Configuring SPAN

This chapter contains the following sections:

Information About SPAN

SPAN Sources

SPAN sources refer to the interfaces from which traffic can be monitored. The Cisco Nexus device supports Ethernet, Fibre Channel, virtual Fibre Channel, port channels, SAN port channels, VSANs and VLANs as SPAN sources. With VLANs or VSANs, all supported interfaces in the specified VLAN or VSAN are included as SPAN sources. You can choose the SPAN traffic in the ingress direction, the egress direction, or both directions for Ethernet, Fibre Channel, and virtual Fibre Channel source interfaces:

  • Ingress source (Rx)—Traffic entering the device through this source port is copied to the SPAN destination port.

  • Egress source (Tx)—Traffic exiting the device through this source port is copied to the SPAN destination port.

If the SPAN source interface sends more than 6-Gbps traffic or if traffic bursts too much, the device drops traffic on the source interface. You can use the switchport monitor rate-limit 1G command on the SPAN destination to reduce the dropping of actual traffic on the source interface; however, SPAN traffic is restricted to 1 Gbps. For additional information see Configuring the Rate Limit for SPAN Traffic


Note

The switchport monitor rate-limit 1G command is not supported on the Nexus 5500 platform.

On the Cisco Nexus 5548 device, Fibre Channel ports and VSAN ports cannot be configured as ingress source ports in a SPAN session.

Characteristics of Source Ports

A source port, also called a monitored port, is a switched interface that you monitor for network traffic analysis. The switch supports any number of ingress source ports (up to the maximum number of available ports on the switch) and any number of source VLANs or VSANs.

A source port has these characteristics:

  • Cannot be a destination port.

  • Can be configured with a direction (ingress, egress, or both) to monitor. For VLAN and VSAN sources, the monitored direction can only be ingress and applies to all physical ports in the group. The RX/TX option is not available for VLAN or VSAN SPAN sessions.

  • There is no limit to the number of egress SPAN ports, but there is upper limit of 128 source ports in the monitor session.

  • Port Channel and SAN Port Channel interfaces can be configured as ingress or egress source ports.

  • Can be in the same or different VLANs or VSANs.

  • For VLAN or VSAN SPAN sources, all active ports in the source VLAN or VSAN are included as source ports.


Note

  • If some of the FEX ports are being used by a SPAN session as source ports, the remaining FEX ports cannot be a part of a different SPAN session.

  • The maximum number of source ports per SPAN session is 128 ports.

  • The maximum number of SPAN sessions supported on the Nexus 5000 Series and Nexus 5500 Series switches is 4.

  • The maximum number of SPAN sessions supported on the Nexus 5600 Series and Nexus 6000 Series switches is 16.

SPAN Destinations

SPAN destinations refer to the interfaces that monitors source ports. The Cisco Nexus Series device supports Ethernet and Fibre Channel interfaces as SPAN destinations.

Source SPAN

Dest SPAN

Ethernet

Ethernet

Fibre Channel

Fibre Channel

Fibre Channel

Ethernet (FCoE)

Virtual Fibre Channel

Fibre Channel

Virtual Fibre Channel

Ethernet (FCoE)

Characteristics of Destination Ports

Each local SPAN session must have a destination port (also called a monitoring port) that receives a copy of traffic from the source ports, VSANs, or VLANs. A destination port has these characteristics:

  • Cannot be a source port.

  • Cannot be a port channel or SAN port channel group.

  • Does not participate in spanning tree while the SPAN session is active.

  • Is excluded from the source list and is not monitored if it belongs to a source VLAN of any SPAN session.

  • Receives copies of sent and received traffic for all monitored source ports.

  • The FEX interface cannot be a span destination.

Guidelines and Limitations for SPAN

SPAN traffic is rate-limited as follows on Nexus 5500 series switches to prevent a negative impact to production traffic:

  • SPAN is rate-limited to 5 Gbps for every 8 ports (one ASIC).

  • RX-SPAN is rate-limited to 0.71 Gbps per port when the RX-traffic on the port exceeds 5 Gbps.

Creating or Deleting a SPAN Session

You create a SPAN session by assigning a session number using the monitor session command. If the session already exists, any additional configuration information is added to the existing session.

Procedure
     Command or ActionPurpose
    Step 1switch# configure terminal  

    Enters global configuration mode.

     
    Step 2 switch(config)# monitor session session-number
     

    Enters the monitor configuration mode. New session configuration is added to the existing session configuration.

     

    The following example shows how to configure a SPAN monitor session:

    switch# configure terminal
switch(config) # monitor session 2
switch(config) #

    Configuring an Ethernet Destination Port

    You can configure an Ethernet interface as a SPAN destination port.


    Note

    The SPAN destination port can only be a physical port on the switch.

    Procedure
       Command or ActionPurpose
      Step 1switch# configure terminal  

      Enters global configuration mode.

       
      Step 2 switch(config)# interface ethernet slot/port
       

      Enters interface configuration mode for the Ethernet interface with the specified slot and port.

      Note    To enable the switchport monitor command on virtual ethernet ports, you can use the interface vethernet slot/port command.
       
      Step 3 switch(config-if)# switchport monitor
       

      Enters monitor mode for the specified Ethernet interface. Priority flow control is disabled when the port is configured as a SPAN destination.

       
      Step 4 switch(config-if)# exit
       

      Reverts to global configuration mode.

       
      Step 5 switch(config)# monitor session session-number
       

      Enters monitor configuration mode for the specified SPAN session.

       
      Step 6 switch(config-monitor)# destination interface ethernet slot/port
       

      Configures the Ethernet SPAN destination port.

      Note    To enable the virtual ethernet port as destination interface in the monitor configuration, you can use the destination interface vethernet slot/port command.
       

      The following example shows how to configure an Ethernet SPAN destination port (HIF): 

      switch# configure terminal
switch(config)# interface ethernet100/1/24
switch(config-if)# switchport monitor
switch(config-if)# exit
switch(config)# monitor session 1
switch(config-monitor)# destination interface ethernet100/1/24
switch(config-monitor)#

      The following example shows how to configure a virtual ethernet (VETH) SPAN destination port: 

      switch# configure terminal
switch(config)# interface vethernet10
switch(config-if)# switchport monitor
switch(config-if)# exit
switch(config)# monitor session 2
switch(config-monitor)# destination interface vethernet10
switch(config-monitor)#

      Configuring MTU Truncation for Each SPAN Session

      To reduce the SPAN traffic bandwidth, you can configure the maximum bytes allowed for each replicated packet in a SPAN session. This value is called the maximum transmission unit (MTU) truncation size. Any SPAN packet larger than the configured size is truncated to the configured size.


      Note

      MTU Truncation is not supported for SPAN-on-Drop sessions.

      Procedure
         Command or ActionPurpose
        Step 1switch# configure terminal  

        Enters global configuration mode.

         
        Step 2switch(config) # monitor session session-number  

        Enters monitor configuration mode and specifies the SPAN session for which the MTU truncation size is to be configured.

         
        Step 3switch(config-monitor) # [no] mtu  

        Configures the MTU truncation size for packets in the specified SPAN session. The range is from 64 to 1518 bytes.

         
        Step 4switch(config-monitor) # show monitor session session-number   (Optional)

        Displays the status of SPAN sessions, including the configuration status of MTU truncation, the maximum bytes allowed for each packet per session, and the modules on which MTU truncation is and is not supported.

         
        Step 5switch(config-monitor) # copy running-config startup-config   (Optional)

        Copies the running configuration to the startup configuration.

         

        This example shows how to configure MTU truncation for a SPAN session: 

        switch# configure terminal
switch(config) # monitor session 3
switch(config-monitor) # mtu
switch(config-monitor) # copy running-config startup-config
switch(config-monitor) #

        Configuring the Rate Limit for SPAN Traffic

        By configuring a rate limit for SPAN traffic to 1Gbps across the entire monitor session, you can avoid impacting the monitored production traffic.

        On Nexus 5000 series switches:

        • When spanning more than 1Gbps to a 1 Gb SPAN destination interface, SPAN source traffic will not drop.

        • When spanning more than 6 Gbps (but less than 10Gbps) to a 10Gb SPAN destination interface, the SPAN traffic is limited to 1Gbps even though the destination/sniffer is capable of 10Gbps.

        Procedure
           Command or ActionPurpose
          Step 1switch# configure terminal  

          Enters global configuration mode.

           
          Step 2 switch(config)# interface ethernet slot/port
           

          Enters interface configuration mode for the specified Ethernet interface selected by the slot and port values.

           
          Step 3 switch(config-if)# switchport monitor rate-limit 1G
           

          Specifies that the rate limit is 1 Gbps.

           
          Step 4 switch(config-if)# exit
           

          Reverts to global configuration mode.

           

          This example shows how to limit the bandwidth on Ethernet interface 1/2 to 1 Gbps: 

          switch(config)# interface ethernet 1/2
switch(config-if)# switchport monitor rate-limit 1G
switch(config-if)#

          Configuring Fibre Channel Destination Port


          Note

          The SPAN destination port can only be a physical port on the switch.

          You can configure a Fibre Channel port as a SPAN destination port.

          Procedure
             Command or ActionPurpose
            Step 1switch# configure terminal  

            Enters global configuration mode.

             
            Step 2 switch(config)# interface fc slot/port
             

            Enters interface configuration mode for the specified Fibre Channel interface selected by the slot and port values.

             
            Step 3 switch(config-if)# switchport mode SD
             

            Sets the interface to SPAN destination (SD) mode.

             
            Step 4 switch(config-if)# switchport speed 1000
             

            Sets the interface speed to 1000. The auto speed option is not allowed.

             
            Step 5 switch(config-if)# exit
             

            Reverts to global configuration mode.

             
            Step 6 switch(config)# monitor session session-number
             

            Enters the monitor configuration mode.

             
            Step 7 switch(config-monitor)# destination interface fc slot/port
             

            Configures the Fibre Channel destination port.

             

            The following example shows how to configure an Ethernet SPAN destination port: 

            switch# configure terminal
switch(config)# interface fc 2/4
switch(config-if)# switchport mode SD
switch(config-if)# switchport speed 1000
switch(config-if)# exit
switch(config)# monitor session 2
switch(config-monitor)# destination interface fc 2/4

            Configuring Source Ports

            Procedure
               Command or ActionPurpose
              Step 1switch# configure terminal  

              Enters global configuration mode.

               
              Step 2switch(config) # monitor session session-number  

              Enters monitor configuration mode for the specified monitoring session.

               
              Step 3 switch(config-monitor) # source interface type slot/port [rx | tx | both]
               

              Adds an Ethernet SPAN source port and specifies the traffic direction in which to duplicate packets. You can enter a range of Ethernet, Fibre Channel, or virtual Fibre Channel ports. You can specify the traffic direction to duplicate as ingress (Rx), egress (Tx), or both. By default, the direction is both.

               

              The following example shows how to configure a virtual Fibre Channel SPAN source port: 

              switch# configure terminal
switch(config)# monitor session 2
switch(config-monitor)# source interface vfc 129
switch(config-monitor)#

              Configuring Source Port Channels, VSANs, or VLANs

              You can configure the source channels for a SPAN session. These ports can be port channels SAN port channels, VSANs and VLANs. The monitored direction can be ingress, egress, or both and applies to all physical ports in the group.

              Procedure
                 Command or ActionPurpose
                Step 1switch# configure terminal  

                Enters global configuration mode.

                 
                Step 2switch(config) # monitor session session-number  

                Enters monitor configuration mode for the specified SPAN session.

                 
                Step 3 switch(config-monitor) # source {interface {port-channel | san-port-channel} channel-number [rx | tx | both] | vlan vlan-range | vsan vsan-range }
                 

                Configures port channel, SAN port channel, VLAN, or VSAN sources. For VLAN or VSAN sources, the monitored direction is implicit.

                 

                The following example shows how to configure a port channel SPAN source: 

                switch# configure terminal
switch(config)# monitor session 2
switch(config-monitor)# source interface port-channel 1 rx
switch(config-monitor)# source interface port-channel 3 tx
switch(config-monitor)# source interface port-channel 5 both
switch(config-monitor)#

                This example shows how to configure a SAN port channel SPAN source: 

                switch(config-monitor)#switch# configure terminal
switch(config)# monitor session 2
switch(config-monitor)# source interface san-port-channel 3 rx
switch(config-monitor)#

                The following example shows how to configure a VLAN SPAN source: 

                switch# configure terminal
switch(config)# monitor session 2
switch(config-monitor)# source vlan 1
switch(config-monitor)#

                switch(config-monitor)#This example shows how to configure a VSAN SPAN source: 

                switch(config-monitor)#switch# configure terminal
switch(config)# monitor session 2
switch(config-monitor)# source vsan 1
switch(config-monitor)#

                Configuring the Description of a SPAN Session

                For ease of reference, you can provide a descriptive name for a SPAN session.

                Procedure
                   Command or ActionPurpose
                  Step 1switch# configure terminal  

                  Enters global configuration mode.

                   
                  Step 2switch(config) # monitor session session-number 

                  Enters monitor configuration mode for the specified SPAN session.

                   
                  Step 3 switch(config-monitor) # description description
                   

                  Creates a descriptive name for the SPAN session.

                   

                  The following example shows how to configure a SPAN session description: 

                  switch# configure terminal
switch(config) # monitor session 2
switch(config-monitor) # description monitoring ports eth2/2-eth2/4
switch(config-monitor) #

                  Activating a SPAN Session

                  The default is to keep the session state shut. You can open a session that duplicates packets from sources to destinations.

                  Procedure
                     Command or ActionPurpose
                    Step 1switch# configure terminal  

                    Enters global configuration mode.

                     
                    Step 2 switch(config) # no monitor session {all | session-number} shut
                     

                    Opens the specified SPAN session or all sessions.

                     

                    The following example shows how to activate a SPAN session: 

                    switch# configure terminal
switch(config) # no monitor session 3 shut

                    Suspending a SPAN Session

                    By default, the session state is shut.


                    Note

                    The Cisco Nexus switch supports two active SPAN sessions. The Cisco Nexus 5548 Switch supports four active SPAN sessions. When you configure more than two SPAN sessions, the first two sessions are active. During startup, the order of active sessions is reversed; the last two sessions are active. For example, if you configured ten sessions 1 to 10 where 1 and 2 are active, after a reboot, sessions 9 and 10 will be active. To enable deterministic behavior, explicitly suspend the sessions 3 to 10 with the monitor session session-number shut command.

                    Procedure
                       Command or ActionPurpose
                      Step 1switch# configure terminal  

                      Enters global configuration mode.

                       
                      Step 2 switch(config) # monitor session {all | session-number} shut
                       

                      Suspends the specified SPAN session or all sessions.

                       

                      The following example shows how to suspend a SPAN session: 

                      switch# configure terminal
switch(config) # monitor session 3 shut
switch(config) #

                      Troubleshooting SPAN session issues

                      If a SPAN session is down, do the following:

                      • Check if one of the destination port is operational by performing the following:

                        • Use the show running interface interface command and check if the switchport monitor is configured.

                        • Use the show interface interface command and check if the destination interface shows the status as "admin up".

                      • Use the show interface interface command to check if one of the source port is operational and if the source interface shows the status as "admin up".

                      Troubleshooting SPAN session with large number of source ports issues

                      Table 1 Troubleshooting SPAN session with large number of source ports

                      Problem Description

                      Solution

                      Recommendation

                      When a SPAN session is configured with maximum supported range of 128 source ports at one go, the configuration session may encounter "Service not responding" message.

                      Remove the ports and configure them in smaller ranges (example, 1 to 48) and then use the shutdown and no shutdown command on the session.

                      Configure the individual ports in small ranges (example, 1 to 48).

                      After using the shutdown and then no shutdown on a range of SPAN session configured with maximum of ports (example, 128), some sessions do not come up.

                      Remove some ports from the specific SPAN session. Add the removed ports back to the same SPAN session and then use the no shutdown command.

                      Use the shutdown command on each port.

                      After creating a SPAN session with 128 source ports, the no shutdown command displays a "Service not responding" message.

                      Use the no shutdown command repeatedly to bring up the SPAN session.

                      Displaying SPAN Information

                      Procedure
                         Command or ActionPurpose
                        Step 1 switch# show monitor [session {all | session-number | range session-range} [brief]]
                         

                        Displays the SPAN configuration.

                         

                        The following example shows how to display SPAN session information: 

                        switch# show monitor
SESSION  STATE        REASON                  DESCRIPTION
-------  -----------  ----------------------  --------------------------------
2        up           The session is up
3        down         Session suspended
4        down         No hardware resource

                        The following example shows how to display SPAN session details: 

                        switch# show monitor session 2
   session 2
---------------
type              : local
state             : up
acl-name	   			   : acl1
source intf       :

source VLANs      :
    rx            :
source VSANs      :
    rx            : 1
destination ports : Eth3/1