- Preface
- Overview
- Using Cisco Fabric Services
- Configuring PTP
- Configuring User Accounts and RBAC
- Configuring Session Manager
- Configuring Online Diagnostics
- Configuring System Message Logging
- Configuring Smart Call Home
- Configuring DNS
- Configuring SNMP
- Configuring RMON
- Configuring SPAN
- Configuring ERSPAN
- Index
Contents
- Configuring SPAN
- Information About SPAN
- SPAN Sources
- Characteristics of Source Ports
- SPAN Destinations
- Characteristics of Destination Ports
- Guidelines and Limitations for SPAN
- Creating or Deleting a SPAN Session
- Configuring an Ethernet Destination Port
- Configuring Source Ports
- Configuring Source Port Channels or VLANs
- Configuring the Description of a SPAN Session
- Activating a SPAN Session
- Suspending a SPAN Session
- Displaying SPAN Information
Configuring SPAN
This chapter contains the following sections:
- Information About SPAN
- SPAN Sources
- Characteristics of Source Ports
- SPAN Destinations
- Characteristics of Destination Ports
- Guidelines and Limitations for SPAN
- Creating or Deleting a SPAN Session
- Configuring an Ethernet Destination Port
- Configuring Source Ports
- Configuring Source Port Channels or VLANs
- Configuring the Description of a SPAN Session
- Activating a SPAN Session
- Suspending a SPAN Session
- Displaying SPAN Information
Information About SPAN
The Switched Port Analyzer (SPAN) feature (sometimes called port mirroring or port monitoring) selects network traffic for analysis by a network analyzer. The network analyzer can be a Cisco SwitchProbe or other Remote Monitoring (RMON) probes.
SPAN Sources
SPAN sources refer to the interfaces from which traffic can be monitored. The Cisco Nexus Series device supports Ethernet, port channels, and VLANs as SPAN sources. With VLANs, all supported interfaces in the specified VLAN are included as SPAN sources. You can choose the SPAN traffic in the ingress direction, the egress direction, or both directions for Ethernet source interfaces:
Characteristics of Source Ports
A source port, also called a monitored port, is a switched interface that you monitor for network traffic analysis. The switch supports any number of ingress source ports (up to the maximum number of available ports on the switch) and any number of source VLANs.
A source port has these characteristics:
-
Can be of Ethernet, port channel, or VLAN port type.
-
Cannot be monitored in multiple SPAN sessions.
-
Cannot be a destination port.
-
Each source port can be configured with a direction (ingress, egress, or both) to monitor. For VLAN sources, the monitored direction can only be ingress and applies to all physical ports in the group. The RX/TX option is not available for VLAN SPAN sessions.
-
Source ports can be in the same or different VLANs.
SPAN Destinations
SPAN destinations refer to the interfaces that monitors source ports. The Cisco Nexus Series device supports Ethernet interfaces as SPAN destinations.
|
Source SPAN |
Dest SPAN |
|---|---|
|
Ethernet |
Ethernet |
Characteristics of Destination Ports
Each local SPAN session must have a destination port (also called a monitoring port) that receives a copy of traffic from the source ports or VLANs. A destination port has these characteristics:
-
Can be any physical port. Ethernet ports cannot be destination ports.
-
Cannot be a source port.
-
Cannot be a port channel.
-
Does not participate in spanning tree while the SPAN session is active.
-
Is excluded from the source list and is not monitored if it belongs to a source VLAN of any SPAN session.
-
Receives copies of sent and received traffic for all monitored source ports. If a destination port is oversubscribed, it can become congested. This congestion can affect traffic forwarding on one or more of the source ports.
Guidelines and Limitations for SPAN
SPAN has the following guidelines and limitations:
-
If you install NX-OS 5.0(3)U2(2) and then downgrade to a lower version of software, the SPAN configuration is lost.
To avoid this, you need to save the configuration before upgrading to NX-OS 5.0(3)U2(2), and then reapply the local span configurations after the downgrade.
For information about a similar ERSPAN limitation, see Guidelines and Limitations for ERSPAN for ERSPAN.
Creating or Deleting a SPAN Session
You create a SPAN session by assigning a session number using the monitor session command. If the session already exists, any additional configuration information is added to the existing session.
1. switch# configure terminal
2.
switch(config)#
monitor session
session-number
DETAILED STEPS
| Command or Action | Purpose |
|---|
This example shows how to configure a SPAN monitor session:
switch# configure terminal switch(config) # monitor session 2 switch(config) #
Configuring an Ethernet Destination Port
You can configure an Ethernet interface as a SPAN destination port.
 Note | The SPAN destination port can only be a physical port on the switch. |
1. switch# configure terminal
2.
switch(config)#
interface ethernet
slot/port
3.
switch(config-if)#
switchport monitor
4.
switch(config-if)#
exit
5.
switch(config)#
monitor session
session-number
6.
switch(config-monitor)#
destination interface ethernet
slot/port
DETAILED STEPS
The following example shows how to configure an Ethernet SPAN destination port:
switch# configure terminal switch(config)# interface ethernet 1/3 switch(config-if)# switchport monitor switch(config-if)# exit switch(config)# monitor session 2 switch(config-monitor)# destination interface ethernet 1/3 switch(config-monitor)#
Configuring Source Ports
Source ports can only be Ethernet ports.
1. switch# configure terminal
2. switch(config) # monitor session session-number
3.
switch(config-monitor) #
source interface
type
slot/port [rx |
tx |
both]
DETAILED STEPS
The following example shows how to configure an Ethernet SPAN source port:
switch# configure terminal switch(config)# monitor session 2 switch(config-monitor)# source interface ethernet 1/16 switch(config-monitor)#
Configuring Source Port Channels or VLANs
You can configure the source channels for a SPAN session. These ports can be port channels, and VLANs. The monitored direction can be ingress, egress, or both and applies to all physical ports in the group.
1. switch# configure terminal
2. switch(config) # monitor session session-number
3.
switch(config-monitor) #
source {interface {port-channel}
channel-number
[rx | tx | both] |
vlan
vlan-range}
DETAILED STEPS
This example shows how to configure a port channel SPAN source:
switch# configure terminal switch(config)# monitor session 2 switch(config-monitor)# source interface port-channel 1 rx switch(config-monitor)# source interface port-channel 3 tx switch(config-monitor)# source interface port-channel 5 both switch(config-monitor)#
This example shows how to configure a VLAN SPAN source:
switch# configure terminal switch(config)# monitor session 2 switch(config-monitor)# source vlan 1 switch(config-monitor)#
Configuring the Description of a SPAN Session
For ease of reference, you can provide a descriptive name for a SPAN session.
1. switch# configure terminal
2. switch(config) # monitor session session-number
3.
switch(config-monitor) #
description
description
DETAILED STEPS
| Command or Action | Purpose |
|---|
The following example shows how to configure a SPAN session description:
switch# configure terminal switch(config) # monitor session 2 switch(config-monitor) # description monitoring ports eth2/2-eth2/4 switch(config-monitor) #
Activating a SPAN Session
The default is to keep the session state shut. You can open a session that duplicates packets from sources to destinations.
1. switch# configure terminal
2.
switch(config) #
no monitor session {all |
session-number}
shut
DETAILED STEPS
| Command or Action | Purpose |
|---|
The following example shows how to activate a SPAN session:
switch# configure terminal switch(config) # no monitor session 3 shut
Suspending a SPAN Session
By default, the session state is shut.
1. switch# configure terminal
2.
switch(config) #
monitor session {all |
session-number}
shut
DETAILED STEPS
| Command or Action | Purpose |
|---|
The following example shows how to suspend a SPAN session:
switch# configure terminal switch(config) # monitor session 3 shut switch(config) #
Displaying SPAN Information
1.
switch# show monitor [session {all | session-number | range
session-range} [brief]]
DETAILED STEPS
| Command or Action | Purpose |
|---|
This example shows how to display SPAN session information:
switch# show monitor SESSION STATE REASON DESCRIPTION ------- ----------- ---------------------- -------------------------------- 2 up The session is up 3 down Session suspended 4 down No hardware resource
This example shows how to display SPAN session details:
switch# show monitor session 2 session 2 --------------- type : local state : up source intf : source VLANs : rx : destination ports : Eth3/1