-
Cisco Nexus 5000
Series switches support only ERSPAN source sessions. Destination sessions are
not supported.
-
The Cisco Nexus
5000 Series switch supports a maximum of 2 sessions.
-
The Cisco Nexus
5500 Series switch supports a maximum of 4 sessions.
-
The maximum number
of ports for each ERSPAN session is 32.
-
You can have
source ports, source VLANs, and source VSANs in one ERSPAN session.
-
On Cisco Nexus
5000 Series switches, ERSPAN can monitor ingress, egress, or both ingress and
egress traffic on a source port and only ingress traffic on source VLANs or
source VSANs as long as the VLAN is not mapped to a VSAN.
-
On Cisco 5500
Series switches, source ports and source VLANs can be in the same ERSPAN
session.
-
ERSPAN traffic can
exit the switch through a Layer 2 interface, Layer 3 interface, port channel,
or FabricPath core port.
-
The Cisco Nexus
5000 series switch cannot reach a destination IP address of a remote switch
through a virtual Ethernet port or FEX port. This functionality is not
supported.
-
ERSPAN traffic is
not load balanced if the reachability to a destination IP address is a Layer 3
ECMP or a port channel. In the case of ECMP, the ERSPAN traffic is sent to only
one next-hop router or one member of the port channel.
-
ERSPAN on the
Cisco Nexus 5000 Series switch supports Fast Ethernet, Gigabit Ethernet,
TenGigabit Ethernet, and port channel interfaces as source ports for a source
session.
-
When a session is
configured through the ERSPAN configuration commands, the session ID and the
session type cannot be changed. In order to change them, you must first use the
no version of the configuration command to remove the session and then
reconfigure the session.
-
ERSPAN traffic
might compete with regular data traffic.
-
ERSPAN traffic is
assigned to the QoS class-default system class (qos-group 0).
-
To ensure that
data traffic is prioritized over ERSPAN traffic, you can create a QoS system
class with prioritization above the class-default system class on the ERSPAN
destination port.
On Layer 3
networks, ERSPAN traffic can be marked with a the desired Differentiated
Services Code Point (DSCP) value using the ip dscp command. By default, ERSPAN
traffic is marked with a DSCP value of 0.
-
Consider a scenario in which an ERSPAN session and a local SPAN session is configured on a switch. Egress ports on both sessions are different. However, the ingress port on the local SPAN session is also receiving GRE-encapsulated traffic from the ERSPAN session. In such a scenario, the local SPAN session captures only the non-GRE-encapsulated traffic from the port that is defined as the source.
-
ERSPAN can monitor
ingress traffic on a source VSAN only on Cisco Nexus 5010 and 5020 switches.
-
ERSPAN cannot
monitor egress traffic on source VLANs and VSANs on any Cisco Nexus 5000 Series
switch.
-
ERSPAN can monitor
ingress, egress, or both ingress and egress traffic on a source port.
-
VSANs as ERSPAN
sources are not allowed on Cisco Nexus 5548 and 5596 switches.
-
ERSPAN source sessions are supported on F3 Series modules. Beginning with Cisco NX-OS Release 7.0, ERPSPAN destination sessions are also supported on these modules. However, ERSPAN ACL sessions are not supported on F3 Series modules.
-
The SPAN session ignores any permit or deny actions specified in the access-list, and spans only the packets that match the access-list filter criteria.