- Preface
- New and Changed Information
- Overview
-
- Configuring Ethernet Interfaces
- Configuring VLANs
- Configuring Private VLANs
- Configuring Access and Trunk Interfaces
- Configuring EtherChannels
- Configuring Virtual Port Channels
- Configuring Rapid PVST+
- Configuring Multiple Spanning Tree
- Configuring STP Extensions
- Configuring the MAC Address Table
- Configuring IGMP Snooping
- Configuring Traffic Storm Control
-
- Configuring Fibre Channel Interfaces
- Configuring Domain Parameters
- Configuring N Port Virtualization
- Configuring VSAN Trunking
- Configuring SAN Port Channel
- Configuring and Managing VSANs
- Configuring and Managing Zones
- Distributing Device Alias Services
- Configuring Fibre Channel Routing Services and Protocols
- Managing FLOGI, Name Server, FDMI, and RSCN Databases
- Discovering SCSI Targets
- Advanced Fibre Channel Features and Concepts
- Configuring FC-SP and DHCHAP
- Configuring Port Security
- Configuring Fabric Binding
- Configuring Fabric Configuration Servers
- Configuring Port Tracking
- Configuration Limits
- Index
Contents
- Configuring SPAN
- Configuring SPAN
- SPAN Sources
- Characteristics of Source Ports
- SPAN Destinations
- Characteristics of Destination Ports
- Configuring SPAN
- Creating and Deleting a SPAN Session
- Configuring the Destination Port
- Configuring an Ethernet Destination Port
- Configuring Fibre Channel Destination Port
- Configuring Source Ports
- Configuring Source Port Channels, VLANs, or VSANs
- Configuring the Description of a SPAN Session
- Activating a SPAN Session
- Suspending a SPAN Session
- Displaying SPAN Information
Configuring SPAN
This chapter contains the following sections:
Configuring SPAN
The Switched Port Analyzer (SPAN) feature (sometimes called port mirroring or port monitoring) selects network traffic for analysis by a network analyzer. The network analyzer can be a Cisco SwitchProbe, a Fibre Channel Analyzer, or other Remote Monitoring (RMON) probes.
SPAN Sources
SPAN sources refer to the interfaces from which traffic can be monitored. The Cisco Nexus 5000 Series switch supports Ethernet, Fibre Channel, virtual Fibre Channel, port channels, SAN port channels, VLANs, and VSANs as SPAN sources. With VLANs or VSANs, all supported interfaces in the specified VLAN or VSAN are included as SPAN sources. You can choose the SPAN traffic in the ingress direction, the egress direction, or both directions for Ethernet, Fibre Channel, and virtual Fibre Channel source interfaces:
Characteristics of Source Ports
A source port, also called a monitored port, is a switched interface that you monitor for network traffic analysis. The switch supports any number of ingress source ports (up to the maximum number of available ports on the switch) and any number of source VLANs or VSANs.
A source port has these characteristics:
-
Can be of any port type: Ethernet, Fibre Channel, virtual Fibre Channel, port channel, SAN port channel, VLAN, and VSAN.
-
Cannot be monitored in multiple SPAN sessions.
-
Cannot be a destination port.
-
Each source port can be configured with a direction (ingress, egress, or both) to monitor. For VLAN and VSAN sources, the monitored direction can only be ingress and applies to all physical ports in the group. The RX/TX option is not available for VLAN or VSAN SPAN sessions.
Beginning with Cisco NX-OS Release 5.0(2)N1(1), Port Channel and SAN Port Channel interfaces can be configured as ingress or egress source ports.
-
Source ports can be in the same or different VLANs or VSANs.
-
For VLAN or VSAN SPAN sources, all active ports in the source VLAN or VSAN are included as source ports.
-
For Cisco NX-OS Release 4.2(1)N2(1) and earlier, the Cisco Nexus 5010 Switch and the Cisco Nexus 5020 Switch supports a maximum of two egress SPAN source ports.
SPAN Destinations
SPAN destinations refer to the interfaces that monitors source ports. The Cisco Nexus 5000 Series switch supports Ethernet and Fibre Channel interfaces as SPAN destinations.
|
Source SPAN |
Dest SPAN |
|---|---|
|
Ethernet |
Ethernet |
|
Fibre Channel |
Fibre Channel |
|
Fibre Channel |
Ethernet (FCoE) |
|
Virtual Fibre Channel |
Fibre Channel |
|
Virtual Fibre Channel |
Ethernet (FCoE) |
Characteristics of Destination Ports
Each local SPAN session must have a destination port (also called a monitoring port) that receives a copy of traffic from the source ports, VLANs, or VSANs. A destination port has these characteristics:
-
Can be any physical port, Ethernet, Ethernet (FCoE), or Fibre Channel, and virtual Fibre Channel ports cannot be destination ports.
-
Cannot be a source port.
-
Cannot be a port channel or SAN port channel group.
-
Does not participate in spanning tree while the SPAN session is active.
-
Is excluded from the source list and is not monitored if it belongs to a source VLAN of any SPAN session.
-
Receives copies of sent and received traffic for all monitored source ports. If a destination port is oversubscribed, it can become congested. This congestion can affect traffic forwarding on one or more of the source ports.
Configuring SPAN
Creating and Deleting a SPAN Session
You create a SPAN session by assigning a session number using the monitor command. If the session already exists, any additional configuration is added to that session.
1.
switch#
configure terminal
2.
switch(config)#
monitor session
session-number
DETAILED STEPS
| Command or Action | Purpose |
|---|
Configuring the Destination Port
Configuring an Ethernet Destination Port
 Note | The SPAN destination port can only be a physical port on the switch. |
You can configure an Ethernet interface as a SPAN destination port.
1.
switch#
configure terminal
2.
switch(config)#
interface ethernet
slot/port
3.
switch(config-if)#
switchport monitor
4.
switch(config-if)#
exit
5.
switch(config)#
monitor session
session-number
6.
switch(config-monitor)#
destination interface ethernet
slot/port
DETAILED STEPS
The following example shows configuring an Ethernet SPAN destination port:
switch# configure terminal
switch(config)# interface ethernet 1/3
switch(config-if)# switchport monitor
switch(config-if)# exit
switch(config)# monitor session 2
switch(config-monitor)# destination interface ethernet 1/3
Configuring Fibre Channel Destination Port
Note | The SPAN destination port can only be a physical port on the switch. |
You can configure a Fibre Channel port as a SPAN destination port.
1.
switch#
configure terminal
2.
switch(config)#
interface fc
slot/port
3.
switch(config-if)#
switchport mode SD
4.
switch(config-if)#
switchport speed 1000
5.
switch(config-if)#
exit
6.
switch(config)#
monitor session
session-number
7.
switch(config-monitor)#
destination interface fc
slot/port
DETAILED STEPS
The following example shows configuring an Ethernet SPAN destination port:
switch# configure terminal
switch(config)# interface fc 2/4
switch(config-if)# switchport mode SD
switch(config-if)# switchport speed 1000
switch(config-if)# exit
switch(config)# monitor session 2
switch(config-monitor)# destination interface fc 2/4
Configuring Source Ports
You can configure the source ports for a SPAN session. The source ports can be Ethernet, Fibre Channel, or virtual Fibre Channel ports.
1.
switch(config-monitor)#
source interface
type
slot/port [rx |
tx |
both]
DETAILED STEPS
The following example shows configuring an Ethernet SPAN source port:
switch# configure terminal
switch(config)# monitor session 2
switch(config-monitor)# source interface ethernet 1/16
The following example shows configuring a Fibre Channel SPAN source port:
switch(config-monitor)# source interface fc 2/1
The following example shows configuring a virtual Fibre Channel SPAN source port:
switch(config-monitor)# source interface vfc 129
Configuring Source Port Channels, VLANs, or VSANs
You can configure the source channels for a SPAN session. These ports can be port channels, SAN port channels, VLANs, and VSANs. The monitored direction can only be ingress and applies to all physical ports in the group.
Note | The Cisco Nexus 5000 Series switch supports two active SPAN sessions. When you configure more than two SPAN sessions, the first two sessions are active. During startup, the order of active sessions is reversed; the last two sessions are active. For example, if you configured ten sessions 1 to 10 where 1 and 2 are active, after a reboot, sessions 9 and 10 will be active. To enable deterministic behavior, explicitly suspend the sessions 3 to 10 with the monitor session session-number shut command. See Suspending a SPAN Session.. |
1.
switch(config-monitor)#
source {interface {port-channel |
san-port-channel}
channel-number
rx |
vlan
vlan-range |
vsan
vsan-range }
DETAILED STEPS
| Command or Action | Purpose |
|---|
The following example shows configuring a port channel SPAN source:
switch# configure terminal
switch(config)# monitor session 2
switch(config-monitor)# source interface port-channel 1 rx
The following example shows configuring a SAN port channel SPAN source:
switch(config-monitor)# source interface san-port-channel 3 rx
The following example shows configuring a VLAN SPAN source:
switch(config-monitor)# source vlan 1
The following example shows configuring a VSAN SPAN source:
switch(config-monitor)# source vsan 1
Configuring the Description of a SPAN Session
You can provide a descriptive name of the SPAN session for ease of reference.
1.
switch(config-monitor)#
description
description
DETAILED STEPS
| Command or Action | Purpose |
|---|
The following example shows configuring a description of a SPAN session:
switch# configure terminal
switch(config)# monitor session 2
switch(config-monitor)# description monitoring ports fc2/2-fc2/4
Activating a SPAN Session
The default is to keep the session state shut. You can open a session that duplicates packets from sources to destinations.
1.
switch(config)#
no monitor session {all |
session-number}
shut
DETAILED STEPS
| Command or Action | Purpose |
|---|
The following example shows activating a SPAN session:
switch(config)# no monitor session 3 shut
Suspending a SPAN Session
The default is to keep the session state shut. You can suspend a SPAN session.
1.
switch(config)#
monitor session {all |
session-number}
shut
DETAILED STEPS
| Command or Action | Purpose |
|---|
The following example shows suspending a SPAN session:
switch(config)# monitor session 3 shut
Note | The Cisco Nexus 5000 Series switch supports two active SPAN sessions. When you configure more than two SPAN sessions, the first two sessions are active. During startup, the order of active sessions is reversed; the last two sessions are active. For example, if you configured ten sessions 1 to 10 where 1 and 2 are active, after a reboot, sessions 9 and 10 will be active. To enable deterministic behavior, explicitly suspend the sessions 3 to 10 with the monitor session session-number shut command. |
Displaying SPAN Information
To display SPAN information, perform this task:
1.
switch# show monitor [session {all | session-number | range
session-range} [brief]]
DETAILED STEPS
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch# show monitor [session {all | session-number | range
session-range} [brief]]
|
Displays the SPAN configuration. |
This example shows how to display SPAN session information:
switch# show monitor
SESSION STATE REASON DESCRIPTION
------- ----------- ---------------------- --------------------------------
2 up The session is up
3 down Session suspended
4 down No hardware resource
This example shows how to display SPAN session details:
switch# show monitor session 2
session 2
---------------
type : local
state : up
source intf :
rx : fc3/1
tx : fc3/1
both : fc3/1
source VLANs :
rx :
source VSANs :
rx : 1
destination ports : Eth3/1