- Preface
- Overview
- Using Cisco Fabric Services
- Configuring PTP
- Configuring User Accounts and RBAC
- Configuring Session Manager
- Configuring Online Diagnostics
- Configuring System Message Logging
- Configuring Smart Call Home
- Configuring DNS
- Configuring SNMP
- Configuring RMON
- Configuring SPAN
- Configuring ERSPAN
- Index
Contents
- Configuring ERSPAN
- Information About ERSPAN
- ERSPAN Sources
- ERSPAN Destinations
- ERSPAN Sessions
- Multiple ERSPAN Sessions
- High Availability
- Licensing Requirements for ERSPAN
- Prerequisites for ERSPAN
- Guidelines and Limitations for ERSPAN
- Default Settings
- Configuring ERSPAN
- Configuring an ERSPAN Source Session
- Configuring an ERSPAN Destination Session
- Shutting Down or Activating an ERSPAN Session
- Verifying the ERSPAN Configuration
- Configuration Examples for ERSPAN
- Configuration Example for an ERSPAN Source Session
- Configuration Example for an ERSPAN Destination Session
- Additional References
- Related Documents
Configuring ERSPAN
This chapter includes the following sections:
- Information About ERSPAN
- Licensing Requirements for ERSPAN
- Prerequisites for ERSPAN
- Guidelines and Limitations for ERSPAN
- Default Settings
- Configuring ERSPAN
- Configuration Examples for ERSPAN
- Additional References
Information About ERSPAN
The Cisco NX-OS system supports the Encapsulated Remote Switching Port Analyser (ERSPAN) feature onboth source and destination ports. ERSPAN transports mirrored traffic over an IP network. The traffic is encapsulated at the source router and is transferred across the network. The packet is decapsulated at the destination router and then sent to the destination interface.
ERSPAN consists of an ERSPAN source session, routable ERSPAN generic routing encapsulation (GRE)-encapsulated traffic, and an ERSPAN destination session. You separately configure ERSPAN source sessions and destination sessions on different switches.
ERSPAN Sources
ERSPAN Destinations
Destination ports receive the copied traffic from ERSPAN sources.
Destinations for an ERSPAN session include Ethernet ports or port-channel interfaces in either access or trunk mode.
A port configured as a destination port cannot also be configured as a source port.
A destination port can be configured in only one ERSPAN session at a time.
Destination ports do not participate in any spanning tree instance or any Layer 3 protocols.
Ingress and ingress learning options are not supported on monitor destination ports
HIF port channels, and fabric port channel ports are not supported as SPAN destination ports.
ERSPAN Sessions
You can create ERSPAN sessions that designate sources and destinations to monitor.
When configuring ERSPAN source sessions, you need to configure the destination IP address. When configuring ERSPAN destination sessions, you need to configure the source IP address. See ERSPAN Sources for the properties of source sessions and ERSPAN Destinations for the properties of destination sessions.
 Note | Only two ERSPAN or SPAN source sessions can run simultaneously across all switches. Only 23 ERSPAN destination sessions can run simultaneously across all switches. |
The following figure shows an ERSPAN configuration.
Multiple ERSPAN Sessions
Although you can define up to 48 ERSPAN sessions, only two ERSPAN or SPAN sessions can be running simultaneously. You can shut down an unused ERSPAN session.
For information about shutting down ERSPAN sessions, see the “Shutting Down or Activating an ERSPAN Session” section on page 17-11.
High Availability
The ERSPAN feature supports stateless and stateful restarts. After a reboot or supervisor switchover, the running configuration is applied.
Licensing Requirements for ERSPAN
The following table shows the licensing requirements for this feature:
| Product | License Requirement |
|---|---|
Cisco NX-OS |
ERSPAN requires no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide. |
Prerequisites for ERSPAN
ERSPAN has the following prerequisite:
•You must first configure the ports on each switch to support the desired ERSPAN configuration.
Guidelines and Limitations for ERSPAN
ERSPAN has the following configuration guidelines and limitations:
ERSPAN supports the following:
From 4 to 6 tunnels
Non-tunnel packets
IP-in-IP tunnels
IPv4 tunnels (limited)
ERSPAN source session type (Packets are encapsulated as GRE-tunnel packets and sent on the IP network. However, unlike other Cisco devices, the ERSPAN header is not added to the packet.)
ERSPAN destination session type (However, support for decapsulating the ERSPAN packet is not available. The entire encapsulated packet is spanned to a front panel port at the ERSPAN terminating point.)
ERSPAN packets are dropped if the encapsulated mirror packet fails Layer 2 MTU checks.
There is a 112-byte limit for egress encapsulation. Packets exceeding this limit are dropped. This scenario might be encountered when tunnels and mirroring are intermixed.
ERSPAN sessions are shared with local sessions. A maximum of 18 sessions can be configured; however only a maximum of four sessions can be operational at the same time. If both receive and transmit sources are configured in the same session, then only two sessions can be operational.
If you install NX-OS 5.0(3)U2(2), configure ERSPAN, and then downgrade to a lower version of software, the ERSPAN configuration is lost. This situation occurs because ERSPAN is not supported in versions before NX-OS 5.0(3)U2(2).
For information about a similar SPAN limitation, see Guidelines and Limitations for SPAN for SPAN.
ERSPAN and ERSPAN ACLs are not supported for packets generated by the supervisor.
ERSPAN and ERSPAN ACL sessions are terminated identically at the destination router.
ERSPAN is not supported for management ports.
A destination port can be configured in only one ERSPAN session at a time.
You cannot configure a port as both a source and destination port.
A single ERSPAN session can include mixed sources in any combination of the following:
Destination ports do not participate in any spanning tree instance or Layer 3 protocols.
When an ERSPAN session contains source ports that are monitored in the transmit or transmit and receive direction, packets that these ports receive may be replicated to the ERSPAN destination port even though the packets are not actually transmitted on the source ports. Some examples of this behavior on source ports include:
For VLAN ERSPAN sessions with both ingress and egress configured, two packets (one from ingress and one from egress) are forwarded from the destination port if the packets get switched on the same VLAN.
VLAN ERSPAN monitors only the traffic that leaves or enters Layer 2 ports in the VLAN.
When packets are mirrored and sent to the ERSPAN destination port, GRE headers are not stripped off. Packets are sent along with the GRE headers as GRE packets with the original packet as the GRE payload.
Default Settings
The following table lists the default settings for ERSPAN parameters.
Parameters |
Default |
|---|---|
ERSPAN sessions |
Created in the shut state |
Configuring ERSPAN
Configuring an ERSPAN Source Session
You can configure an ERSPAN session on the local device only. By default, ERSPAN sessions are created in the shut state.
For sources, you can specify Ethernet ports, port channels, and VLANs. A single ERSPAN session can include mixed sources in any combination of Ethernet ports or VLANs.
Note | ERSPAN does not monitor any packets that are generated by the supervisor, regardless of their source. |
1.
config t
2.
monitor erspan origin ip-address ip-address global
3.
no monitor session {session-number | all}
4.
monitor session {session-number | all} type erspan-source
5.
description description
6.
source {[interface [type slot/port[-port][, type slot/port[-port]]] [port-channel channel-number]] | [vlan {number | range}]} [rx | tx | both]
7. (Optional) Repeat Step 6 to configure all ERSPAN sources.
8.
destination ip ip-address
9.
vrf vrf-name
10.
(Optional) ip ttl ttl-number
11.
(Optional) ip dscp dscp-number
12.
no shut
13.
(Optional) show monitor session {all | session-number | range session-range}
14.
(Optional) show running-config monitor
15.
(Optional) show startup-config monitor
16.
(Optional) copy running-config startup-config
DETAILED STEPS
Configuring an ERSPAN Destination Session
You can configure an ERSPAN destination session to copy packets from a source IP address to destination ports on the local device. By default, ERSPAN destination sessions are created in the shut state.
Ensure that you have already configured the destination ports in monitor mode.
1.
config t
2.
interface ethernet slot/port[-port]
3.
switchport
4.
switchport mode [access | trunk]
5.
switchport monitor
6. Repeat Steps 2 to 5 to configure monitoring on additional ERSPAN destinations.
7.
no monitor session {session-number | all}
8.
monitor session {session-number | all} type erspan-destination
9.
description description
10.
source ip ip-address
11.
destination {[interface [type slot/port[-port][, type slot/port[-port]]] [port-channel channel-number]]}
12. (Optional) Repeat Step 11 to configure all ERSPAN destinations.
13.
no shut
14.
(Optional) show monitor session {all | session-number | range session-range}
15.
(Optional) show running-config monitor
16.
(Optional) show startup-config monitor
17.
(Optional) copy running-config startup-config
DETAILED STEPS
| Command or Action | Purpose | |||
|---|---|---|---|---|
| Step 1 | config t
Example: switch# config t switch(config)# |
Enters global configuration mode. | ||
| Step 2 |
interface ethernet slot/port[-port] Example: switch(config)# interface ethernet 2/5 switch(config-if)# |
Enters interface configuration mode on the selected slot and port or range of ports. | ||
| Step 3 | switchport Example: switch(config-if)# switchport | Configures switchport parameters for the selected slot and port or range of ports. | ||
| Step 4 | switchport mode [access | trunk] Example: switch(config-if)# switchport mode trunk | | ||
| Step 5 | switchport monitor Example: switch(config-if)# switchport monitor | Configures the switchport interface as an ERSPAN destination. | ||
| Step 6 | Repeat Steps 2 to 5 to configure monitoring on additional ERSPAN destinations. | — | ||
| Step 7 | no monitor session {session-number | all} Example: switch(config-if)# no monitor session 3 | Clears the configuration of the specified ERSPAN session. The new session configuration is added to the existing session configuration. | ||
| Step 8 | monitor session {session-number | all} type erspan-destination Example: switch(config-if)# monitor session 3 type erspan-destination switch(config-erspan-dst)# | Configures an ERSPAN destination session. | ||
| Step 9 | description description Example: switch(config-erspan-dst)# description erspan_dst_session_3 | Configures a description for the session. By default, no description is defined. The description can be up to 32 alphanumeric characters. | ||
| Step 10 | source ip ip-address Example: switch(config-erspan-dst)# source ip 10.1.1.1 | Configures the source IP address in the ERSPAN session. Only one source IP address is supported per ERSPAN destination session. | ||
| Step 11 | destination {[interface [type slot/port[-port][, type slot/port[-port]]] [port-channel channel-number]]} Example: switch(config-erspan-dst)# destination interface ethernet 2/5, ethernet 3/7 |
| ||
| Step 12 | Repeat Step 11 to configure all ERSPAN destinations. | (Optional) — | ||
| Step 13 | no shut Example: switch(config)# no shut |
| ||
| Step 14 | show monitor session {all | session-number | range session-range} Example: switch(config)# show monitor session 3 | (Optional) Displays the ERSPAN session configuration. | ||
| Step 15 | show running-config monitor Example: switch(config-erspan-src)# show running-config monitor | (Optional) Displays the running ERSPAN configuration. | ||
| Step 16 | show startup-config monitor Example: switch(config-erspan-src)# show startup-config monitor | (Optional) Displays the ERSPAN startup configuration. | ||
| Step 17 | copy running-config startup-config Example: switch(config-erspan-src)# copy running-config startup-config | (Optional) Copies the running configuration to the startup configuration. |
Shutting Down or Activating an ERSPAN Session
You can shut down ERSPAN sessions to discontinue the copying of packets from sources to destinations. Because only two ERSPAN sessions can be running simultaneously, you can shut down one session in order to free hardware resources to enable another session. By default, ERSPAN sessions are created in the shut state.
You can enable ERSPAN sessions to activate the copying of packets from sources to destinations. To enable an ERSPAN session that is already enabled but operationally down, you must first shut it down and then enable it. You can shut down and enable the ERSPAN session states with either a global or monitor configuration mode command.
1.
config t
2.
monitor session {session-range | all} shut
3.
no monitor session {session-range | all} shut
4.
monitor session session-number type erspan-source
5.
monitor session session-number type erspan-destination
6.
shut
7.
no shut
8.
(Optional) show monitor session all
9.
(Optional) show running-config monitor
10.
(Optional) show startup-config monitor
11.
(Optional) copy running-config startup-config
DETAILED STEPS
| Command or Action | Purpose | |||
|---|---|---|---|---|
| Step 1 | config t
Example: switch# config t switch(config)# |
Enters global configuration mode. | ||
| Step 2 |
monitor session {session-range | all} shut Example: switch(config)# monitor session 3 shut |
Shuts down the specified ERSPAN sessions. The session range is from 1 to 48. By default, sessions are created in the shut state. Only two sessions can be running at a time. | ||
| Step 3 | no monitor session {session-range | all} shut Example: switch(config)# no monitor session 3 shut |
| ||
| Step 4 | monitor session session-number type erspan-source Example: switch(config)# monitor session 3 type erspan-source switch(config-erspan-src)# | Enters the monitor configuration mode for the ERSPAN source type. The new session configuration is added to the existing session configuration. | ||
| Step 5 | monitor session session-number type erspan-destination Example: switch(config-erspan-src)# monitor session 3 type erspan-destination | Enters the monitor configuration mode for the ERSPAN destination type. | ||
| Step 6 | shut Example: switch(config-erspan-src)# shut | Shuts down the ERSPAN session. By default, the session is created in the shut state. | ||
| Step 7 | no shut Example: switch(config-erspan-src)# no shut |
| ||
| Step 8 | show monitor session all Example: switch(config-erspan-src)# show monitor session all | (Optional) Displays the status of ERSPAN sessions. | ||
| Step 9 | show running-config monitor Example: switch(config-erspan-src)# show running-config monitor | (Optional) Displays the running ERSPAN configuration. | ||
| Step 10 | show startup-config monitor Example: switch(config-erspan-src)# show startup-config monitor | (Optional) Displays the ERSPAN startup configuration. | ||
| Step 11 | copy running-config startup-config Example: switch(config-erspan-src)# copy running-config startup-config | (Optional) Copies the running configuration to the startup configuration. |
Verifying the ERSPAN Configuration
To display the ERSPAN configuration, perform one of the following tasks:
Command |
Purpose |
|---|---|
show monitor session {all | session-number | range session-range} |
Displays the ERSPAN session configuration. |
show running-config monitor |
Displays the running ERSPAN configuration. |
show startup-config monitor |
Displays the ERSPAN startup configuration. |
Configuration Examples for ERSPAN
Configuration Example for an ERSPAN Source Session
This example shows how to configure an ERSPAN source session:
switch# config t switch(config)# interface e14/30 switch(config-if)# no shut switch(config-if)# exit switch(config)# monitor erspan origin ip-address 3.3.3.3 global switch(config)# monitor session 1 type erspan-source switch(config-erspan-src)# source interface e14/30 switch(config-erspan-src)# ip ttl 16 switch(config-erspan-src)# ip dscp 5 switch(config-erspan-src)# vrf default switch(config-erspan-src)# destination ip 9.1.1.2 switch(config-erspan-src)# no shut switch(config-erspan-src)# exit switch(config)# show monitor session 1
Configuration Example for an ERSPAN Destination Session
This example shows how to configure an ERSPAN destination session:
switch# config t switch(config)# interface e14/29 switch(config-if)# no shut switch(config-if)# switchport switch(config-if)# switchport monitor switch(config-if)# exit switch(config)# monitor session 2 type erspan-destination switch(config-erspan-dst)# source ip 9.1.1.2 switch(config-erspan-dst)# destination interface e14/29 switch(config-erspan-dst)# no shut switch(config-erspan-dst)# exit switch(config)# show monitor session 2
Additional References
Related Documents
Related Topic |
Document Title |
|---|---|
ERSPAN commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples |
Cisco Nexus 3000 Series NX-OS System Management Command Reference |