Configuring SPAN

Available Languages

Download Options

  • PDF     (510.1 KB)
    View with Adobe Reader on a variety of devices
Updated:October 17, 2011

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Configuring SPAN

Configuring SPAN

This chapter contains the following sections:

Information About SPAN

The Switched Port Analyzer (SPAN) feature (sometimes called port mirroring or port monitoring) selects network traffic for analysis by a network analyzer. The network analyzer can be a Cisco SwitchProbe, a Fibre Channel Analyzer, or other Remote Monitoring (RMON) probes.

SPAN Sources

SPAN sources refer to the interfaces from which traffic can be monitored. The Cisco Nexus Series switch supports Ethernet, Fibre Channel, virtual Fibre Channel, port channels, SAN port channels, VLANs, and VSANs as SPAN sources. With VLANs or VSANs, all supported interfaces in the specified VLAN or VSAN are included as SPAN sources. You can choose the SPAN traffic in the ingress direction, the egress direction, or both directions for Ethernet, Fibre Channel, and virtual Fibre Channel source interfaces:

  • Ingress source (Rx)—Traffic entering the switch through this source port is copied to the SPAN destination port.
  • Egress source (Tx)—Traffic exiting the switch through this source port is copied to the SPAN destination port.

If the SPAN source interface sends more than 6-Gbps traffic or if traffic bursts too much, a Nexus 5020 switch or Nexus 5010 switch drops traffic on the source interface. You can use the switchport monitor rate-limit 1G command on the SPAN destination to reduce the dropping of actual traffic on the source interface; however, SPAN traffic is restricted to 1Gb. For additional information see Configuring the Rate Limit for SPAN Traffic.


Note

On the Cisco Nexus 5548 Switch, Fibre Channel ports and VSAN ports cannot be configured as ingress source ports in a SPAN session.

Characteristics of Source Ports

A source port, also called a monitored port, is a switched interface that you monitor for network traffic analysis. The switch supports any number of ingress source ports (up to the maximum number of available ports on the switch) and any number of source VLANs or VSANs.

A source port has these characteristics:

  • Can be of any port type: Ethernet, Fibre Channel, virtual Fibre Channel, port channel, SAN port channel, VLAN, and VSAN.
  • Cannot be monitored in multiple SPAN sessions.
  • Cannot be a destination port.
  • Each source port can be configured with a direction (ingress, egress, or both) to monitor. For VLAN and VSAN sources, the monitored direction can only be ingress and applies to all physical ports in the group. The RX/TX option is not available for VLAN or VSAN SPAN sessions.
  • Source ports can be in the same or different VLANs or VSANs.
  • For VLAN or VSAN SPAN sources, all active ports in the source VLAN or VSAN are included as source ports.
  • The limit on the number of egress (TX) sources in a monitor session has been lifted.
  • On the Cisco Nexus 5548 Switch, Fibre Channel ports and VSAN ports cannot be configured as ingress source ports in a SPAN session.

SPAN Destinations

SPAN destinations refer to the interfaces that monitors source ports. The Cisco Nexus Series switch supports Ethernet and Fibre Channel interfaces as SPAN destinations.

Source SPAN

Dest SPAN

Ethernet

Ethernet

Fibre Channel

Fibre Channel

Virtual Fibre Channel

Fibre Channel

Characteristics of Destination Ports

Each local SPAN session must have a destination port (also called a monitoring port) that receives a copy of traffic from the source ports, VLANs, or VSANs. A destination port has these characteristics:

  • Can be any physical port, Ethernet, or Fibre Channel, and virtual Fibre Channel ports cannot be destination ports.
  • Cannot be a source port.
  • Cannot be a port channel or SAN port channel group.
  • Does not participate in spanning tree while the SPAN session is active.
  • Is excluded from the source list and is not monitored if it belongs to a source VLAN of any SPAN session.
  • Receives copies of sent and received traffic for all monitored source ports. If a destination port is oversubscribed, it can become congested. This congestion can affect traffic forwarding on one or more of the source ports.

Creating and Deleting a SPAN Session

You create a SPAN session by assigning a session number using the monitor command. If the session already exists, any additional configuration is added to that session.

SUMMARY STEPS

    1.    switch# configure terminal

    2.    switch(config)# monitor session session-number


DETAILED STEPS
      Command or Action Purpose
    Step 1 switch# configure terminal
     

    Enters configuration mode.

     
    Step 2 switch(config)# monitor session session-number
     

    Enters the monitor configuration mode. New session configuration is added to the existing session configuration.

     

    Configuring the Destination Port

    Configuring an Ethernet Destination Port


    Note

    The SPAN destination port can only be a physical port on the switch.

    You can configure an Ethernet interface as a SPAN destination port.

    SUMMARY STEPS

      1.    switch# configure terminal

      2.    switch(config)# interface ethernet slot/port

      3.    switch(config-if)# switchport monitor

      4.    switch(config-if)# exit

      5.    switch(config)# monitor session session-number

      6.    switch(config-monitor)# destination interface ethernet slot/port


    DETAILED STEPS
        Command or Action Purpose
      Step 1 switch# configure terminal
       

      Enters configuration mode.

       
      Step 2 switch(config)# interface ethernet slot/port
       

      Enters interface configuration mode for the specified Ethernet interface selected by the slot and port values.

       
      Step 3 switch(config-if)# switchport monitor
       

      Sets the interface to monitor mode. Priority flow control is disabled when the port is configured as a SPAN destination.

       
      Step 4 switch(config-if)# exit
       

      Reverts to global configuration mode.

       
      Step 5 switch(config)# monitor session session-number
       

      Enters the monitor configuration mode.

       
      Step 6 switch(config-monitor)# destination interface ethernet slot/port
       

      Configures the Ethernet destination port.

       

      The following example shows configuring an Ethernet SPAN destination port: 

      switch# configure terminal

      switch(config)# interface ethernet 1/3

      switch(config-if)# switchport monitor

      switch(config-if)# exit

      switch(config)# monitor session 2

      switch(config-monitor)# destination interface ethernet 1/3

      Configuring the Rate Limit for SPAN Traffic

      On Cisco Nexus Platform switches, you can rate-limit the SPAN traffic to 1Gbps across the entire monitor session to avoid impacting the monitored production traffic. This feature is not necessary and not supported on the Nexus 5500 Platform.

      Configuring the rate limit has the following guidelines:
      • When spanning more than 1Gbps to a 1 Gb SPAN destination interface, SPAN source traffic will not drop.
      • When spanning more than 6 Gbps (but less than 10Gbps) to a 10Gb SPAN destination interface, the SPAN traffic is limited to 1Gbps even though the destination/sniffer is capable of 10Gbps.
      SUMMARY STEPS

        1.    switch# configure terminal

        2.    switch(config)# interface ethernet slot/port

        3.    switch(config-if)# switchport monitor rate-limit 1G

        4.    switch(config-if)# exit


      DETAILED STEPS
          Command or Action Purpose
        Step 1 switch# configure terminal
         

        Enters configuration mode.

         
        Step 2 switch(config)# interface ethernet slot/port
         

        Enters interface configuration mode for the specified Ethernet interface selected by the slot and port values.

         
        Step 3 switch(config-if)# switchport monitor rate-limit 1G
         

        Specifies that the rate limit is 1 GB.

         
        Step 4 switch(config-if)# exit
         

        Reverts to global configuration mode.

         

        This example shows how to limit the bandwidth on Ethernet interface 1/2 to 1 GB:

        switch(config)# interface ethernet 1/2
switch(config-if)# switchport monitor rate-limit 1G
switch(config-if)#

        Configuring Fibre Channel Destination Port


        Note

        The SPAN destination port can only be a physical port on the switch.

        You can configure a Fibre Channel port as a SPAN destination port.

        SUMMARY STEPS

          1.    switch# configure terminal

          2.    switch(config)# interface fc slot/port

          3.    switch(config-if)# switchport mode SD

          4.    switch(config-if)# switchport speed 1000

          5.    switch(config-if)# exit

          6.    switch(config)# monitor session session-number

          7.    switch(config-monitor)# destination interface fc slot/port


        DETAILED STEPS
            Command or Action Purpose
          Step 1 switch# configure terminal
           

          Enters configuration mode.

           
          Step 2 switch(config)# interface fc slot/port
           

          Enters interface configuration mode for the specified Fibre Channel interface selected by the slot and port values.

           
          Step 3 switch(config-if)# switchport mode SD
           

          Sets the interface to SPAN destination (SD) mode.

           
          Step 4 switch(config-if)# switchport speed 1000
           

          Sets the interface speed to 1000. The auto speed option is not allowed.

           
          Step 5 switch(config-if)# exit
           

          Reverts to global configuration mode.

           
          Step 6 switch(config)# monitor session session-number
           

          Enters the monitor configuration mode.

           
          Step 7 switch(config-monitor)# destination interface fc slot/port
           

          Configures the Fibre Channel destination port.

           

          The following example shows configuring an Ethernet SPAN destination port: 

          switch# configure terminal

          switch(config)# interface fc 2/4

          switch(config-if)# switchport mode SD

          switch(config-if)# switchport speed 1000

          switch(config-if)# exit

          switch(config)# monitor session 2

          switch(config-monitor)# destination interface fc 2/4

          Guidelines and Limitations

          SPAN has the following guidelines and limitations:

          • If you install NX-OS 5.0(3)U2(2) and then downgrade to a lower version of software, the SPAN configuration is lost. To avoid this, you need to save the configuration before upgrading to NX-OS 5.0(3)U2(2), and then reapply the local span configurations after the downgrade. For information about a similar ERSPAN limitation, see Guidelines and Limitations for ERSPAN.

          Configuring Source Ports

          You can configure the source ports for a SPAN session. The source ports can be Ethernet, Fibre Channel, or virtual Fibre Channel ports.

          SUMMARY STEPS

            1.    switch(config-monitor)# source interface type slot/port [rx | tx | both]


          DETAILED STEPS
              Command or Action Purpose
            Step 1 switch(config-monitor)# source interface type slot/port [rx | tx | both]
             

            Configures sources and the traffic direction in which to duplicate packets. You can enter a range of Ethernet, Fibre Channel, or virtual Fibre Channel ports. You can specify the traffic direction to duplicate as ingress (rx), egress (tx), or both. By default, the direction is both.

             

            The following example shows configuring an Ethernet SPAN source port: 

            switch# configure terminal

            switch(config)# monitor session 2

            switch(config-monitor)# source interface ethernet 1/16

            The following example shows configuring a Fibre Channel SPAN source port: 

            switch(config-monitor)# source interface fc 2/1

            The following example shows configuring a virtual Fibre Channel SPAN source port: 

            switch(config-monitor)# source interface vfc 129

            Configuring Source Port Channels, VLANs, or VSANs

            You can configure the source channels for a SPAN session. These ports can be port channels, SAN port channels, VLANs, and VSANs. Beginning with Cisco NX-OS Release 5.0(2)N2(1), the monitored direction can be ingress, egress, or both and applies to all physical ports in the group; the direction can only be ingress for NX-OS Release 5.0(2)N1(1) and earlier releases.


            Note

            The Cisco Nexus 5000 Series switch supports two active SPAN sessions. When you configure more than two SPAN sessions, the first two sessions are active. During startup, the order of active sessions is reversed; the last two sessions are active. For example, if you configured ten sessions 1 to 10 where 1 and 2 are active, after a reboot, sessions 9 and 10 will be active. To enable deterministic behavior, explicitly suspend the sessions 3 to 10 with the monitor session session-number shut command. See Suspending a SPAN Session.
            SUMMARY STEPS

              1.    switch(config-monitor)# source {interface {port-channel | san-port-channel} channel-number [rx | tx | both] | vlan vlan-range | vsan vsan-range }


            DETAILED STEPS
                Command or Action Purpose
              Step 1 switch(config-monitor)# source {interface {port-channel | san-port-channel} channel-number [rx | tx | both] | vlan vlan-range | vsan vsan-range }
               

              Configures port channel, SAN port channel, VLAN, or VSAN sources. For VLAN or VSAN sources, the monitored direction is implicit.

               

              This example shows how to configure a port channel SPAN source: 

              switch# configure terminal
switch(config)# monitor session 2
switch(config-monitor)# source interface port-channel 1 rx
switch(config-monitor)# source interface port-channel 3 tx
switch(config-monitor)# source interface port-channel 5 both

              This example shows how to configure a SAN port channel SPAN source: 

              switch(config-monitor)# source interface san-port-channel 3 rx

              This example shows how to configure a VLAN SPAN source: 

              switch(config-monitor)# source vlan 1

              This example shows how to configure a VSAN SPAN source: 

              switch(config-monitor)# source vsan 1

              Configuring the Description of a SPAN Session

              You can provide a descriptive name of the SPAN session for ease of reference.

              SUMMARY STEPS

                1.    switch(config-monitor)# description description


              DETAILED STEPS
                  Command or Action Purpose
                Step 1 switch(config-monitor)# description description
                 

                Applies a descriptive name to the SPAN session.

                 

                The following example shows configuring a description of a SPAN session: 

                switch# configure terminal

                switch(config)# monitor session 2

                switch(config-monitor)# description monitoring ports fc2/2-fc2/4

                Activating a SPAN Session

                The default is to keep the session state shut. You can open a session that duplicates packets from sources to destinations.

                SUMMARY STEPS

                  1.    switch(config)# no monitor session {all | session-number} shut


                DETAILED STEPS
                    Command or Action Purpose
                  Step 1 switch(config)# no monitor session {all | session-number} shut
                   

                  Opens the specified SPAN session or all sessions.

                   

                  The following example shows activating a SPAN session: 

                  switch(config)# no monitor session 3 shut

                  Suspending a SPAN Session

                  The default is to keep the session state shut. You can suspend a SPAN session.

                  SUMMARY STEPS

                    1.    switch(config)# monitor session {all | session-number} shut


                  DETAILED STEPS
                      Command or Action Purpose
                    Step 1 switch(config)# monitor session {all | session-number} shut
                     

                    Suspends the specified SPAN session or all sessions.

                     

                    The following example shows suspending a SPAN session: 

                    switch(config)# monitor session 3 shut

                    Note

                    The Cisco Nexus switch supports two active SPAN sessions. When you configure more than two SPAN sessions, the first two sessions are active. During startup, the order of active sessions is reversed; the last two sessions are active. For example, if you configured ten sessions 1 to 10 where 1 and 2 are active, after a reboot, sessions 9 and 10 will be active. To enable deterministic behavior, explicitly suspend the sessions 3 to 10 with the monitor session session-number shut command.

                    Displaying SPAN Information

                    To display SPAN information, perform this task:

                    SUMMARY STEPS

                      1.    switch# show monitor [session {all | session-number | range session-range} [brief]]


                    DETAILED STEPS
                        Command or Action Purpose
                      Step 1 switch# show monitor [session {all | session-number | range session-range} [brief]]
                       

                      Displays the SPAN configuration.

                       

                      This example shows how to display SPAN session information:

                      switch# show monitor

                      SESSION  STATE        REASON                  DESCRIPTION
                      -------  -----------  ----------------------  --------------------------------
                      2        up           The session is up
                      3        down         Session suspended
                      4        down         No hardware resource

                      This example shows how to display SPAN session details:

                      switch# show monitor session 2

                         session 2
                      ---------------
                      type              : local
                      state             : up
                      source intf       :
                          rx            : fc3/1
                          tx            : fc3/1
                          both          : fc3/1
                      source VLANs      :
                          rx            :
                      source VSANs      :
                          rx            : 1
                      destination ports : Eth3/1

                      Was this Document Helpful?

                      FeedbackFeedback

                      Contact Cisco

                      This Document Applies to These Products