SPAN Sources
SPAN sources refer to the interfaces from which traffic can be monitored. The Cisco Nexus 5000 Series switch supports Ethernet, Fibre Channel, virtual Fibre Channel, port channels, SAN port channels, VLANs, and VSANs as SPAN sources. With VLANs or VSANs, all supported interfaces in the specified VLAN or VSAN are included as SPAN sources. You can choose the SPAN traffic in the ingress direction, the egress direction, or both directions for Ethernet, Fibre Channel, and virtual Fibre Channel source interfaces:
- Ingress source (Rx)—Traffic entering the switch through this source port is copied to the SPAN destination port.
- Egress source (Tx)—Traffic exiting the switch through this source port is copied to the SPAN destination port.
Characteristics of Source Ports
A source port, also called a monitored port, is a switched interface that you monitor for network traffic analysis. The switch supports any number of ingress source ports (up to the maximum number of available ports on the switch) and any number of source VLANs or VSANs.
A source port has these characteristics:
- Can be of any port type: Ethernet, Fibre Channel, virtual Fibre Channel, port channel, SAN port channel, VLAN, and VSAN.
- Cannot be monitored in multiple SPAN sessions.
- Cannot be a destination port.
- Each source port can be configured with a direction (ingress, egress, or both) to monitor. For VLAN, VSAN, port channel, and SAN port channel sources, the monitored direction can only be ingress and applies to all physical ports in the group. The rx/tx option is not available for VLAN or VSAN SPAN sessions.
- Source ports can be in the same or different VLANs or VSANs.
- For VLAN or VSAN SPAN sources, all active ports in the source VLAN or VSAN are included as source ports.
- The switch supports a maximum of two egress SPAN source ports.
Note Consider a scenario in which an ERSPAN session and a local SPAN session is configured on a switch. Egress ports on both sessions are different. However, the ingress port on the local SPAN session is also receiving GRE-encapsulated traffic from the ERSPAN session. In such a scenario, the local SPAN session captures only the non-GRE-encapsulated traffic from the port that is defined as the source.
Configuring SPAN
You can configure a SPAN session to duplicate packets from source ports to the specified destination ports on the switch. This section includes the following topics:
Creating and Deleting a SPAN Session
You create a SPAN session by assigning a session number using the monitor command. If the session already exists, any additional configuration is added to that session.
To create a SPAN session, perform this task:
|
|
|
Step 1 |
switch# configure terminal |
Enters global configuration mode. |
Step 2 |
switch(config)# monitor session session-number |
Enters the monitor configuration mode. New session configuration is added to the existing session configuration. The session-number can be from 1 to 18. You can configure up to 18 sessions; however you can have only 2 sessions active at a time. When you configure more than two SPAN sessions, the first two sessions are active. During startup, the order of active sessions is reversed; the last two sessions are active. For example, if you configured ten sessions 1 to 10 where 1 and 2 are active, after a reboot, sessions 9 and 10 will be active. To enable deterministic behavior, explicitly suspend the sessions 3 to 10 with the monitor session session-number shut command. |
The following example shows creating a SPAN session:
switch# configure terminal
switch(config)# monitor session 2
To ensure that you are working with a completely new session, you can delete the desired session number or all SPAN sessions.
To delete SPAN sessions, perform this task:
|
|
switch(config)# no monitor session { all | session-number} |
Deletes the configuration of the specified SPAN session or all sessions. |
Configuring the Destination Port
The SPAN destination port can only be a physical port on the switch. There are minor differences between the configuration of Ethernet and Fibre Channel destination ports as detailed in the following topics.
Configuring an Ethernet Destination Port
To configure an Ethernet interface as a SPAN destination port, perform this task:
|
|
|
Step 1 |
switch# configure terminal |
Enters global configuration mode. |
Step 2 |
switch(config)# interface ethernet slot / port |
Enters interface configuration mode for the specified Ethernet interface selected by the slot and port values. |
Step 3 |
switch(config-if)# switchport monitor |
Sets the interface to monitor mode. Priority flow control is disabled when the port is configured as a SPAN destination. |
Step 4 |
switch(config-if)# exit |
Reverts to global configuration mode. |
Step 5 |
switch(config)# monitor session session-number |
Enters the monitor configuration mode. |
Step 6 |
switch(config-monitor)# destination interface ethernet slot / port |
Configures the Ethernet destination port. |
The following example shows configuring an Ethernet SPAN destination port:
switch# configure terminal
switch(config)# interface ethernet 1/3
switch(config-if)# switchport monitor
switch(config-if)# exit
switch(config)# monitor session 2
switch(config-monitor)# destination interface ethernet 1/3
Configuring Fibre Channel Destination Port
To configure a Fibre Channel port as a SPAN destination port, perform this task:
|
|
|
Step 1 |
switch# configure terminal |
Enters global configuration mode. |
Step 2 |
switch(config)# interface fc slot / port |
Enters interface configuration mode for the specified Fibre Channel interface selected by the slot and port values. |
Step 3 |
switch(config-if)# switchport mode SD |
Sets the interface to SPAN destination (SD) mode. |
Step 4 |
switch(config-if)# switchport speed 1000 |
Sets the interface speed to 1000. The auto speed option is not allowed. |
Step 5 |
switch(config-if)# exit |
Reverts to global configuration mode. |
Step 6 |
switch(config)# monitor session session-number |
Enters the monitor configuration mode. |
Step 7 |
switch(config-monitor)# destination interface fc slot / port |
Configures the Fibre Channel destination port. |
The following example shows configuring an Ethernet SPAN destination port:
switch# configure terminal
switch(config)# interface fc 2/4
switch(config-if)# switchport mode SD
switch(config-if)# switchport speed 1000
switch(config-if)# exit
switch(config)# monitor session 2
switch(config-monitor)# destination interface fc 2/4
Configuring Source Ports
You can configure the source ports for a SPAN session. The source ports can be Ethernet, Fibre Channel, or virtual Fibre Channel ports.
To configure the source ports for a SPAN session, perform this task:
|
|
switch(config-monitor)# source interface type slot / port [ rx | tx | both ] |
Configures sources and the traffic direction in which to duplicate packets. You can enter a range of Ethernet, Fibre Channel, or virtual Fibre Channel ports. You can specify the traffic direction to duplicate as ingress (rx), egress (tx), or both. By default, the direction is both. |
The following example shows configuring an Ethernet SPAN source port:
switch# configure terminal
switch(config)# monitor session 2
switch(config-monitor)# source interface ethernet 1/16
The following example shows configuring a Fibre Channel SPAN source port:
...
switch(config-monitor)# source interface fc 2/1
The following example shows configuring a virtual Fibre Channel SPAN source port:
...
switch(config-monitor)# source interface vfc 129
Configuring Source Port Channels, VLANs, or VSANs
You can configure the source channels for a SPAN session. These ports can be port channels, SAN port channels, VLANs, and VSANs. The monitored direction can only be ingress and applies to all physical ports in the group.
To configure the source channels for a SPAN session, perform this task:
|
|
switch(config-monitor)# source { interface { port-channel | san-port-channel } channel-number rx | vlan vlan-range | vsan vsan-range } |
Configures port channel, SAN port channel, VLAN, or VSAN sources. The monitored direction can only be ingress and applies to all physical ports in the group. For VLAN or VSAN sources, the monitored direction is implicit. |
The following example shows configuring a port channel SPAN source:
switch# configure terminal
switch(config)# monitor session 2
switch(config-monitor)# source interface port-channel 1 rx
The following example shows configuring a SAN port channel SPAN source:
...
switch(config-monitor)# source interface san-port-channel 3 rx
The following example shows configuring a VLAN SPAN source:
...
switch(config-monitor)# source vlan 1
- The following example shows configuring a VSAN SPAN source:
...
switch(config-monitor)# source vsan 1
Configuring the Description of a SPAN Session
To provide a descriptive name of the SPAN session for ease of reference, perform this task:
|
|
switch(config-monitor)# description description |
Applies a descriptive name to the SPAN session. |
The following example shows configuring a description of a SPAN session:
switch# configure terminal
switch(config)# monitor session 2
switch(config-monitor)# description monitoring ports fc2/2-fc2/4
Suspending or Activating a SPAN Session
The default is to keep the session state shut. To open a session that duplicates packets from sources to destinations, perform this task:
|
|
switch(config)# no monitor session { all | session-number } shut |
Opens the specified SPAN session or all sessions. |
The following example shows suspending a SPAN session:
...
switch(config)# monitor session 3 shut
To suspend a SPAN session, perform this task:
|
|
switch(config)# monitor session { all | session-number } shut |
Suspends the specified SPAN session or all sessions. |
Note The Cisco Nexus 5000 Series switch supports two active SPAN sessions. When you configure more than two SPAN sessions, the first two sessions are active. During startup, the order of active sessions is reversed; the last two sessions are active. For example, if you configured ten sessions 1 to 10 where 1 and 2 are active, after a reboot, sessions 9 and 10 will be active. To enable deterministic behavior, explicitly suspend the sessions 3 to 10 with the monitor session session-number shut command.
Displaying SPAN Information
To display SPAN information, perform this task:
|
|
switch# show monitor [ session { all | session-number | range session-range } [ brief ]] |
Displays the SPAN configuration. |
This example shows how to display SPAN session information:
switch# show monitor
SESSION STATE REASON DESCRIPTION
------- ----------- ---------------------- --------------------------------
2 up The session is up
3 down Session suspended
4 down No hardware resource
This example shows how to display SPAN session details:
switch# show monitor session 2
session 2
---------------
type : local
state : up
source intf :
rx : fc3/1
tx : fc3/1
both : fc3/1
source VLANs :
rx :
source VSANs :
rx : 1
destination ports : Eth3/1