switch(config-monitor)# source vlan 1

Configuring the Description of a SPAN Session

To provide a descriptive name of the SPAN session for ease of reference, perform this task:

Command
Purpose

switch(config-monitor)# description description

Applies a descriptive name to the SPAN session.


The following example shows configuring a description of a SPAN session:

switch# configure terminal
switch(config)# monitor session 2
switch(config-monitor)# description monitoring ports ethernet1/2-1/4

Suspending or Activating a SPAN Session

The default is to keep the session state shut. To open a session that duplicates packets from sources to destinations, perform this task:

Command
Purpose

switch(config)# no monitor session {all | session-number} shut

Opens the specified SPAN session or all sessions.


The following example shows suspending a SPAN session:

...
switch(config)# monitor session 3 shut

To suspend a SPAN session, perform this task:

Command
Purpose

switch(config)# monitor session {all | session-number} shut

Suspends the specified SPAN session or all sessions.



Note The switch supports two active SPAN sessions. When you configure more than two SPAN sessions, the first two sessions are active. During startup, the order of active sessions is reversed; the last two sessions are active. For example, if you configured ten sessions 1 to 10 where 1 and 2 are active, after a reboot, sessions 9 and 10 will be active. To enable deterministic behavior, explicitly suspend the sessions 3 to 10 with the monitor session session-number shut command.


Displaying SPAN Information

To display SPAN information, perform this task:

Command
Purpose

switch# show monitor [session {all | session-number | range session-range} [brief]]

Displays the SPAN configuration.


The following example shows how to display SPAN session information:

switch# show monitor  
SESSION  STATE        REASON                  DESCRIPTION 
-------  -----------  ----------------------  -------------------------------- 
2        up           The session is up 
3        down         Session suspended 
4        down         No hardware resource 

The following example shows how to display SPAN session details:

switch# 
switch(config-monitor)# show monitor session 2
   session 2
---------------
type              : local
state             : down (Session admin shut)
source intf       :
    rx            : Eth1/20
    tx            : Eth1/20
    both          : Eth1/20
source VLANs      :
    rx            :
destination ports :
 
   
Legend: f = forwarding enabled, l = learning enabled
 
   
    rx            :     rx            :
switch(config-monitor)#