Configuring Ports and Devices

This chapter contains the following sections:

About Cisco Nexus Data Broker Port Types

Cisco Nexus Data Broker enables you to configure different port types. All configured ports are displayed in the Configured Ports table on the Port Types tab.

You can configure a port as an ingress TAP/SPAN port or a monitoring tool port so that it is easier to aggregate and redirect the traffic.


Note

If the software version is less than 7.0(3)I1(2), an error message is displayed that the TAP aggregation is not supported in the current version of the NX-OS and you have to upgrade to the specified release or above. The 7.0 software version details are applicable for NX-API only.

You can select a port and define if the port is an ingress source port or an egress re-direction port. The ingress source port in Cisco Nexus Data Broker is mapped to the Edge-SPAN or the Edge-Tap port and the egress redirect port is mapped to the monitoring tool port. The switch interconnection ports are not displayed for the selection.


Note

The color coding for the port name indicates the status of the port itself. Green means that the port is up, orange means that the port is down, and red means that the port is administratively down.

Edge Ports

Edge ports are the ingress ports where traffic enters the monitor network. Cisco Nexus Data Broker supports the following edge ports:

  • TAP ports—For incoming traffic connected to a physical tap wire.

  • SPAN ports—For incoming traffic connected to an upstream switch that is configured as a SPAN destination.

Configuring an edge port is optional.


Note

For Any-to-Multipoint (A2MP) forwarding path option, Cisco Nexus Data Broker only uses the configured edge ports as ingress edge ports or source ports.

Delivery Ports

Delivery ports are the egress ports where the traffic exits the monitor network. These outgoing ports are connected to external monitoring devices. When you configure a monitoring device in Cisco Nexus Data Broker, you can associate a name and an icon to the monitoring device.

Configured devices are displayed in the Monitor Devices table on the Devices tab. The icon appears in the topology diagram with a line that connects it to the node.

VLAN Double Tagging

Cisco Nexus Data Broker enables you to configure a switch port as an edge port and specify a VLAN for that port. When you configure the VLAN ID, and the connection to the Cisco onePK agent is up, Cisco Nexus Data Broker programs the Cisco Nexus 3000 or 3100 Series switch so that all packets received in that port are VLAN tagged, and the VLAN ID is the one configured on the edge port. If the packets received in that port are already VLAN-tagged frames, they get double-tagged, and the outermost VLAN tag contains the VLAN ID that is associated with the configured edge port.


Note

VLAN Double Tagging is not supported in Cisco Nexus 9000 NX-API mode operation.

Configuring a Port Type

Procedure
    Step 1   In the topology diagram, click the node for which you want to configure a port. The Ports area of the sidebar displays the list of ports available to configure for that node.
    Step 2   In the list of ports for the node, click Click to configure under the port identifier of the port that you want to configure.
    Step 3   From the Select a port type drop-down list, choose one of the following:
    • Edge Port-SPAN
    • Edge Port-TAP
    • Monitoring Device

    Edge Port-SPAN—Creates an edge port for incoming traffic connected to an upstream switch that is configured as a SPAN destination.

    Edge Port-TAP—Creates an edge port for incoming traffic connected to a physical TAP port.

    Monitoring Device—Creates a monitoring device for capturing traffic and configures the corresponding delivery port.

    Step 4   (Optional)In the Port Description field, enter a port description.

    The port description can contain between 1 and 256 alphanumeric characters, including the following special characters: underscore ("_"), hyphen ("-"), plus ("+"), equals ("="), open parenthesis ("("), closed parenthesis (")"), vertical bar ("|"), period ("."), or at sign ("@").

    Step 5   (Optional)Enter a VLAN ID.

    The port is configured as dot1q to preserve any production VLAN information.

    Step 6   Click Submit.

    Removing a Port Type Configuration

    Before You Begin

    • At least one port type must be configured.

    • The port type configuration that you want to remove must not be used in a rule. If it is, you must either modify or remove the rule before you can remove the port type configuration.


      Note

      If the configured port is of SPAN or Edge ports and if any connections are created based on these ports, you will not be able to delete those connections. Only after removal of the connections, the port definition of the SPAN/Edge ports can be deleted.

    Procedure
      Step 1   From the Port Types tab, choose one of the following:
      • The top checkbox to select all Configured Ports for removal.
      • The check box next to the name of only the configured port or ports that you want to remove.
      Step 2   Above the list of Configured Ports, click Remove Port Configuration.
      Step 3   In the Remove Port Configuration confirmation dialog box, click Remove Port Configuration.

      The port configurations are removed.

      Configuring a Monitoring Device

      Procedure
        Step 1   In the topology diagram, click the node for which you want to configure a monitoring device. The Port Types tab displays the list of ports available to configure for that node.
        Step 2   In the list of ports for the node, click Click to configure under the port identifier of the port that you want to configure.
        Step 3   From the Select a port type drop-down list, click Add Monitoring Device.
        Step 4   In the Add Device dialog box, complete the following fields:
        Name Description

        Device Name field

        The name that you want to use for the monitoring device.

        The name can contain between 1 and 256 alphanumeric characters including the following special characters: underscore ("_"), hyphen ("-"), plus ("+"), equals ("="), open parenthesis ("("), closed parenthesis (")"), vertical bar ("|"), period ("."), or at sign ("@").

        Note   

        You can change the device name after the monitoring device has been added.

        Icons selection

        The choice of icons, with the first one selected by default. Choose any icon to use for the monitoring device.

        Note   

        You can change the icon for the monitoring device after it has been added.

        Step 5   Click Submit.

        Removing A Monitoring Device


        Note

        If the monitor device is part of a connection, Cisco Nexus Data Broker does not allow the user to delete the monitor device.

        Before You Begin

        • At least one monitoring device must be configured for the port.

        • The monitoring device that you want to remove must not be used in a rule. If it is, you must either modify or remove the rule before you can remove the monitoring device.

        Procedure
          Step 1   Click the Devices tab.
          Step 2   In the Device Name list, choose one of the following:
          • The top checkbox to select all monitoring devices for removal.
          • The checkbox next to the name of only the monitoring device or devices you want to remove.
          Step 3   Above the Device Name list, click Remove Monitoring Devices.
          Step 4   In the Remove Monitoring Devices confirmation dialog box, click Remove Devices.

          Configuring a Root Node

          A root node is automatically selected by Cisco Nexus Data Broker. If the defined root node is too far from the source switches, you can manually configure a different switch. We recommend that you choose a switch with edge ports as your new root node.


          Note

          Root node changes do not take effect until you save the configuration.

          Procedure
            Step 1   From the Root tab, click Configure Root Node.
            Step 2   In the Configure Root Node dialog box, choose a node from the drop-down list.
            Step 3   Click Configure Root Node.

            The Configured Root Node is displayed the Root tab, and below it the Current Root Node, if any.

            Step 4   Click Save in the menu bar.

            The root node addition or change is saved.

            Cisco onePK Agent

            The Cisco onePK plug-in for Cisco Nexus Data Broker communicates with onePK devices through a onePK agent on the device. To support onePK device functions in Cisco Nexus Data Broker, the application must be connected to the onePK agent. The agent is the mediator between Cisco Nexus Data Broker and onePK-enabled devices that are configured in Cisco Nexus Data Broker.

            To secure communication between Cisco Nexus Data Broker onePK-enabled devices, you must configure Transport Layer Security (TLS) in Cisco Nexus Data Broker. See the Cisco Nexus Data Broker Configuration Guide for detailed procedures.

            Connecting to a onePK Agent

            You must connect to a onePK agent to support additional functionality in Cisco Nexus Data Broker, including symmetric load balancing, Q-in-Q, timestamp tagging, and packet truncation.

            Procedure
              Step 1   From the Admin drop-down list, choose Management.
              Step 2   On the menu bar, choose Devices, and then click the Device Connections tab.
              Step 3   Click Add Device.
              Step 4   In the Add Device dialog box, choose Connection Type field as onePK.
              Step 5   Click Add Device.

              Symmetric Load Balancing

              Cisco Nexus Data Broker enables you to configure symmetric load balancing settings on the egress port channels. Load balancing settings are based on Layer 2 source MAC and destination IP addresses, or Layer 2, Layer 3, or Layer 4 source and destination ports. When you configure symmetric load balancing for all the port-channel interfaces on the switch, all the traffic from specific sources and destinations in both directions always flows on the same port-channel member link.


              Note

              Symmetric load balancing in Cisco Nexus Data Broker is available for Cisco Nexus 3100 Series switches and Cisco 9000 Series switches.

              Configuring Symmetric Load Balancing

              Before You Begin

              • Configure and provision TLS on the switches.

              • Add device to Cisco Nexus Data Broker using NX-API or onePK connection.

              Procedure
                Step 1   In the topology diagram, click the node for which you wish to configure symmetric load balancing.
                Step 2   In the side bar, from the Symmetric Load Balancing drop-down list, choose one of the following:
                • SOURCE_DESTINATION_IP—source and destination IP address (includes Layer 2)
                • SOURCE_DESTINATION_IP_ONLY—source and destination IP addresses only
                • SOURCE_DESTINATION_PORT—source and destination TCP/UDP port (includes Layer 2 and Layer 3)
                • SOURCE_DESTINATION_PORT_ONLY—source and destination TCP/UDP port only
                Step 3   Click Submit.

                Configuring Q-in-Q


                Note

                The ability to configure Q-in-Q is available only for Cisco Nexus 3000 and 3100 Series switches. Q-in-Q is automatically enabled when you configure a VLAN ID for an edge port, if the VLAN ID is maintained on the edge port.

                Procedure
                  Step 1   In the topology diagram, click the node for which you wish to configure Q-in-Q.
                  Step 2   In the side bar, configure an edge port and set a VLAN ID on that edge port.
                  Step 3   Click Enable QinQ.
                  Step 4   In the Connect to onePK Agent dialog box, complete the following fields:
                  Name Description

                  Address field

                  The IP address assigned to the Cisco onePK device.

                  Username field

                  The username of the user that you want to assign to the device.

                  Password field

                  The password of the user that you want to assign to the device.

                  Step 5   Click Submit.

                  Configuring Packet Truncation


                  Note

                  Packet truncation can only be configured on Cisco Nexus 3500 Series switches.

                  Before You Begin

                  • Configure a onePK device.

                  • Connect to the onePK agent.

                  Procedure
                    Step 1   In the topology diagram, click the node for which you wish to configure packet truncation.
                    Step 2   In the side bar, click the port for which you want to configure packet truncation.
                    Step 3   From the Select a port type drop-down list, choose one of the following:
                    • Edge Port-SPAN
                    • Edge Port-TAP
                    Step 4   (Optional)In the Port Description field, enter a port description.

                    The port description can contain between 1 and 256 alphanumeric characters, including the following special characters: underscore ("_"), hyphen ("-"), plus ("+"), equals ("="), open parenthesis ("("), closed parenthesis (")"), vertical bar ("|"), period ("."), or at sign ("@").

                    Step 5   (Optional)Enter a VLAN ID.

                    The port is configured as dot1q to preserve any production VLAN information.

                    Step 6   In the Enable Packet Truncation field, enter the truncated packet length that you want, in bytes.
                    Note   

                    It is recommended that you enter a minimum of 64 bytes, in multiples of 4.

                    Step 7   Click Submit. The port configuration is saved, and the number of bytes for truncated packets is displayed in the label TRUNC=<bytes> beside the port name.

                    Configuring Timestamp Tagging


                    Note

                    Timestamp tagging can only be configured on Cisco Nexus 3500 Series switches.

                    Before You Begin

                    • Configure a delivery device on the node.

                    • Configure a onePK device.

                    Procedure
                      Step 1   In the topology diagram, click the node for which you wish to configure timestamp tagging.
                      Step 2   In the side bar, configure a delivery device.
                      Step 3   In side bar, click Click to enable additional functionality.
                      Step 4   In the Connect to onePK Agent dialog box, complete the following fields:
                      Name Description

                      Address field

                      The IP address assigned to the Cisco onePK device.

                      Username field

                      The username of the user that you want to assign to the device.

                      Password field

                      The password of the user that you want to assign to the device.

                      Step 5   Check the check box next to Enable Timestamp Tagging.
                      Step 6   Click Submit. The port is displayed in the Port list with the label TS-Tag.