The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco NX-OS system management commands that begin with the letter M.
To configure the match data link (or Layer 2) attributes option in a flow record, use the match datalink command. To remove the data link configuration, use the no form of this command.
match datalink { mac source-address | mac destination-address | ethertype | vlan }
no match datalink { mac source-address | mac destination-address | ethertype | vlan }
NetFlow record configuration (config-flow-record)
|
|
This example shows how to configure the match data link attributes option in a flow record:
This example shows how to remove the data link match option from a flow record:
|
|
---|---|
Configures the match IP option for defining a NetFlow record map. |
|
Configures the match IPv4 option for defining a NetFlow record map. |
To configure the match IP option for defining a NetFlow record map, use the match ip command. To remove this option, use the no form of this command.
no match ip { protocol | tos }
NetFlow record configuration (config-flow-record)
|
|
This example shows how to configure the match IP option for defining a NetFlow record map:
This example shows how to remove the match option:
|
|
---|---|
To configure the match IPv4 option for defining a NetFlow record map, use the match ipv4 command. To remove this option, use the no form of this command.
match ipv4 { source | destination } address
no match ipv4 { source | destination } address
NetFlow record configuration (config-flow-record)
|
|
This example shows how to configure the match IPv4 option for defining a NetFlow record map:
This example shows how to remove the match IPv4 configuration:
|
|
---|---|
To specify match criteria for Flexible NetFlow flow records, use the match command. To remove match criteria for flow records, use the no form of this command.
match { flow direction | interface { input | output } | ip { protocol | tos } | ipv4 { destination address | source address } | transport { destination-port | source-port }}
match { flow direction | interface { input | output } | ip { protocol | tos } | ipv4 { destination address | source address } | transport { destination-port | source-port }}
|
|
---|---|
A Flexible NetFlow flow record must be enabled before you can use the match command.
To export Layer 4 data, you must configure both the match transport and the match ip protocol commands. The data is collected and displayed in the output of the show hardware flow ip command but is not collected and exported until you configure both commands.
This example shows how to specify the direction of the flow to be matched:
This example shows how to specify the match criterion is based on the input interface:
This example shows how to specify that the match criterion is based on the output interface:
This example shows how to specify that the match criterion is based on protocol:
This example shows how to specify that the match criterion is based on type of service (ToS):
This example shows how to specify that the match criterion is based on the destination IPv4 address:
This example shows how to specify that the match criterion is based on the source IPv4 address:
This example shows how to specify that the match criterion for transport layer fields is based on the destination port:
This example shows how to specify that the match criterion for transport layer fields is based on the source port:
|
|
---|---|
To configure the match transport option for defining a NetFlow record map, use the match transport command. To remove the match transport option, use the no form of this command.
match transport { destination-port | source-port }
no match transport { destination-port | source-port }
NetFlow record configuration (config-flow-record)
|
|
This example shows how to configure the match transport option for defining a NetFlow record map:
switch(config-flow-record)#
match transport source-port
This example shows how to remove the configuration:
|
|
---|---|
To specify the mode in a NetFlow sampler, use the mode command. To remove the mode, use the no form of this command.
NetFlow sampler configuration (config-flow-sampler)
|
|
This command does not require a license.
Note For F2 Series modules, and additional sampling of 1:100 is applied over the configured valued. For example, if the configured sampling is 1 in 800, the actual applied samplings is 1 in 80000. With this always-enabled additional 1:100 sampling, the packets range for all F2 Series module ports is from 1 to 819100.
This example shows how to specify the mode in a NetFlow sampler:
switch(config)#
sampler Custom-NetFlow-Sampler-1
This example shows how to remove the mode configuration:
|
|
---|---|
To configure the Ethernet Switched Port Analyzer (SPAN) session as an extended bidirectional session, use the mode extended command. To remove the SPAN session as an extended bidirectional session, use the no form of this command.
Monitor configuration mode (config-monitor)
|
|
You cannot use this command for a unidirectional SPAN session.
Extended SPAN sessions cannot source incoming traffic on M1 Series modules in either the ingress or egress direction. Extended SPAN sessions support traffic only from the F Series and M2 Series modules.
Hardware session 15 is used by NetFlow on F2 and F2e Series modules. Any extended session using this hardware ID will not span incoming traffic on the F2 and the F2e ports.
This example shows how to configure the SPAN session as an extended bidirectional session:
switch(config)# monitor session 3 tx
|
|
---|---|
Places you in the monitor configuration mode for configuring a SPAN session. |
To configure a Simple Network Management Protocol (SNMP) monitor counter, use the monitor counter command. To remove a monitor counter configuration, use the no form of this command.
monitor counter { invalid-crc | invalid-words | link-loss | protocol-error | rx-performance | signal-loss | state-change | sync-loss | tx-performance }
no monitor counter { invalid-crc | invalid-words | link-loss | protocol-error | rx-performance | signal-loss | state-change | sync-loss | tx-performance }
Port-monitor configuration (config-port-monitor)
|
|
This example shows how to configure an SNMP counter:
This example shows how to remove a counter configuration:
switch(
config)#
no
monitor counter signal-loss
|
|
---|---|
To configure the Encapsulated Remote Switched Port Analyzer (ERSPAN) origin IP address, use the monitor erspan origin ip-address command. To remove the ERSPAN origin IP address configuration, use the no form of this command.
monitor erspan origin ip-address ip-address global
no monitor erspan origin ip-address ip-address global
(Optional) Specifies the default virtual device context (VDC) configuration across all VDCs. |
Global configuration mode (config)
|
|
The global origin IP address can be configured in either the default VDC or the admin VDC. The value that is configured in this VDC is valid across all VDCs.
When you change the origin IP address in the default VDC, it impacts all of the sessions.
This example shows how to configure the ERSPAN origin IP address:
This example shows how to remove the ERSPAN IP address:
To configure the granularity for Encapsulated Remote Switched Port Analyzer (ERSPAN) Type III sessions, use the monitor erspan granularity command. To remove this feature, use the no form of this command.
monitor erspan granularity {100_ms | 100_ns | 1588 | ns}
no monitor erspan granularity {100_ms | 100_ns | 1588 | ns}
Specifies the IEEE 1588 time representation format in seconds or nanoseconds. |
|
Global configuration mode (config)
|
|
The clock manager adjusts the ERSPAN timers based on the granularity setting. If you configure IEEE 1588, the clock manager synchronizes the ERSPAN timers across switches. Otherwise, the clock manager synchronizes the ERSPAN timer with the master timer in the switch.
588 granularity mode is not supported in Cisco NX-OS Release 6.1 and is rejected if selected.
M2 Series modules support 100 microseconds, 100 nanoseconds, and nanoseconds granularity. F2 Series and F2e Series modules support only 100 microseconds and 100 nanoseconds granularity.
This example shows how to configure the granularity for 100 microseconds:
To enter the monitor configuration mode for configuring Encapsulated Remote Switched Port Analyzer (ERSPAN) or an Ethernet Switched Port Analyzer (SPAN) session for analyzing traffic between ports, use the monitor session command. To disable an ERSPAN or an SPAN session(s), use the no form of this command.
monitor session { session_number | all} {rx | tx | type [erspan-source | erspan-destination | local] | shut}
no monitor session { session_number | all} [shut]
Session number to use for monitoring a switched port. The range is from 1 to 48. |
|
Specifies a session type. A session type can be local, erspan-source, or erspan-destination. |
|
Global configuration mode (config)
Super user
VDC administrator
VDC user
|
|
While configuring an ERSPAN source session, if rx, tx, or both keywords are not entered, the source is configured for both directions.
The new session configuration is added to the existing session configuration. By default, the session is created in the shut state, and the session is a local SPAN session.
For more information about the ERSPAN configuration, see the Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 6.x.
This example shows how to enter the monitor configuration mode for configuring SPAN session number 9 for analyzing traffic between ports:
This example shows how to configure any SPAN destination interfaces as Layer 2 SPAN monitor ports before activating the SPAN session:
This example shows how to configure a typical SPAN destination trunk interface:
This example shows how to terminate or extend RSPAN:
This example shows how to monitor RSPAN VLAN traffic using a local SPAN:
This example shows how to disable a SPAN session:
switch(config)# no monitor session 9 type local
This example show how to create an ERSPAN source:
This example show how to create an ERSPAN destination:
To configure the maximum transmission unit (MTU) truncation size for packets in the specified Ethernet Switched Port Analyzer (SPAN) session, use the mtu command. To remove the MTU truncation size configuration, use the no form of this command.
MTU truncation size. The configurable range is from 176 to 1500 bytes. The local SPAN range is from 64 to 1500 bytes. |
Monitor configuration (config-monitor)
|
|
Starting with 6.1, MTU truncation also support ERSPAN session. |
|
Make sure that you are in the correct virtual device context (VDC). To change the VDC, use the switchto vdc command.
MTU truncation and the SPAN rate limit cannot be enabled for the same SPAN session. If you configure both for one session, only the rate limit is allowed on F1 Series modules, and MTU truncation is disabled until you disable the rate limit configuration. This limitation does not apply to F2 and M2 Series modules or Supervisor 2.
MTU truncation and the ERSPAN source rate limit are supported only on F Series and M2 Series modules and Supervisor 2. They are not supported on M1 Series modules.
Note MTU truncation and ERSPAN sampling can be enabled at the same time and have no precedence over each other because they are applied to different aspects of the source packet (size versus packet count).
This example shows how to configure the MTU truncation size for packets in the specified SPAN session:
This example shows how to configure the MTU truncation size for packets in the specified ERSPAN session:
This example shows how to remove the MTU truncation size configuration for packets in the specified SPAN session:
|
|
---|---|
Places you in the monitor configuration mode for configuring a SPAN session. |
|
To configure the multicast best effort mode for the specified Encapsulated Remote Switched Port Analyzer (ERSPAN) or the Ethernet Switched Port Analyzer (SPAN) session, use the multicast best-effort command. To remove the multicast best effort mode for an ERSPAN or SPAN session, use the no form of this command.
Monitor configuration (config-monitor)
|
|
By default, SPAN replication occurs on both the ingress and egress line card. When you enable the multicast best effort mode, SPAN replication occurs only on the ingress line card for multicast traffic or on the egress line card for packets egressing out of Layer 3 interfaces (that is, on the egress line card, packets egressing out of Layer 2 interfaces are not replicated for SPAN).
Make sure that you are in the correct virtual device context (VDC). To change the VDC, use the switchto vdc command.
Note Multicast best effort mode applies only to M1 Series modules
This example shows how to configure the multicast best effort mode for the specifies ERSPAN or SPAN session:
This example shows how to remove the multicast best effort mode for the specified ERSPAN or SPAN session:
|
|
---|---|
Places you in the monitor configuration mode for configuring a SPAN session. |
|