Table Of Contents

M Commands

match datalink

match ip

match ipv4

match (NetFlow)

match transport

mode

monitor counter

monitor erspan origin ip-address

monitor session

mtu

multicast best-effort

M Commands

---

This chapter describes the Cisco NX-OS system management commands that begin with the letter M.

match datalink

To configure the match data link (or Layer 2) attributes option in a flow record, use the match datalink command. To remove the data link configuration, use the no form of this command.

match datalink {mac source-address | mac destination-address | ethertype | vlan}

no match datalink {mac source-address | mac destination-address | ethertype | vlan}

Syntax Description

mac	Specifies the MAC address.
source-address	Specifies the source MAC address.
destination-address	Specifies the destination MAC address.
ethertype	Specifies the EtherType.
vlan	Specifies the VLAN ID.

Defaults

None

Command Modes

NetFlow record configuration (config-flow-record)

Supported User Roles

network-admin
vdc-admin

Command History

Release	Modification
4.1	This command was introduced.

Usage Guidelines

This command does not require a license.

Examples

This example shows how to configure the match data link attributes option in a flow record:

switch(config)# flow record NetFlow1

switch(config-flow-record)# match datalink mac source-address

switch(config-flow-record)#

This example shows how to remove the data link match option from a flow record:

switch(config-flow-record)# no match datalink mac source-address

switch(config-flow-record)#

Related Commands

Command	Description
match ip	Configures the match IP option for defining a NetFlow record map.
match ipv4	Configures the match IPv4 option for defining a NetFlow record map.

match ip

To configure the match IP option for defining a NetFlow record map, use the match ip command. To remove this option, use the no form of this command.

match ip {protocol | tos}

no match ip {protocol | tos}

Syntax Description

protocol	Specifies the protocol.
tos	Specifies the type of service (ToS).

Defaults

None

Command Modes

NetFlow record configuration (config-flow-record)

Supported User Roles

network-admin
vdc-admin

Command History

Release	Modification
4.0(1)	This command was introduced.

Usage Guidelines

This command does not require a license.

Examples

This example shows how to configure the match IP option for defining a NetFlow record map:

switch(config)# flow record Custom-NetFlow-Record-1

switch(config-flow-record)# match ip protocol

switch(config-flow-record)# match ip tos

switch(config-flow-record)#

This example shows how to remove the match option:

switch(config-flow-record)# no match ip protocol

switch(config-flow-record)# no match ip tos

switch(config-flow-record)#

Related Commands

Command	Description
show flow record	Displays information about NetFlow records.

match ipv4

To configure the match IPv4 option for defining a NetFlow record map, use the match ipv4 command. To remove this option, use the no form of this command.

match ipv4 {source | destination} address

no match ipv4 {source | destination} address

Syntax Description

source	Specifies the source address.
destination	Specifies the destination address.
address	Specifies the address.

Defaults

None

Command Modes

NetFlow record configuration (config-flow-record)

Supported User Roles

network-admin
vdc-admin

Command History

Release	Modification
4.0(1)	This command was introduced.

Usage Guidelines

This command does not require a license.

Examples

This example shows how to configure the match IPv4 option for defining a NetFlow record map:

switch(config)# flow record Custom-NetFlow-Record-1

switch(config-flow-record)# match ipv4 source address

switch(config-flow-record)# match ipv4 destination address

switch(config-flow-record)#

This example shows how to remove the match IPv4 configuration:

switch(config-flow-record)# no match ipv4 source address

switch(config-flow-record)# no match ipv4 destination address

switch(config-flow-record)#

Related Commands

Command	Description
show flow record	Displays information about NetFlow records.

match (NetFlow)

To specify match criteria for Flexible NetFlow flow records, use the match command. To remove match criteria for flow records, use the no form of this command.

match {flow direction | interface {input | output} | ip {protocol | tos} | ipv4 {destination address | source address} | transport {destination-port | source-port}}

match {flow direction | interface {input | output} | ip {protocol | tos} | ipv4 {destination address | source address} | transport {destination-port | source-port}}

Syntax Description

flow direction	Specifies the direction of the flow to be matched.
interface input	Specifies that the match criterion is based on the input interface.
interface output	Specifies that the match criterion is based on the output interface.
ip protocol	Specifies that the match criterion is based on protocol.
ip tos	Specifies that the match criterion is based on type of service (ToS).
ipv4 destination address	Specifies that the match criterion is based on the destination IPv4 address.
ipv4 source address	Specifies that the match criterion is based on the source IPv4 address.
transport destination-port	Specifies that the match criterion for transport layer fields is based on the destination port.
transport source-port	Specifies that the match criterion for transport layer fields is based on the destination port.

Defaults

No matching criteria are specified by default.

Command Modes

Flow record configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release	Modification
4.0(1)	This command was introduced.

Usage Guidelines

A Flexible NetFlow flow record must be enabled before you can use the match command.

This command does not require a license.

Examples

This example shows how to specify the direction of the flow to be matched:

switch(config)# flow record FLOW-RECORD-1

switch(config-flow-record)# match flow direction

This example shows how to specify the match criterion is based on the input interface:

switch(config)# flow record FLOW-RECORD-1

switch(config-flow-record)# match interface input

This example shows how to specify that the match criterion is based on the output interface:

switch(config)# flow record FLOW-RECORD-1

switch(config-flow-record)# match interface output

This example shows how to specify that the match criterion is based on protocol:

switch(config)# flow record FLOW-RECORD-1

switch(config-flow-record)# match ip protocol

This example shows how to specify that the match criterion is based on type of service (ToS):

switch(config)# flow record FLOW-RECORD-1

switch(config-flow-record)# match ip tos

This example shows how to specify that the match criterion is based on the destination IPv4 address:

switch(config)# flow record FLOW-RECORD-1

switch(config-flow-record)# match ipv4 destination address

This example shows how to specify that the match criterion is based on the source IPv4 address:

switch(config)# flow record FLOW-RECORD-1

switch(config-flow-record)# match ipv4 source address

This example shows how to specify that the match criterion for transport layer fields is based on the destination port:

switch(config)# flow record FLOW-RECORD-1

switch(config-flow-record)# match ipv4 transport destination-port

This example shows how to specify that the match criterion for transport layer fields is based on the source port:

switch(config)# flow record FLOW-RECORD-1

switch(config-flow-record)# match ipv4 transport source-port

Related Commands

Command	Description
flow record	Creates a flow record.

match transport

To configure the match transport option for defining a NetFlow record map, use the match transport command. To remove the match transport option, use the no form of this command.

match transport {destination-port | source-port}

no match transport {destination-port | source-port}

Syntax Description

destination-port	Specifies the transport destination port.
source-port	Specifies the transport source port.

Defaults

None

Command Modes

NetFlow record configuration (config-flow-record)

Supported User Roles

network-admin
vdc-admin

Command History

Release	Modification
4.0(1)	This command was introduced.

Usage Guidelines

This command does not require a license.

Examples

This example shows how to configure the match transport option for defining a NetFlow record map:

switch(config)# flow record Custom-NetFlow-Record-1

switch(config-flow-record)# match transport source-port

This example shows how to remove the configuration:

switch(config-flow-record)# no match transport source-port

switch(config-flow-record)

Related Commands

Command	Description
show flow record	Displays information about NetFlow records.

mode

To specify the mode in a NetFlow sampler, use the mode command. To remove the mode, use the no form of this command.

mode samples

no mode [samples]

Syntax Description

samples

Number of samples per sampling. The range is from 1 to 64.

Defaults

None

Command Modes

NetFlow sampler configuration (config-flow-sampler)

Supported User Roles

network-admin
vdc-admin

Command History

Release	Modification
4.0(1)	This command was introduced.

Usage Guidelines

This command does not require a license.

Examples

This example shows how to specify the mode in a NetFlow sampler:

switch(config)# sampler Custom-NetFlow-Sampler-1

switch(config-flow-sampler)# mode 1 out-of 1000

switch(config-flow-sampler)#

This example shows how to remove the mode configuration:

switch(config-flow-sampler)# no mode

Related Commands

Command	Description
show sampler	Displays information about NetFlow samplers.

monitor counter

To configure a Simple Network Management Protocol (SNMP) monitor counter, use the monitor counter command. To remove a monitor counter configuration, use the no form of this command.

monitor counter {invalid-crc | invalid-words | link-loss | protocol-error | rx-performance | signal-loss | state-change | sync-loss | tx-performance}

no monitor counter {invalid-crc | invalid-words | link-loss | protocol-error | rx-performance | signal-loss | state-change | sync-loss | tx-performance}

Syntax Description

invalid-crc	Configures the invalid-crc counter.
invalid-words	Configures the invalid-words counter.
link-loss	Configures the link-loss counter.
protocol-error	Configures the protocol-error counter.
rx-performance	Configure the ingress (rx) performance counter.
signal-loss	Configures the signal-loss counter.
state-change	Configures the state-change counter.
sync-loss	Configures the sync-loss counter.
tx-performance	Configures the egress (tx) performance counter.

Defaults

None

Command Modes

Port-monitor configuration (config-port-monitor)

Supported User Roles

network-admin
vdc-admin

Command History

Release	Modification
4.1(2)	This command was introduced.

Usage Guidelines

This command does not require a license.

Examples

This example shows how to configure an SNMP counter:

switch(config) port-monitor name PM1

switch(config-port-monitor)# monitor counter signal-loss

switch(config-port-monitor)#

This example shows how to remove a counter configuration:

switch(config)# no monitor counter signal-loss

switch(config-port-monitor)#

Related Commands

Command	Description
counter	Configures an individual counter.

monitor erspan origin ip-address

To configure the Encapsulated Remote Switched Port Analyzer (ERSPAN) origin IP address, use the monitor espan origin ip-address command. To remove the ERSPAN origin IP address configuration, use the no form of this command.

monitor erspan origin ip-address ip-address global

no monitor erspan origin ip-address ip-address global

Syntax Description

ip-address	IP address.
global	(Optional) Specifies the default virtual device context (VDC) configuration across all VDCs.

Defaults

None

Command Modes

Global configuration (config)

Supported User Roles

network-admin
vdc-admin

Command History

Release	Modification
5.1(1)	This command was introduced.

Usage Guidelines

When you change the origin IP address in the default VDC, it impacts of all the sessions.

This command does not require a license.

Examples

This example shows how to configure the ERSPAN origin IP address:

switch# configure terminal

switch(config)# monitor erspan origin ip-address 10.1.1.1 global

switch(config)# 

This example shows how to remove the ERSPAN IP address:

switch# configure terminal

switch(config)# no monitor erspan origin ip-address 10.1.1.1 global

switch(config)#

monitor session

To enter the monitor configuration mode for configuring Encapsulated Remote Switched Port Analyzer (ERSPAN) or an Ethernet switched port analyzer (SPAN) session for analyzing traffic between ports, use the monitor session command. To disable an ERSPAN or an SPAN session(s), use the no form of this command.

monitor session {session_number | type [erspan-source | erspan-destination | local]}

no monitor session [{session_number | type [erspan-source | erspan-destination | local]} | {all}]

Syntax Description

session_number	Session number to use for monitoring a switched port. The range is from 1 to 18.
type	Specifies a session type. A session type can be local, erspan-source, or erspan-destination.
erspan-source	(Optional) Creates an ERSPAN source session.
erspan-destination	(Optional) Creates an ERSPAN destination session.
local	(Optional) Creates a local session.
all	Specifies all sessions for monitoring a switched port.

Defaults

None

Command Modes

Global configuration (config)

Supported User Roles

Super user
VDC administrator
VDC user

Command History

Release	Modification
5.1(1)	The number of sessions has been increased to 48.
4.0(1)	This command was introduced.

Usage Guidelines

While configuring an ERSPAN source session, if rx, tx, or both are not entered, the source is configured for both direction.

For more information about the ERSPAN configuration, see the Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x.

This command does not require a license.

Examples

This example shows how to enter the monitor configuration mode for configuring SPAN session number 9 for analyzing traffic between ports:

switch(config)# monitor session 9 type local

switch(config-monitor)# description A Local SPAN session

switch(config-monitor)# source interface ethernet 1/1

switch(config-monitor)# destination interface ethernet 1/2

switch(config-monitor)# no shut

This example shows how to configure any SPAN destination interfaces as Layer 2 SPAN monitor ports before activating the SPAN session:

switch(config)# interface ethernet 1/2

switch(config-if)# switchport

switch(config-if)# switchport monitor

switch(config-if)# no shutdown

This example shows how to configure a typical SPAN destination trunk interface:

switch(config)# interface Ethernet1/2

switch(config-if)# switchport

switch(config-if)# switchport mode trunk

switch(config-if)# switchport monitor

switch(config-if)# switchport trunk allowed vlan 10-12

switch(config-if)# no shutdown

This example shows how to terminate or extend RSPAN:

switch(config)# vlan 200

switch(config-vlan)# remote-span

switch(config-vlan)#

This example shows how to monitor RSPAN VLAN traffic using a local SPAN:

switch(config)# monitor session 1 type local

switch(config-monitor)# description RSPAN VLAN as source

switch(config-monitor)# source vlan 200

switch(config-monitor)# destination interface ethernet 1/2

switch(config-monitor)# no shut

switch(config-monitor)#

This example shows how to disable a SPAN session:

switch(config)# no monitor session 9 type local

This example show how to create an ERSPAN source:

switch# configure terminal

switch(config)# monitor session 1 type erspan-source

switch(config-monitor-erspan-src)# source int eth1/1

switch(config-monitor-erspan-src)# destination ip address 10.1.1.1

switch(config-monitor-erspan-src)# erspan-id 101

switch(config-monitor-erspan-src)# vrf erspan-vrf

switch(config-monitor-erspan-src)# filter vlan 100

switch(config-monitor-erspan-src)# no shut

This example show how to create an ERSPAN destination:

switch# configure terminal

switch(config)# monitor session 1 type erspan-destination

switch(config-monitor-erspan-dst)# destination interface eth1/5

switch(config-monitor-erspan-dst)# vrf foo

switch(config-monitor-erspan-dst)# erspan-id 12

switch(config-monitor-erspan-dst)# source ip 10.1.1.1

switch(config-monitor-erspan-dst)# no shut

This example show how to create an access control list (ACL) filter and associate it with the ERSPAN 
source, IP time-to-leave (TTL), and differentiated services code point (DSCP) value:

switch# configure terminal

switch(config)# monitor session 3 type erspan-source

switch(config-monitor)# description erspan_src_session_3

switch(config-monitor-erspan-src)# source interface port-channel 2

switch(config-monitor-erspan-src)# filter vlan 3-5, 7

switch(config-monitor-erspan-src)# filter access-group ACL1

switch(config-monitor-erspan-src)# destination ip-address 10.1.1.1

switch(config-monitor-erspan-src)# erspan-id 5

switch(config-erspan-src)# vrf default

switch(config-erspan-src)# ip ttl 25

switch(config-erspan-src)# ip dscp 42

switch(config-monitor-erspan-src)# exit

Related Commands

Command	Description
show monitor session	Displays the specified SPAN session configuration.
description	Adds a comment or a description of up to 32 characters to a SPAN session.
destination	Adds a SPAN destination where source packets are copied.
source	Configures the source and the traffic direction in which to copy packets for a SPAN and ERSPAN session.

mtu

To configure the maximum transmission unit (MTU) truncation size for packets in the specified Ethernet Switched Port Analyzer (SPAN) session, use the mtu command. To remove the MTU truncation size configuration, use the no form of this command.

mtu mtu-size

no mtu

Syntax Description

mtu-size

MTU truncation size. The range is from 64 to 1500.

Defaults

Disabled

Command Modes

Monitor configuration (config-monitor)

Supported User Roles

network-admin
vdc-admin

Command History

Release	Modification
5.2(1)	This command was introduced.

Usage Guidelines

Make sure that you are in the correct virtual device context (VDC). To change the VDC, use the switchto vdc command.

MTU truncation and the SPAN rate limit cannot be enabled for the same SPAN session. If you configure both for one session, only the rate limit is allowed on F1 Series modules, and MTU truncation is disabled until you disable the rate limit configuration.

---

Note MTU turncation is supported only on F1 Series modules.

---

This command does not require a license.

Examples

This example shows how to configure the MTU truncation size for packets in the specified SPAN session:

switch# configure terminal

switch(config)# monitor session 5

switch(config-monitor)# mtu 128

switch(config-monitor)#

This example shows how to remove the MTU truncation size configuration for packets in the specified SPAN session:

switch# configure terminal

switch(config)# monitor session 5

switch(config-monitor)# no mtu

Related Commands

Command	Description
monitor session	Places you in the monitor configuration mode for configuring a SPAN session.
show monitor session	Displays the status of the SPAN session.

multicast best-effort

To configure the multicast best effort mode for the specified Encapsulated Remote Switched Port Analyzer (ERSPAN) or the Ethernet Switched Port Analyzer (SPAN) session, use the multicast best-effort command. To remove the multicast best effort mode for an ERSPAN or SPAN session, use the no form of this command.

multicast best-effort

no multicast best-effort

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command Modes

Monitor configuration (config-monitor)

Supported User Roles

network-admin
vdc-admin

Command History

Release	Modification
5.2(1)	This command was introduced.

Usage Guidelines

By default, SPAN replication occurs on both the ingress and egress line card. When you enable the multicast best effort mode, SPAN replication occurs only on the ingress line card for multicast traffic or on the egress line card for packets egressing out of Layer 3 interfaces (that is, on the egress line card, packets egressing out of Layer 2 interfaces are not replicated for SPAN).

Make sure that you are in the correct virtual device context (VDC). To change the VDC, use the switchto vdc command.

---

Note Multicast best effort mode applies only to M1 Series modules

---

This command does not require a license.

Examples

This example shows how to configure the multicast best effort mode for the specifies ERSPAN or SPAN session:

switch# configure terminal

switch(config)# monitor session 3

switch(config-monitor)# multicast best-effort

switch(config-monitor)#

This example shows how to remove the multicast best effort mode for the specified ERSPAN or SPAN session:

switch# configure terminal

switch(config)# monitor session 3

switch(config-monitor)# no multicast best-effort

switch(config-monitor)#

Related Commands

Command	Description
monitor session	Places you in the monitor configuration mode for configuring a SPAN session.
show monitor session	Displays the status of the SPAN session.