Cisco Nexus 7000 Series NX-OS System Management Command Reference
M Commands
Downloads: This chapterpdf (PDF - 300.0KB) The complete bookPDF (PDF - 12.71MB) | Feedback

M Commands

Table Of Contents

M Commands

match datalink

match ip

match ipv4

match (NetFlow)

match transport

mode

mode extended

monitor counter

monitor erspan origin ip-address

monitor erspan granularity

monitor session

mtu

multicast best-effort


M Commands


This chapter describes the Cisco NX-OS system management commands that begin with the letter M.

match datalink

To configure the match data link (or Layer 2) attributes option in a flow record, use the match datalink command. To remove the data link configuration, use the no form of this command.

match datalink {mac source-address | mac destination-address | ethertype | vlan}

no match datalink {mac source-address | mac destination-address | ethertype | vlan}

Syntax Description

mac

Specifies the MAC address.

source-address

Specifies the source MAC address.

destination-address

Specifies the destination MAC address.

ethertype

Specifies the EtherType.

vlan

Specifies the VLAN ID.


Defaults

None

Command Modes

NetFlow record configuration (config-flow-record)

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.1

This command was introduced.


Usage Guidelines

This command does not require a license.

Examples

This example shows how to configure the match data link attributes option in a flow record:

switch(config)# flow record NetFlow1
switch(config-flow-record)# match datalink mac source-address
switch(config-flow-record)#
 
   

This example shows how to remove the data link match option from a flow record:

switch(config-flow-record)# no match datalink mac source-address
switch(config-flow-record)#

Related Commands

Command
Description

match ip

Configures the match IP option for defining a NetFlow record map.

match ipv4

Configures the match IPv4 option for defining a NetFlow record map.


match ip

To configure the match IP option for defining a NetFlow record map, use the match ip command. To remove this option, use the no form of this command.

match ip {protocol | tos}

no match ip {protocol | tos}

Syntax Description

protocol

Specifies the protocol.

tos

Specifies the type of service (ToS).


Defaults

None

Command Modes

NetFlow record configuration (config-flow-record)

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

This command does not require a license.

Examples

This example shows how to configure the match IP option for defining a NetFlow record map:

switch(config)# flow record Custom-NetFlow-Record-1
switch(config-flow-record)# match ip protocol
switch(config-flow-record)# match ip tos
switch(config-flow-record)#
 
   

This example shows how to remove the match option:

switch(config-flow-record)# no match ip protocol
switch(config-flow-record)# no match ip tos
switch(config-flow-record)#

Related Commands

Command
Description

show flow record

Displays information about NetFlow records.


match ipv4

To configure the match IPv4 option for defining a NetFlow record map, use the match ipv4 command. To remove this option, use the no form of this command.

match ipv4 {source | destination} address

no match ipv4 {source | destination} address

Syntax Description

source

Specifies the source address.

destination

Specifies the destination address.

address

Specifies the address.


Defaults

None

Command Modes

NetFlow record configuration (config-flow-record)

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

This command does not require a license.

Examples

This example shows how to configure the match IPv4 option for defining a NetFlow record map:

switch(config)# flow record Custom-NetFlow-Record-1
switch(config-flow-record)# match ipv4 source address
switch(config-flow-record)# match ipv4 destination address
switch(config-flow-record)#
 
   
 
   

This example shows how to remove the match IPv4 configuration:

switch(config-flow-record)# no match ipv4 source address
switch(config-flow-record)# no match ipv4 destination address
switch(config-flow-record)#

Related Commands

Command
Description

show flow record

Displays information about NetFlow records.


match (NetFlow)

To specify match criteria for Flexible NetFlow flow records, use the match command. To remove match criteria for flow records, use the no form of this command.

match {flow direction | interface {input | output} | ip {protocol | tos} | ipv4 {destination address | source address} | transport {destination-port | source-port}}

match {flow direction | interface {input | output} | ip {protocol | tos} | ipv4 {destination address | source address} | transport {destination-port | source-port}}

Syntax Description

flow direction

Specifies the direction of the flow to be matched.

interface input

Specifies that the match criterion is based on the input interface.

interface output

Specifies that the match criterion is based on the output interface.

ip protocol

Specifies that the match criterion is based on protocol.

ip tos

Specifies that the match criterion is based on type of service (ToS).

ipv4 destination address

Specifies that the match criterion is based on the destination IPv4 address.

ipv4 source address

Specifies that the match criterion is based on the source IPv4 address.

transport destination-port

Specifies that the match criterion for transport layer fields is based on the destination port.

transport source-port

Specifies that the match criterion for transport layer fields is based on the destination port.


Defaults

No matching criteria are specified by default.

Command Modes

Flow record configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

A Flexible NetFlow flow record must be enabled before you can use the match command.

This command does not require a license.

Examples

This example shows how to specify the direction of the flow to be matched:

switch(config)# flow record FLOW-RECORD-1
switch(config-flow-record)# match flow direction
 
   

This example shows how to specify the match criterion is based on the input interface:

switch(config)# flow record FLOW-RECORD-1
switch(config-flow-record)# match interface input
 
   

This example shows how to specify that the match criterion is based on the output interface:

switch(config)# flow record FLOW-RECORD-1
switch(config-flow-record)# match interface output
 
   

This example shows how to specify that the match criterion is based on protocol:

switch(config)# flow record FLOW-RECORD-1
switch(config-flow-record)# match ip protocol
 
   

This example shows how to specify that the match criterion is based on type of service (ToS):

switch(config)# flow record FLOW-RECORD-1
switch(config-flow-record)# match ip tos
 
   

This example shows how to specify that the match criterion is based on the destination IPv4 address:

switch(config)# flow record FLOW-RECORD-1
switch(config-flow-record)# match ipv4 destination address
 
   

This example shows how to specify that the match criterion is based on the source IPv4 address:

switch(config)# flow record FLOW-RECORD-1
switch(config-flow-record)# match ipv4 source address
 
   

This example shows how to specify that the match criterion for transport layer fields is based on the destination port:

switch(config)# flow record FLOW-RECORD-1
switch(config-flow-record)# match ipv4 transport destination-port
 
   

This example shows how to specify that the match criterion for transport layer fields is based on the source port:

switch(config)# flow record FLOW-RECORD-1
switch(config-flow-record)# match ipv4 transport source-port

Related Commands

Command
Description

flow record

Creates a flow record.


match transport

To configure the match transport option for defining a NetFlow record map, use the match transport command. To remove the match transport option, use the no form of this command.

match transport {destination-port | source-port}

no match transport {destination-port | source-port}

Syntax Description

destination-port

Specifies the transport destination port.

source-port

Specifies the transport source port.


Defaults

None

Command Modes

NetFlow record configuration (config-flow-record)

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

This command does not require a license.

Examples

This example shows how to configure the match transport option for defining a NetFlow record map:

switch(config)# flow record Custom-NetFlow-Record-1
switch(config-flow-record)# match transport source-port
 
   

This example shows how to remove the configuration:

switch(config-flow-record)# no match transport source-port
switch(config-flow-record)

Related Commands

Command
Description

show flow record

Displays information about NetFlow records.


mode

To specify the mode in a NetFlow sampler, use the mode command. To remove the mode, use the no form of this command.

mode samples

no mode [samples]

Syntax Description

samples

Number of samples per sampling. The range is from 1 to 64.


Defaults

None

Command Modes

NetFlow sampler configuration (config-flow-sampler)

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

This command does not require a license.


Note For F2 Series modules, and additional sampling of 1:100 is applied over the configured valued. For example, if the configured sampling is 1 in 800, the actual applied samplings is 1 in 80000. With this always-enabled additional 1:100 sampling, the packets range for all F2 Series module ports is from 1 to 819100.


Examples

This example shows how to specify the mode in a NetFlow sampler:

switch(config)# sampler Custom-NetFlow-Sampler-1
switch(config-flow-sampler)# mode 1 out-of 1000
switch(config-flow-sampler)#
 
   

This example shows how to remove the mode configuration:

switch(config-flow-sampler)# no mode
 
   
 
   
 
   

Related Commands

Command
Description

show sampler

Displays information about NetFlow samplers.


mode extended

To configure the Ethernet Switched Port Analyzer (SPAN) session as an extended bidirectional session, use the mode extended command. To remove the SPAN session as an extended bidirectional session, use the no form of this command.

mode extended

no mode extended

Syntax Description

This command has no arguments or keywords.

Defaults

None

Command Modes

Monitor configuration mode (config-monitor)

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

6.2(2)

This command was introduced.


Usage Guidelines

You cannot use this command for a unidirectional SPAN session.

Extended SPAN sessions cannot source incoming traffic on M1 Series modules in either the ingress or egress direction. Extended SPAN sessions support traffic only from the F Series and M2 Series modules.

Hardware session 15 is used by NetFlow on F2 and F2e Series modules. Any extended session using this hardware ID will not span incoming traffic on the F2 and the F2e ports.

This command does not require a license.

Examples

This example shows how to configure the SPAN session as an extended bidirectional session:

switch(config)# monitor session 3 tx
switch(config-monitor)# mode extended
 
   
 
   

Related Commands

Command
Description

monitor session

Places you in the monitor configuration mode for configuring a SPAN session.


monitor counter

To configure a Simple Network Management Protocol (SNMP) monitor counter, use the monitor counter command. To remove a monitor counter configuration, use the no form of this command.

monitor counter {invalid-crc | invalid-words | link-loss | protocol-error | rx-performance | signal-loss | state-change | sync-loss | tx-performance}

no monitor counter {invalid-crc | invalid-words | link-loss | protocol-error | rx-performance | signal-loss | state-change | sync-loss | tx-performance}

Syntax Description

invalid-crc

Configures the invalid-crc counter.

invalid-words

Configures the invalid-words counter.

link-loss

Configures the link-loss counter.

protocol-error

Configures the protocol-error counter.

rx-performance

Configure the ingress (rx) performance counter.

signal-loss

Configures the signal-loss counter.

state-change

Configures the state-change counter.

sync-loss

Configures the sync-loss counter.

tx-performance

Configures the egress (tx) performance counter.


Defaults

None

Command Modes

Port-monitor configuration (config-port-monitor)

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.1(2)

This command was introduced.


Usage Guidelines

This command does not require a license.

Examples

This example shows how to configure an SNMP counter:

switch(config) port-monitor name PM1
switch(config-port-monitor)# monitor counter signal-loss
switch(config-port-monitor)#
 
   

This example shows how to remove a counter configuration:

switch(config)# no monitor counter signal-loss
switch(config-port-monitor)#

Related Commands

Command
Description

counter

Configures an individual counter.


monitor erspan origin ip-address

To configure the Encapsulated Remote Switched Port Analyzer (ERSPAN) origin IP address, use the monitor erspan origin ip-address command. To remove the ERSPAN origin IP address configuration, use the no form of this command.

monitor erspan origin ip-address ip-address global

no monitor erspan origin ip-address ip-address global

Syntax Description

ip-address

Global origin IP address.

global

(Optional) Specifies the default virtual device context (VDC) configuration across all VDCs.


Defaults

None

Command Modes

Global configuration mode (config)

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

5.1(1)

This command was introduced.


Usage Guidelines

The global origin IP address can be configured in either the default VDC or the admin VDC. The value that is configured in this VDC is valid across all VDCs.

When you change the origin IP address in the default VDC, it impacts all of the sessions.

This command does not require a license.

Examples

This example shows how to configure the ERSPAN origin IP address:

switch# configure terminal
switch(config)# monitor erspan origin ip-address 10.1.1.1 global
switch(config)# 
 
   

This example shows how to remove the ERSPAN IP address:

switch# configure terminal
switch(config)# no monitor erspan origin ip-address 10.1.1.1 global
switch(config)#

monitor erspan granularity

To configure the granularity for Encapsulated Remote Switched Port Analyzer (ERSPAN) Type III sessions, use the monitor erspan granularity command. To remove this feature, use the no form of this command.

monitor erspan granularity {100_ms | 100_ns | 1588 | ns}

no monitor erspan granularity {100_ms | 100_ns | 1588 | ns}

Syntax Description

100_ms

Specifies 100 microseconds.

100_ns

Specifies 100 nanoseconds.

1588

Specifies the IEEE 1588 time representation format in seconds or nanoseconds.

ns

Specifies nanoseconds.


Defaults

vdc

Command Modes

Global configuration mode (config)

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

6.1(1)

This command was introduced.


Usage Guidelines

The clock manager adjusts the ERSPAN timers based on the granularity setting. If you configure IEEE 1588, the clock manager synchronizes the ERSPAN timers across switches. Otherwise, the clock manager synchronizes the ERSPAN timer with the master timer in the switch.

588 granularity mode is not supported in Cisco NX-OS Release 6.1 and is rejected if selected.

M2 Series modules support 100 microseconds, 100 nanoseconds, and nanoseconds granularity. F2 Series and F2e Series modules support only 100 microseconds and 100 nanoseconds granularity.

This command can be applied only in the default VDC.

This command does not require a license.

Examples

This example shows how to configure the granularity for 100 microseconds:

switch# configure terminal
switch(config)# monitor erspan granularity 100_ms
switch(config)#

monitor session

To enter the monitor configuration mode for configuring Encapsulated Remote Switched Port Analyzer (ERSPAN) or an Ethernet Switched Port Analyzer (SPAN) session for analyzing traffic between ports, use the monitor session command. To disable an ERSPAN or an SPAN session(s), use the no form of this command.

monitor session {session_number | all} {rx | tx | type [erspan-source | erspan-destination | local] | shut}

no monitor session {session_number | all} [shut]

Syntax Description

session_number

Session number to use for monitoring a switched port. The range is from 1 to 48.

all

Specifies all sessions for monitoring a switched port.

rx

Specifies an ingress-extended SPAN session.

tx

Specifies an egress-extended SPAN session.

type

Specifies a session type. A session type can be local, erspan-source, or erspan-destination.

erspan-source

(Optional) Creates an ERSPAN source session.

erspan-destination

(Optional) Creates an ERSPAN destination session.

local

(Optional) Creates a local session.

shut

Specifies a shut state for the selected session.


Defaults

None

Command Modes

Global configuration mode (config)

Supported User Roles

Super user
VDC administrator
VDC user

Command History

Release
Modification

6.2(2)

Added the rx, tx, and shut keywords.

5.1(1)

The number of sessions has been increased to 48.

4.0(1)

This command was introduced.


Usage Guidelines

While configuring an ERSPAN source session, if rx, tx, or both keywords are not entered, the source is configured for both directions.

The new session configuration is added to the existing session configuration. By default, the session is created in the shut state, and the session is a local SPAN session.

For more information about the ERSPAN configuration, see the Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 6.x.

This command does not require a license.

Examples

This example shows how to enter the monitor configuration mode for configuring SPAN session number 9 for analyzing traffic between ports:

switch(config)# monitor session 9 type local
switch(config-monitor)# description A Local SPAN session
switch(config-monitor)# source interface ethernet 1/1
switch(config-monitor)# destination interface ethernet 1/2
switch(config-monitor)# no shut
 
   

This example shows how to configure any SPAN destination interfaces as Layer 2 SPAN monitor ports before activating the SPAN session:

switch(config)# interface ethernet 1/2
switch(config-if)# switchport
switch(config-if)# switchport monitor
switch(config-if)# no shutdown
 
   

This example shows how to configure a typical SPAN destination trunk interface:

switch(config)# interface Ethernet1/2
switch(config-if)# switchport
switch(config-if)# switchport mode trunk
switch(config-if)# switchport monitor
switch(config-if)# switchport trunk allowed vlan 10-12
switch(config-if)# no shutdown
 
   

This example shows how to terminate or extend RSPAN:

switch(config)# vlan 200
switch(config-vlan)# remote-span
switch(config-vlan)#
 
   

This example shows how to monitor RSPAN VLAN traffic using a local SPAN:

switch(config)# monitor session 1 type local
switch(config-monitor)# description RSPAN VLAN as source
switch(config-monitor)# source vlan 200
switch(config-monitor)# destination interface ethernet 1/2
switch(config-monitor)# no shut
switch(config-monitor)#
 
   

This example shows how to disable a SPAN session:

switch(config)# no monitor session 9 type local

This example show how to create an ERSPAN source:

switch# configure terminal
switch(config)# monitor session 1 type erspan-source
switch(config-monitor-erspan-src)# source int eth1/1
switch(config-monitor-erspan-src)# destination ip address 10.1.1.1
switch(config-monitor-erspan-src)# erspan-id 101
switch(config-monitor-erspan-src)# vrf erspan-vrf
switch(config-monitor-erspan-src)# filter vlan 100
switch(config-monitor-erspan-src)# no shut
 
   

This example show how to create an ERSPAN destination:

switch# configure terminal
switch(config)# monitor session 1 type erspan-destination
switch(config-monitor-erspan-dst)# destination interface eth1/5
switch(config-monitor-erspan-dst)# vrf foo
switch(config-monitor-erspan-dst)# erspan-id 12
switch(config-monitor-erspan-dst)# source ip 10.1.1.1
switch(config-monitor-erspan-dst)# no shut
 
   
This example show how to create an access control list (ACL) filter and associate it with the ERSPAN 
source, IP time-to-leave (TTL), and differentiated services code point (DSCP) value:
switch# configure terminal
switch(config)# monitor session 3 type erspan-source
switch(config-monitor)# description erspan_src_session_3
switch(config-monitor-erspan-src)# source interface port-channel 2
switch(config-monitor-erspan-src)# filter vlan 3-5, 7
switch(config-monitor-erspan-src)# filter access-group ACL1
switch(config-monitor-erspan-src)# destination ip-address 10.1.1.1
switch(config-monitor-erspan-src)# erspan-id 5
switch(config-erspan-src)# vrf default
switch(config-erspan-src)# ip ttl 25
switch(config-erspan-src)# ip dscp 42
switch(config-monitor-erspan-src)# exit

Related Commands

Command
Description

show monitor session

Displays the specified SPAN or ERSPAN session configuration.

description

Adds a comment or a description of up to 32 characters to a SPAN session.

destination

Adds a SPAN destination where source packets are copied.

source

Configures the source and the traffic direction in which to copy packets for a SPAN and ERSPAN session.


mtu

To configure the maximum transmission unit (MTU) truncation size for packets in the specified Ethernet Switched Port Analyzer (SPAN) session, use the mtu command. To remove the MTU truncation size configuration, use the no form of this command.

mtu mtu-size

no mtu

Syntax Description

mtu-size

MTU truncation size. The configurable range is from 176 to 1500 bytes. The local SPAN range is from 64 to 1500 bytes.


Defaults

Disabled

Command Modes

Monitor configuration (config-monitor)

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

6.1(1)

Starting with 6.1, MTU truncation also support ERSPAN session.

5.2(1)

This command was introduced.


Usage Guidelines

Make sure that you are in the correct virtual device context (VDC). To change the VDC, use the switchto vdc command.

MTU truncation and the SPAN rate limit cannot be enabled for the same SPAN session. If you configure both for one session, only the rate limit is allowed on F1 Series modules, and MTU truncation is disabled until you disable the rate limit configuration. This limitation does not apply to F2 and M2 Series modules or Supervisor 2.

MTU truncation and the ERSPAN source rate limit are supported only on F Series and M2 Series modules and Supervisor 2. They are not supported on M1 Series modules.


Note MTU truncation and ERSPAN sampling can be enabled at the same time and have no precedence over each other because they are applied to different aspects of the source packet (size versus packet count).


This command does not require a license.

Examples

This example shows how to configure the MTU truncation size for packets in the specified SPAN session:

switch# configure terminal
switch(config)# monitor session 5
switch(config-monitor)# mtu 128
switch(config-monitor)#

This example shows how to configure the MTU truncation size for packets in the specified ERSPAN session:

switch# configure terminal
switch(config)# monitor session 3 type erspan-source
switch(config-erspan-src)# mtu 100
 
   

This example shows how to remove the MTU truncation size configuration for packets in the specified SPAN session:

switch# configure terminal
switch(config)# monitor session 5
switch(config-monitor)# no mtu

Related Commands

Command
Description

monitor session

Places you in the monitor configuration mode for configuring a SPAN session.

show monitor session

Displays the status of the SPAN or ERSPAN session.


multicast best-effort

To configure the multicast best effort mode for the specified Encapsulated Remote Switched Port Analyzer (ERSPAN) or the Ethernet Switched Port Analyzer (SPAN) session, use the multicast best-effort command. To remove the multicast best effort mode for an ERSPAN or SPAN session, use the no form of this command.

multicast best-effort

no multicast best-effort

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command Modes

Monitor configuration (config-monitor)

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

5.2(1)

This command was introduced.


Usage Guidelines

By default, SPAN replication occurs on both the ingress and egress line card. When you enable the multicast best effort mode, SPAN replication occurs only on the ingress line card for multicast traffic or on the egress line card for packets egressing out of Layer 3 interfaces (that is, on the egress line card, packets egressing out of Layer 2 interfaces are not replicated for SPAN).

Make sure that you are in the correct virtual device context (VDC). To change the VDC, use the switchto vdc command.


Note Multicast best effort mode applies only to M1 Series modules


This command does not require a license.

Examples

This example shows how to configure the multicast best effort mode for the specifies ERSPAN or SPAN session:

switch# configure terminal
switch(config)# monitor session 3
switch(config-monitor)# multicast best-effort
switch(config-monitor)#
 
   

This example shows how to remove the multicast best effort mode for the specified ERSPAN or SPAN session:

switch# configure terminal
switch(config)# monitor session 3
switch(config-monitor)# no multicast best-effort
switch(config-monitor)#

Related Commands

Command
Description

monitor session

Places you in the monitor configuration mode for configuring a SPAN session.

show monitor session

Displays the status of the SPAN or ERSPAN session.