Cisco Nexus 6000 Series NX-OS System Management Configuration Guide, Release 6.x
Configuring ERSPAN
Downloads: This chapterpdf (PDF - 1.47MB) The complete bookPDF (PDF - 4.08MB) | The complete bookePub (ePub - 612.0KB) | The complete bookMobi (Mobi - 1.13MB) | Feedback

Configuring ERSPAN

Contents

Configuring ERSPAN

This chapter contains the following sections:

Information About ERSPAN

ERSPAN transports mirrored traffic over an IP network, which provides remote monitoring of multiple switches across your network. The traffic is encapsulated at the source router and is transferred across the network. The packet is decapsulated at the destination router and then sent to the destination interface.

ERSPAN consists of an ERSPAN source session, routable ERSPAN generic routing encapsulation (GRE)-encapsulated traffic, and an ERSPAN destination session. You can separately configure ERSPAN source sessions and destination sessions on different switches.

ERSPAN Source Sessions

An ERSPAN source session is defined by the following:

  • A session ID.
  • A list of source ports, source VLANs, or source VSANs to be monitored by the session.
  • An ERSPAN flow ID.
  • Optional attributes related to the GRE envelope such as IP TOS and TTL.
  • Destination IP address.
  • Virtual Routing and Forwarding tables.

ERSPAN source sessions do not copy ERSPAN GRE-encapsulated traffic from source ports. Each ERSPAN source session can have ports, VLANs, or VSANs as sources. However, there are some limitations. For information, see Guidelines and Limitations for ERSPAN.

The following figure shows an example ERSPAN configuration.

Figure 1. ERSPAN Configuration

Monitored Traffic

By default, ERSPAN monitors all traffic, including multicast and bridge protocol data unit (BPDU) frames.

The direction of the traffic that ERSPAN monitors depends on the source, as follows:

  • For a source port, the ERSPAN can monitor ingress, egress, or both ingress and egress traffic.
  • For a source VLAN or source VSAN, the ERSPAN can monitor only ingress traffic.

ERSPAN Sources

The interfaces from which traffic can be monitored are called ERSPAN sources. Sources designate the traffic to monitor and whether to copy ingress, egress, or both directions of traffic. ERSPAN sources include the following:

  • Source Ports—A source port is a port monitored for traffic analysis. You can configure source ports in any VLAN, and trunk ports can be configured as source ports and mixed with nontrunk source ports.
  • Source VLANs—A source VLAN is a virtual local area network (VLAN) that is monitored for traffic analysis.
  • Source VSANs—A source VSAN is a virtual storage area network (VSAN) that is monitored for traffic analysis.

ERSPAN Destinations

ERSPAN destination sessions capture packets sent by ERSPAN source sessions on Ethernet ports or port channels and send them to the destination port. Destination ports receive the copied traffic from ERSPAN sources.

ERSPAN destination sessions are identified by the configured source IP address and ERSPAN ID. This allows multiple source sessions to send ERSPAN traffic to the same destination IP and ERSPAN ID and allows you to have multiple sources terminating at a single destination simultaneously.

ERSPAN destination ports have the following characteristics:
  • A port configured as a destination port cannot also be configured as a source port.
  • Destination ports do not participate in any spanning tree instance or any Layer 3 protocols.
  • Ingress and ingress learning options are not supported on monitor destination ports.
  • Host Interface (HIF) port channels and fabric port channel ports are not supported as SPAN destination ports.

Truncated ERSPAN

Truncated ERSPAN can be used to reduce the amount of fabric or network bandwidth used in sending ERSPAN packets.

The default is no truncation so switches or routers receiving large ERSPAN packets might drop these oversized packets.


Note


Do not enable the truncated ERSPAN feature if the destination ERSPAN router is a Cisco Catalyst 6000 Series switch because the Cisco Catalyst 6000 Series switch drops these truncated packets.


ERSPAN with ACL

With ERSPAN traffic the destination is remote and the overall impact of bandwidth congestion can be significant. The ERSPAN with ACL filtering feature allows you to filter ERSPAN traffic so that you can reduce bandwidth congestion. To configure ERSPAN with ACL filtering, you use ACL’s for the session to filter out traffic that you do not to span. An ACL is a list of permissions associated to any entity in the system; in the context of a monitoring session, an ACL is a list of rules which results in the spanning of traffic that matches the ACL criteria, saving bandwidth for more meaningful data. The filter would apply on all sources in the session (vlan or interface).

ERSPAN SPAN on Drop

The ERSPAN SPAN-on-drop feature enables the spanning of packets which would normally be dropped due to unavailable buffer or queue space on ingress. Instead of dropping a packet when congestion occurs, the system stores the packet in a separate SPAN-on-drop buffer and then sends the packet to the specified ERSPAN-on-drop destination IP address.

ERSPAN SPAN-on-Latency

The ERSPAN-on-Latency feature allows the system to SPAN packets that exceed a pre-configured latency threshold.

For high-latency flows the system can be configured to send a copy to any pre-configured SPAN destination. This creates a data set for analytics that can be used to check which applications are impacted by increased latency in the network. This feature can also be used to identify traffic flows that experience congestion.


Note


SPAN copies can be transported to a local analyzer port, or remote analyzer using IPFIX/ERSPAN encapsulation. The SPAN copies can be truncated to save bandwidth.


High Availability

The ERSPAN feature supports stateless restarts. After a reboot, the running configuration is applied.

Licensing Requirements for ERSPAN

The following table shows the licensing requirements for this feature:

Product License Requirement

Cisco NX-OS

ERSPAN requires no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the License and Copyright Information for Cisco NX-OS Software available at the following URL: http:/​/​www.cisco.com/​en/​US/​docs/​switches/​datacenter/​sw/​4_0/​nx-os/​license_agreement/​nx-ossw_​lisns.html.

Prerequisites for ERSPAN

ERSPAN has the following prerequisite:

•You must first configure the Ethernet interfaces for ports on each device to support the desired ERSPAN configuration. For more information, see the Interfaces configuration guide for your platform.

Guidelines and Limitations for ERSPAN

ERSPAN has the following guidelines and limitations:

  • A maximum of 16 active sessions are supported. They can be ERSPAN sessions only or a mixture of ERSPAN and SPAN sessions.
  • The maximum number of ports for each ERSPAN session is 128.
  • The maximum number of VLANs per session is 32.
  • You can have source ports, source VLANs, and source VSANs in one ERSPAN session.
  • ERSPAN can monitor ingress, egress, or both ingress and egress traffic on a source port and only ingress traffic on source VLANs or source VSANs as long as the VLAN is not mapped to a VSAN. ERSPAN cannot monitor egress traffic on source VLANs and VSANs.
  • To bring up an ERSPAN moniot session, you must first configure a global origin address using the monitor erspan origin ip-address ip-address global command.
  • Source ports and source VLANs can be in the same ERSPAN session.
  • ERSPAN traffic can exit the switch through a Layer 2 interface, Layer 3 interface, port channel, or FabricPath core port.
  • A destination IP address of a remote switch cannot be reached through a virtual Ethernet port or FEX port. This functionality is not supported.
  • ERSPAN traffic is not load balanced if the reachability to a destination IP address is a Layer 3 ECMP or a port channel. In the case of ECMP, the ERSPAN traffic is sent to only one next-hop router or one member of the port channel.
  • ERSPAN supports Fast Ethernet, Gigabit Ethernet, TenGigabit Ethernet, and port channel interfaces as source ports for a source session.
  • When a session is configured through the ERSPAN configuration commands, the session ID and the session type cannot be changed. In order to change them, you must first use the no version of the configuration command to remove the session and then reconfigure the session.
  • ERSPAN traffic might compete with regular data traffic.
  • ERSPAN traffic is assigned to the QoS class-default system class (qos-group 0).
  • To ensure that data traffic is prioritized over ERSPAN traffic, you can create a QoS system class with prioritization above the class-default system class on the ERSPAN destination port. On Layer 3 networks, ERSPAN traffic can be marked with a the desired Differentiated Services Code Point (DSCP) value using the ip dscp command. By default, ERSPAN traffic is marked with a DSCP value of 0.
  • The rate limit command is not supported.
The following guidelines and limitations apply to ERSPAN SPAN-on-Drop sessions:
  • Only Ethernet source interfaces are supported (port channels not supported). Sources can be a part of a SPAN-on-Drop session and a local SPAN session simultaneously.
  • At most only one SPAN-on-Drop or SPAN-on-Drop ERSPAN session may be active at the same time.
  • Directions on source interfaces are not supported.
  • Fex interfaces are not supported as sources. However, fabric interfaces are supported. Setting a fabric interface as a source allows SPAN-on-Drop sessions to be enabled on all Fex ports associated with that fabric interface.
  • Multicast egress drops are not spanned. SPAN-on-Drop applies only to packets dropped in ingress due to a lack of buffer resources or when the Virtual Output Queuing (VOQ) size exceeds the preprogrammed threshold.
  • ACL-based ERSPAN-on-Drop is not supported
  • Configuring the maximum transmission unit (MTU) truncation size for packets is not supported for ERSPAN SPAN-on-Drop sessions.
The following guidelines and limitations apply to ERSPAN SPAN-on-Latency sessions:
  • Although SPAN-on-Latency detection is performed on a per-port basis, the span pointer configuration is a global value.
  • The maximum latency threshold value configuration is per 40 Gigabit port. Therefore, if there the system has 10 Gigabit ports, the latency threshold is shared by four 10 Gigabit ports.
  • At most only one SPAN-on-Latency or SPAN-on-Latency ERSPAN session may be active at the same time.
The following limitations apply to ERSPAN source sessions Access Control Lists (ACL) configurations:
  • ACLs are supported on ERSPAN source sessions only. ACLs are not supported on ERSPAN destination sessions.
  • Due to system limitations, the extent to which an ACL associated to ERSPAN session can scale depends on the how the SPAN source is configured. The following table shows different scenarios and the corresponding maximum ACL size supported.

    Note


    These calculations assume that each ACE in the ACL results in one final TCAM entry.
    Scenario Maximum ACL Size

    ERSPAN has single Switch Port as source with both Tx and Rx.

    Current Available TCAM Entries/2

    ERSPAN has multiple Switch Ports as source with both Tx and Rx.

    Current Available TCAM Entries/3

    ERSPAN has Port Channel (with one or more member switch ports) as source with both Tx and Rx.

    Current Available TCAM Entries/3

    ERSPAN has single HIF Ports as source with both Tx and Rx.

    Current Available TCAM Entries/3

    ERSPAN has multiple HIF Ports as source with both Tx and Rx.

    Current Available TCAM Entries/4

    ERSPAN has HIF Port Channel (with one or more member HIF ports) as source with both Tx and Rx.

    Current Available TCAM Entries/4

  • Due to system limitations, the extent to which an ACL associated to ERSPAN session can scale depends on the how the SPAN source is configured. The following table shows different scenarios and the corresponding maximum ACL size supported.

    Note


    These calculations assume that each ACE in the ACL results in one final TCAM entry.
    Scenario Maximum ACL Size

    ERSPAN has single Switch Port as source with both Tx and Rx.

    Current Available TCAM Entries/2

    ERSPAN has multiple Switch Ports as source with both Tx and Rx.

    Current Available TCAM Entries/3

    ERSPAN has Port Channel (with one or more member switch ports) as source with both Tx and Rx.

    Current Available TCAM Entries/3

    ERSPAN has single HIF Ports as source with both Tx and Rx.

    Current Available TCAM Entries/3

    ERSPAN has multiple HIF Ports as source with both Tx and Rx.

    Current Available TCAM Entries/4

    ERSPAN has HIF Port Channel (with one or more member HIF ports) as source with both Tx and Rx.

    Current Available TCAM Entries/4

  • The following scenarios are unaffected by any system limitations for ACL and SPAN session scaling:
    • ERSPAN has single Switch Port as source with Tx only.
    • ERSPAN has multiple Switch Ports as source with Tx only.
    • ERSPAN has a Port Channel (with one or more member switch ports) as source with Tx only.
    • ERSPAN has a single Host Interface (HIF) Port as source with Tx only.
    • ERSPAN has multiple HIF Ports as source with Tx only.
    • ERSPAN has a single Port HIF Channel (with one or more member HIF ports) as source with Tx only.
    • ERSPAN has a single Switch Port as source with Rx only.
    • ERSPAN has multiple Switch Ports as source with Rx only.
    • ERSPAN has a Port Channel (with one or more member switch ports) as source with Rx only.
    • ERSPAN has a single HIF Ports as source with with Rx only.
    • ERSPAN has multiple HIF Ports as source with Rx only.
    • ERSPAN has a HIF Port Channel (with one or more member HIF ports) as source with Rx only
  • The following guidelines apply when configuring ERSPAN source sessions with ACLs:
    • When you associate an ACL with an ERSPAN session, you must ensure that its size is not greater than the calculations given in the table above. Otherwise the ERSPAN session fails and generate a "TCAM resource unavailable" error. If the ACL has Layer 4 Operations and TCAM resource expansion is enabled, you need to know the expected expanded size and you need to use the expanded size to calculate the maximum ACL size.
    • If you change the ACL that is attached to a ERSPAN session, the ACL size can exceed the maximum ACL size allowed. In this scenario, the SPAN session continues to work with the modified ACL. However, you should undo the ACEs added to the ACL to limit the size to maximum allowed ACL size.
    • If you add a ERSPAN session when one already exists, then to modify the first span session there should be free TCAM entries of size equal to number of ACEs in the associated ACL (Assuming that each ACE requires one TCAM entry. If it gets expanded, the expanded size should be considered). Therefore, TCAM entries consumed by the second ERSPAN session should be released.
    • To replace a large ACL with another large ACL (which could cause the ERSPAN session to enter a generic error state), you must first remove the existing filter access group (using the no filter access-group current acl name command), and then configure the new filter access group (using the filter access-group new acl name command).

Default Settings for ERSPAN

The following table lists the default settings for ERSPAN parameters.

Table 1 Default ERSPAN Parameters

Parameters

Default

ERSPAN sessions

Created in the shut state.

Truncated ERSPAN

Disabled.

Configuring ERSPAN

Configuring an ERSPAN Source Session

The ERSPAN source session defines the session configuration parameters and the ports or VLANs to be monitored. This section describes how to configure an ERSPAN source session.

Procedure
     Command or ActionPurpose
    Step 1configuration terminal


    Example:
    switch# config t
    switch(config)#
     

    Enters global configuration mode.

     
    Step 2monitor session span-session-number type {erspan-source | local}


    Example:
    switch(config)# monitor session 1 type erspan-source
    switch(config-erspan-src)#
     

    Defines an ERSPAN source session using the session ID and the session type, and places the command in ERSPAN monitor source session configuration mode.

    The span-session-number argument range is from 1 to 1024. The same session number cannot be used more than once.

    The session IDs for source sessions are in the same global ID space, so each session ID is globally unique.

    The session ID (configured by the span-session-number argument) and the session type (configured by the erspan-source keyword) cannot be changed once entered. To change session ID or session type, use the no version of the command to remove the session and then recreate the session through the command with a new session ID or a new session type.

     
    Step 3description erspan_session_description


    Example:
    switch(config-erspan-src)# description source1
     
    (Optional)

    Describes the ERSPAN source session.

    The erspan_session_description argument can be up to 32 characters and cannot contain special characters or spaces.

     
    Step 4source interface { ethernet slot/chassis number | portchannel number }


    Example:
    switch(config-erspan-src)# source interface eth 1/1
     

    Associates the ERSPAN source session number with the source ports (1-255).

     
    Step 5source vlan number


    Example:
    switch(config-erspan-src)# source vlan 1
     

    Associates the ERSPAN source session number with the VLANs (1-4096).

     
    Step 6source vsan number


    Example:
    switch(config-erspan-src)# source vsan 1
     

    Specifies the VSAN ID number. The range is 1 to 4093.

     

    Step 7destination ip ip-address


    Example:
    switch(config-erspan-src)# destination ip 192.0.2.2
     

    Configures the destination IP address in the ERSPAN session. Only one destination IP address is supported per ERSPAN source session.

     
    Step 8erspan-id flow-id


    Example:
    switch(config-erspan-src)# erspan-id 5
     

    Configures the flow ID to identify the ERSPAN flow. The range is from 1 to 1023.

     
    Step 9vrf {vrf-name | default }


    Example:
    switch(config-erspan-src)# vrf default
     

    Configures the VRF to use instead of the global routing table. You can use a VRF that you have specifically configured or the default VRF.

     
    Step 10[no] filter access-group acl_filter


    Example:
    switch(config-erspan-src)# filter access-group erspan_acl_filter
     

    Configures the ACL filter for packets in this ERSPAN session. The ACL filter can be a MAC or an IP access-list.

     
    Step 11ip ttl ttl-number


    Example:
    switch(config-erspan-src)# ip ttl 5
     
    (Optional)

    Configures the IP time-to-live (TTL) value of the packets in the ERSPAN traffic. Valid values are from 1 to 255. The default value is 255.

     
    Step 12ip dscp dscp_value


    Example:
    switch(config-erspan-src)# ip dscp 42
     
    (Optional)

    Configures the IP Differentiated Services Code Point (DSCP) value of the packets in the ERSPAN traffic. Valid values are from 0 to 63. The default value is 0.

     
    Step 13no shut


    Example:
    switch(config-erspan-src)# no shut
     

    Enables the ERSPAN source session. By default, the session is created in the shut state.

     
    Step 14exit


    Example:
    switch(config-erspan-src)# exit
    switch(config)# exit
     

    Updates the configuration and exits ERSPAN source session configuration mode.

     
    Step 15copy running-config startup-config


    Example:
    switch(config-erspan-src)# copy running-config startup-config
     
    (Optional)

    Copies the running configuration to the startup configuration.

     

    Configuring Truncated ERSPAN

    You can configure an MTU size for the ERSPAN traffic to reduce the amount of fabric or network bandwidth used in sending ERSPAN packets.

    Procedure
       Command or ActionPurpose
      Step 1 enable


      Example:
      switch> enable
       

      Enables privileged EXEC mode. Enter your password if prompted.

       
      Step 2configure terminal


      Example:
      switch# configure terminal
      switch(config)#
       

      Enters global configuration mode.

       
      Step 3monitor session erspan_session_number type {erspan-source | local}


      Example:
      switch(config)# monitor session 1 type
      erspan-source
      switch(config-erspan-src)#
       

      Defines an ERSPAN source session using the session ID and the session type, and places the command in ERSPAN monitor source session configuration mode.

      The span-session-number argument range is from 1 to 1024. The same session number cannot be used more than once.

      The session IDs for source sessions are in the same global ID space, so each session ID is globally unique for both session types.

      The session ID (configured by the span-session number argument) and the session type (configured by the erspan-source keyword) cannot be changed once entered. To change session ID or session type, use the no version of the command to remove the session and then re-create the session through the command with a new session ID or a new session type.

       
      Step 4mtu mtu-value


      Example:
      switch(config-erspan-src)# mtu 64
       

      Defines the maximum transmission unit (MTU) truncation size for ERSPAN packets. Valid values are from 64 to 1518.

      The default is no truncation enabled.

       
      Step 5exit


      Example:
      switch(config-mon-erspan-src)# exit
       

      Updates the configuration and exits ERSPAN source session configuration mode.

       
      Step 6copy running-config startup-config


      Example:
      switch(config)# copy running-config startup-config
      
       
      (Optional)

      Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

       

      Configuring an ERSPAN Destination Session

      You can configure an ERSPAN destination session to copy packets from a source IP address to destination ports on the local device. By default, ERSPAN destination sessions are created in the shut state.

      Before You Begin

      Ensure that you have already configured the destination ports in monitor mode.

      Procedure
         Command or ActionPurpose
        Step 1config t


        Example:
        switch# config t
        switch(config)#
         

        Enters global configuration mode.

         
        Step 2 interface ethernet slot/port[-port]


        Example:
        switch(config)# interface ethernet 2/5
        switch(config-if)#
         

        Enters interface configuration mode on the selected slot and port or range of ports.

         
        Step 3switchport monitor


        Example:
        switch(config-if)# switchport monitor
         

        Configures the switch interface in monitor mode.

        To configure an interface to be an ERSPAN or SPAN destination (using the destination interface ethernet interface command), it must first be configured in monitor mode.

         
        Step 4no monitor session {session-number | all}


        Example:
        switch(config-if)# no monitor session 3
         

        Clears the configuration of the specified ERSPAN session. The new session configuration is added to the existing session configuration.

         
        Step 5monitor session {session-number | all} type erspan-destination


        Example:
        switch(config-if)# monitor session 3 type erspan-destination
        switch(config-erspan-dst)#
         

        Configures an ERSPAN destination session.

         
        Step 6description description


        Example:
        switch(config-erspan-dst)# description erspan_dst_session_3
         

        Configures a description for the session. By default, no description is defined. The description can be up to 32 alphanumeric characters.

         
        Step 7source ip ip-address


        Example:
        switch(config-erspan-dst)# source ip 10.1.1.1
         

        Configures the source IP address in the ERSPAN session. Only one source IP address is supported per ERSPAN destination session.

        This IP address must match the destination IP address configured in the corresponding ERSPAN source session.

         
        Step 8destination {[interface [type slot/port[-port], [type slot/port [port]]] [port-channel channel-number]]}


        Example:
        switch(config-erspan-dst)# destination interface ethernet 2/5
         
        Configures a destination for copied source packets. You can configure only interfaces as a destination.
        Note   

        You can configure destination ports as trunk ports.

         
        Step 9erspan-id erspan-id


        Example:
        switch(config-erspan-dst)# erspan-id 5
         

        Configures the ERSPAN ID for the ERSPAN session. The range is from 1 to 1023. This ID uniquely identifies a source and destination ERSPAN session pair. The ERSPAN ID configured in the corresponding destination ERSPAN session must be same as the one configured in the source session.

         
        Step 10vrf default


        Example:
        switch(config-erspan-dst)# vrf default
         

        Configures the VRF instance that the ERSPAN destination session uses for traffic forwarding.

        ERSPAN destination sessions support the default VRF only.

         
        Step 11no shut


        Example:
        switch(config)# no shut
         
        Enables the ERSPAN destination session. By default, the session is created in the shut state.
        Note   

        Only 16 active ERSPAN destination sessions can be running simultaneously.

         
        Step 12show monitor session {all | session-number | range session-range}


        Example:
        switch(config)# show monitor session 3
         
        (Optional)

        Displays the ERSPAN session configuration.

         
        Step 13show running-config monitor


        Example:
        switch(config-erspan-src)# show running-config monitor
         
        (Optional)

        Displays the running ERSPAN configuration.

         
        Step 14show startup-config monitor


        Example:
        switch(config-erspan-src)# show startup-config monitor
         
        (Optional)

        Displays the ERSPAN startup configuration.

         
        Step 15copy running-config startup-config


        Example:
        switch(config-erspan-src)# copy running-config startup-config
         
        (Optional)

        Copies the running configuration to the startup configuration.

         

        Configuring an ERSPAN SPAN-on-Drop Session

        Use the monitor session command to configure an ERSPAN SPAN-on-Drop session. Each session is identified by a unique session number.

        Note


        There can only be one active SPAN-on-Drop or SPAN-on-Drop ERSPAN session at any time.
        Procedure
           Command or ActionPurpose
          Step 1switch# configure terminal  

          Enters global configuration mode.

           
          Step 2switch(config) # monitor session session-number type erspan-span-on-drop  

          Enters SPAN-on-Drop monitor configuration mode for the specified SPAN-on-drop session.

           
          Step 3 switch(config-span-on-drop-erspan) # description description
           

          Creates descriptive name for the SPAN-on-Drop session.

           
          Step 4 switch(config-span-on-drop-erspan) # source interface ethernet slot/port rx
           

          Configures sources and the traffic direction in which to duplicate packets. You can enter a range of Ethernet ports. You can specify the traffic direction to duplicate as ingress (rx) only.

           
          Step 5 switch(config-span-on-drop-erspan) # destination ip ip-address
           

          Configures the destination IP address for the ERSPAN SPAN-on-Drop session.

           
          Step 6switch(config-span-on-drop-erspan) # erspan-id erspan-id
           

          Configures the ERSPAN ID for the ERSPAN SPAN-on-Drop session. The range is from 1 to 1023. This ID uniquely identifies a source and destination ERSPAN session pair. The ERSPAN ID configured in the corresponding destination ERSPAN session must be same as the one configured in the source session.

           
          Step 7switch(config-span-on-drop-erspan) # ip ttl ttl-value
           

          Configures the IP time-to-live (TTL) value of the ERSPAN traffic.

           
          Step 8switch(config-span-on-drop-erspan) # ip dscp dscp-value
           

          Configures the differentiated services code point (DSCP) value of the packets in the ERSPAN traffic.

           
          Step 9switch(config) # show monitor session session-number   (Optional)

          Displays the status of ERSPAN SPAN-on-Drop sessions.

           
          Step 10switch(config) # copy running-config startup-config   (Optional)

          Copies the running configuration to the startup configuration.

           

          Configuring an ERSPAN SPAN-on-Latency Session

          You can configure an MTU size for the ERSPAN traffic to reduce the amount of fabric or network bandwidth used in sending ERSPAN packets.

          Procedure
             Command or ActionPurpose
            Step 1 enable


            Example:
            switch> enable
             

            Enables privileged EXEC mode. Enter your password if prompted.

             
            Step 2configure terminal


            Example:
            switch# configure terminal
            switch(config)#
             

            Enters global configuration mode.

             
            Step 3interface ethernet slot/port


            Example:
            switch(config)# interface ethernet 1/1
             

            Enters interface configuration mode.

             
            Step 4packet latency threshold threshold


            Example:
            switch(config-if)# packet latency threshold 53000000
             

            Configures the latency threshold value on an interface. Valid values are from 8 to 536870904 nano seconds.

             
            Step 5monitor session session_number type span-on-latency-erspan


            Example:
            switch(config)# monitor session 1 type span-on-latency-erspan
            switch(config-span-on-latency-erspan)#
             

            Defines an ERSPAN source session using the session ID and the session type, and places the command in ERSPAN monitor source session configuration mode.

            The session_number argument range is from 1 to 1024. The same session number cannot be used more than once.

            The session ID (configured by the span_session number argument) and the session type (configured by the span-on-latency-erspan keyword) cannot be changed once entered. To change session ID or session type, use the no version of the command to remove the session and then re-create the session through the command with a new session ID or a new session type.

             
            Step 6description description


            Example:
            switch(config-span-on-latency-erspan)# description SPAN-on-Latency-ERSPAN-session
             

            Adds a description to the session configuration.

             
            Step 7source interface ethernet slot/port


            Example:
            switch(config-span-on-latency-erspan)# source interface ethernet 1/3
             

            Specifies the Ethernet interface to use as the source SPAN port.

            Note   

            You can configure multiple SPAN source ports.

             
            Step 8destination ip ip-address


            Example:
            switch(config-span-on-latency-erspan)# destination ip 10.0.3.1
             

            Configures the session destination IP address.

             
            Step 9erspan-id flow-id


            Example:
            switch(config-span-on-latency-erspan)# erspan-id 30
             

            Configures the flow ID for the session.

            The range is from 1 to 1023.

             
            Step 10ip ttl flow-id


            Example:
            switch(config-span-on-latency-erspan)# erspan-id 30
             
            (Optional)

            (Optional) Configures the IP time-to-live (TTL) value of the ERSPAN traffic

            The range is from 1 to 255.

             
            Step 11ip dscp flow-id


            Example:
            switch(config-span-on-latency-erspan)# ip dscp 63
             
            (Optional)

            (Optional)Configures the differentiated services code point (DSCP) value of the packets in the ERSPAN traffic.

            The range is from 0 to 63.

             
            Step 12mtu mtu-value


            Example:
            switch(config-span-on-latency-erspan)# mtu 1500
             
            (Optional)

            (Optional) Defines the maximum transmission unit (MTU) truncation size for ERSPAN packets. Valid values are from 64 to 1518.

            The default is no truncation enabled.

             
            Step 13exit


            Example:
            switch(config-span-on-latency-erspan)# exit
             

            Updates the configuration and exits ERSPAN SPAN-on-Latency session configuration mode.

             
            Step 14copy running-config startup-config


            Example:
            switch(config)# copy running-config startup-config
            
             
            (Optional)

            Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

             

            Shutting Down or Activating an ERSPAN Session

            You can shut down ERSPAN sessions to discontinue the copying of packets from sources to destinations. Because only a specific number of ERSPAN sessions can be running simultaneously, you can shut down a session to free hardware resources to enable another session. By default, ERSPAN sessions are created in the shut state.

            You can enable ERSPAN sessions to activate the copying of packets from sources to destinations. To enable an ERSPAN session that is already enabled but operationally down, you must first shut it down and then enable it. You can shut down and enable the ERSPAN session states with either a global or monitor configuration mode command.

            Procedure
               Command or ActionPurpose
              Step 1configuration terminal


              Example:
              switch# configuration terminal
              switch(config)#
               

              Enters global configuration mode.

               
              Step 2 monitor session {session-range | all} shut


              Example:
              switch(config)# monitor session 3 shut
               

              Shuts down the specified ERSPAN sessions. The session range is from 1 to 48. By default, sessions are created in the shut state. Only two sessions can be running at a time.

               
              Step 3no monitor session {session-range | all} shut


              Example:
              switch(config)# no monitor session 3 shut
               
              Resumes (enables) the specified ERSPAN sessions. The session range is from 1 to 48. By default, sessions are created in the shut state. Only two sessions can be running at a time.
              Note   

              If a monitor session is enabled but its operational status is down, then to enable the session, you must first specify the monitor session shut command followed by the no monitor session shut command.

               
              Step 4monitor session session-number type erspan-source


              Example:
              switch(config)# monitor session 3 type erspan-source
              switch(config-erspan-src)#
               

              Enters the monitor configuration mode for the ERSPAN source type. The new session configuration is added to the existing session configuration.

               
              Step 5monitor session session-number type erspan-destination


              Example:
              switch(config-erspan-src)# monitor session 3 type erspan-destination
               

              Enters the monitor configuration mode for the ERSPAN destination type.

               
              Step 6shut


              Example:
              switch(config-erspan-src)# shut
               

              Shuts down the ERSPAN session. By default, the session is created in the shut state.

               
              Step 7no shut


              Example:
              switch(config-erspan-src)# no shut
               

              Enables the ERSPAN session. By default, the session is created in the shut state.

               
              Step 8show monitor session all


              Example:
              switch(config-erspan-src)# show monitor session all
               
              (Optional)

              Displays the status of ERSPAN sessions.

               
              Step 9show running-config monitor


              Example:
              switch(config-erspan-src)# show running-config monitor
               
              (Optional)

              Displays the running ERSPAN configuration.

               
              Step 10show startup-config monitor


              Example:
              switch(config-erspan-src)# show startup-config monitor
               
              (Optional)

              Displays the ERSPAN startup configuration.

               
              Step 11copy running-config startup-config


              Example:
              switch(config-erspan-src)# copy running-config startup-config
               
              (Optional)

              Copies the running configuration to the startup configuration.

               

              Verifying the ERSPAN Configuration

              Use the following command to verify the ERSPAN configuration information:

              Command

              Purpose

              show monitor session {all | session-number | range session-range}

              Displays the ERSPAN session configuration.

              show running-config monitor

              Displays the running ERSPAN configuration.

              show startup-config monitor

              Displays the ERSPAN startup configuration.

              Configuration Examples for ERSPAN

              Configuration Example for an ERSPAN Source Session

              The following example shows how to configure an ERSPAN source session:

              switch# configure terminal
              Enter configuration commands, one per line. End with CNTL/Z.
              switch(config)# monitor session 1 type erspan-source
              switch(config-erspan-src)# description source1
              switch(config-erspan-src)# source interface ethernet 1/1
              switch(config-erspan-src)# source vlan 1
              switch(config-erspan-src)# source vsan 1
              switch(config-erspan-src)# destination ip 192.0.2.2
              switch(config-erspan-src)# erspan-id 1
              switch(config-erspan-src)# vrf default
              switch(config-erspan-src)# ip ttl 5
              switch(config-erspan-src)# ip dscp 5
              switch(config-erspan-src)# no shut
              switch(config-erspan-src)# exit
              switch(config)# copy running-config startup config
              switch# configure terminal
              Enter configuration commands, one per line. End with CNTL/Z.
              switch(config)# monitor session 1 type erspan-source
              switch(config-erspan-src)# description source1
              switch(config-erspan-src)# source interface ethernet 1/1
              switch(config-erspan-src)# source vlan 1
              switch(config-erspan-src)# source vsan 1
              switch(config-erspan-src)# destination ip 192.0.2.2
              switch(config-erspan-src)# erspan-id 1
              switch(config-erspan-src)# vrf default
              switch(config-erspan-src)# ip ttl 5
              switch(config-erspan-src)# ip dscp 5
              switch(config-erspan-src)# no shut
              switch(config-erspan-src)# exit
              switch(config)# copy running-config startup config

              Configuration Example for an IP Address as the Source for an ERSPAN Session

              This example shows how to configure an IP address as the source for an ERSPAN session:

              switch# configure terminal
              switch(config)# monitor erspan origin ip-address 192.0.2.1
              switch(config)#  exit
              switch(config)# copy running-config startup config
              

              Configuration Example for Truncated ERSPAN

              This example shows how to configure truncated ERSPAN:

              switch# configure terminal
              switch(config)# monitor session 1 type erspan-source
              switch(config-erspan-src)# mtu 64
              switch(config-mon-erspan-src)# exit
              switch(config)# copy running-config startup config

              Configuration Example for an ERSPAN Destination Session

              The following example shows how to configure an ERSPAN destination session:

              switch# config t
              switch(config)# interface e14/29
              switch(config-if)# no shut
              switch(config-if)# switchport
              switch(config-if)# switchport monitor
              switch(config-if)# exit
              switch(config)# monitor session 2 type erspan-destination
              switch(config-erspan-dst)# source ip 9.1.1.2
              switch(config-erspan-dst)# destination interface e14/29
              switch(config-erspan-dst)# erspan-id 1
              switch(config-erspan-dst)# vrf default
              switch(config-erspan-dst)# no shut
              switch(config-erspan-dst)# exit
              switch(config)# show monitor session 2
              switch# config t
              switch(config)# interface e14/29
              switch(config-if)# no shut
              switch(config-if)# switchport
              switch(config-if)# switchport monitor
              switch(config-if)# exit
              switch(config)# monitor session 2 type erspan-destination
              switch(config-erspan-dst)# source ip 9.1.1.2
              switch(config-erspan-dst)# destination interface e14/29
              switch(config-erspan-dst)# erspan-id 1
              switch(config-erspan-dst)# no shut
              switch(config-erspan-dst)# exit
              switch(config)# show monitor session 2

              Configuration Example for an ERSPAN ACL

              This example shows how to configure an ERSPAN ACL:

              switch# configure terminal
              switch(config)# ip access-list match_11_pkts
              switch(config-acl)# permit ip 11.0.0.0 0.255.255.255 any
              switch(config-acl)# exit
              switch(config)# monitor session 1 type erspan-source
              switch(config-erspan-src)# filter access-group match_11_pkts

              Configuration Example for an ERSPAN SPAN-on-Drop Session

              This example shows how to configure an ERSPAN SPAN-on-Drop session:

              switch# configure terminal
              switch(config) # monitor session 47 type span-on-drop-erspan
              switch(config-span-on-drop-erspan) # description span-on-drop-erspan-session_47
              switch(config-span-on-drop-erspan) # source interface ethernet 1/3
              switch(config-span-on-drop-erspan) # destination ip 10.1.1.1
              switch(config-span-on-drop-erspan) # erspan-id 30
              switch(config-span-on-drop-erspan) # ip ttl 245
              switch(config-span-on-drop-erspan) # ip dscp 36
              switch(config) # copy running-config startup-config
              switch(config) #

              Configuration Example for ERSPAN SPAN-on-Latency Session

              This example shows how to configure an ERSPAN SPAN-on-Latency session:

              switch# configure terminal
              switch(config) # interface ethernet 1/1
              switch(config-if) # packet latency threshold 530000000
              switch(config) # monitor session 10 type span-on-latency-erspan
              switch(config-span-on-latency-erspan) # description span-on-latency-erspan-session_10
              switch(config-span-on-latency-erspan) # source interface ethernet 1/3
              switch(config-span-on-latency-erspan) # destination ip 192.0.3.1
              switch(config-span-on-latency-erspan) # erspan-id 30
              switch(config-span-on-latency-erspan) # ip ttl 245
              switch(config-span-on-latency-erspan) # ip dscp 36
              switch(config-span-on-latency-erspan) # mtu 1500
              switch(config-span-on-latency-erspan) # vrf default
              switch(config) # copy running-config startup-config
              switch(config) #

              Additional References

              Related Documents

              Related Topic

              Document Title

              ERSPAN commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples

              Cisco Nexus NX-OS System Management Command Reference for your platform.