Configuring ERSPAN

This chapter describes how to configure an encapsulated remote switched port analyzer (ERSPAN) to transport mirrored traffic in an IP network on Cisco NX-OS devices.

This chapter includes the following sections:

Information About ERSPAN

ERSPAN transports mirrored traffic over an IP network. The traffic is encapsulated at the source router and is transferred across the network. The packet is decapsulated at the destination router and then sent to the destination interface.

ERSPAN consists of an ERSPAN source session, routable ERSPAN generic routing encapsulation (GRE)-encapsulated traffic, and an ERSPAN destination session. You separately configure ERSPAN source sessions and destination sessions on different switches.

This section includes the following topics:

ERSPAN Sources

The interfaces from which traffic can be monitored are called ERSPAN sources. Sources designate the traffic to monitor and whether to copy ingress, egress, or both directions of traffic. ERSPAN sources include the following:

  • Ethernet ports and port channels
  • The inband interface to the control plane CPU—You can monitor the inband interface only from the default VDC. Inband traffic from all VDCs is monitored.
  • VLANs—When a VLAN is specified as an ERSPAN source, all supported interfaces in the VLAN are ERSPAN sources.
  • Fabric port channels connected to the Cisco Nexus 2000 Series Fabric Extender
  • Satellite ports and host interface port channels on the Cisco Nexus 2000 Series Fabric Extender—
    These interfaces are supported in Layer 2 access mode, Layer 2 trunk mode, and Layer 3 mode.

Note Layer 3 subinterfaces are not supported.

Note A single ERSPAN session can include mixed sources in any combination of the above.

ERSPAN source ports have the following characteristics:

  • A port configured as a source port cannot also be configured as a destination port.
  • ERSPAN does not monitor any packets that are generated by the supervisor, regardless of their source.

ERSPAN Destinations

Destination ports receive the copied traffic from ERSPAN sources.

ERSPAN destination ports have the following characteristics:

  • Destinations for an ERSPAN session include Ethernet ports or port-channel interfaces in either access or trunk mode.
  • A port configured as a destination port cannot also be configured as a source port.
  • A destination port can be configured in only one ERSPAN session at a time.
  • Destination ports do not participate in any spanning tree instance or any Layer 3 protocols.
  • Ingress and ingress learning options are not supported on monitor destination ports.
  • F1 Series module core ports, Fabric Extender HIF ports, HIF port channels, and Fabric PO ports are not supported as SPAN destination ports.

ERSPAN Sessions

You can create ERSPAN sessions that designate sources and destinations to monitor.

Note Only two ERSPAN or SPAN source sessions can run simultaneously across all VDCs. Only 23 ERSPAN destination sessions can run simultaneously across all VDCs.

Figure 19-1 shows an ERSPAN configuration.

Figure 19-1 ERSPAN Configuration

.

Multiple ERSPAN Sessions

Although you can define up to 48 ERSPAN sessions, only two ERSPAN or SPAN sessions can be running simultaneously. You can shut down an unused ERSPAN session.

For information about shutting down ERSPAN sessions, see the “Shutting Down or Activating an ERSPAN Session” section.

High Availability

The ERSPAN feature supports stateless and stateful restarts. After a reboot or supervisor switchover, the running configuration is applied.

For more information on high availability, see the Cisco Nexus 7000 Series NX-OS High Availability and Redundancy Guide, Release 5.x.

Virtualization Support

A virtual device context (VDC) is a logical representation of a set of system resources. ERSPAN applies only to the VDC where the commands are entered.

Note You can monitor the inband interface only from the default VDC. Inband traffic from all VDCs is monitored.

For information about configuring VDCs, see the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide, Release 5.x.

Licensing Requirements for ERSPAN

The following table shows the licensing requirements for this feature:

 

Product
License Requirement

Cisco NX-OS

ERSPAN requires no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.

Prerequisites for ERSPAN

ERSPAN has the following prerequisite:

  • You must first configure the ports on each device to support the desired ERSPAN configuration. For more information, see the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release 5.x.

Guidelines and Limitations

ERSPAN has the following configuration guidelines and limitations:

  • For ERSPAN session limits, see the Cisco Nexus 7000 Series NX-OS Verified Scalability Guide.
  • All ERSPAN replication is performed in the hardware. The supervisor CPU is not involved.
  • ERSPAN and ERSPAN ACLs are not supported on F1 Series modules.
  • The encapsulation or decapsulation of generic routing encapsulation (GRE) or ERSPAN packets received on an F1 Series module is not supported.
  • ERSPAN and ERSPAN ACLs are not supported for packets generated by the supervisor.
  • ERSPAN and ERSPAN ACL sessions are terminated identically at the destination router.
  • ERSPAN is not supported for management ports.
  • A destination port can be configured in only one ERSPAN session at a time.
  • You cannot configure a port as both a source and destination port.
  • A single ERSPAN session can include mixed sources in any combination of the following:

Ethernet ports or port channels but not subinterfaces

VLANs or port channels, which can be assigned to port channel subinterfaces

The inband interface or port channels to the control plane CPU

Note ERSPAN does not monitor any packets that are generated by the supervisor, regardless of their source.

  • Destination ports do not participate in any spanning tree instance or Layer 3 protocols.
  • When an ERSPAN session contains source ports that are monitored in the transmit or transmit and receive direction, packets that these ports receive may be replicated to the ERSPAN destination port even though the packets are not actually transmitted on the source ports. Some examples of this behavior on source ports include:

Traffic that results from flooding

Broadcast and multicast traffic

  • For VLAN ERSPAN sessions with both ingress and egress configured, two packets (one from ingress and one from egress) are forwarded from the destination port if the packets get switched on the same VLAN.
  • VLAN ERSPAN monitors only the traffic that leaves or enters Layer 2 ports in the VLAN.
  • You can monitor the inband interface only from the default VDC. Inband traffic from all VDCs is monitored.
  • Beginning with Cisco NX-OS Release 5.2, the Cisco Nexus 2000 Series Fabric Extender interfaces and the fabric port channels connected to the Cisco Nexus 2000 Series Fabric Extender can be configured as ERSPAN sources. However, they cannot be configured as ERSPAN destinations.

Note ERSPAN on Fabric Extender interfaces and fabric port channels is supported on the 32-port, 10-Gigabit M1 and M1 XL modules (N7K-M132XP-12 and N7K-M132XP-12L). ERSPAN runs on the Cisco Nexus 7000 Series device, not on the Fabric Extender.

  • ERSPAN is supported on Fabric Extender interfaces in Layer 2 access mode, Layer 2 trunk mode, and Layer 3 mode. Layer 3 subinterfaces are not supported.
  • Multicast best effort mode applies only to M1 Series modules.
  • If ERSPAN is enabled on a vPC and ERSPAN packets need to be routed to the destination through the vPC, packets coming through the vPC peer-link cannot be captured.
  • ERSPAN ACLs are not supported for use with OTV.

Default Settings

Table 19-1 lists the default settings for ERSPAN parameters.

 

Table 19-1 Default ERSPAN Parameters

Parameters
Default

ERSPAN sessions

Created in the shut state

Multicast best effort mode

Disabled

Configuring ERSPAN

This section includes the following topics:

Configuring an ERSPAN Source Session

You can configure an ERSPAN session on the local device only. By default, ERSPAN sessions are created in the shut state.

For sources, you can specify Ethernet ports, port channels, the supervisor inband interface, and VLANs. A single ERSPAN session can include mixed sources in any combination of Ethernet ports, VLANs, or the inband interface to the control plane CPU.

Note ERSPAN does not monitor any packets that are generated by the supervisor, regardless of their source.

BEFORE YOU BEGIN

Ensure that you are in the correct VDC. To switch VDCs, use the switchto vdc command. For more information, see the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide, Release 5.x.

SUMMARY STEPS

1. config t

2. monitor erspan origin ip-address ip-address global

3. no monitor session { session-number | all }

4. monitor session { session-number | all } type erspan-source

5. description description

6. source {[ interface [ type slot / port [- port ][, type slot / port [- port ]]] [ port-channel channel-number ] | [ vlan { number | range }]} [ rx | tx | both ]

7. (Optional) Repeat Step 6 to configure all ERSPAN sources.

8. (Optional) filter vlan { number | range }

9. (Optional) Repeat Step 8 to configure all source VLANs to filter.

10. (Optional) filter access-group acl-filter

11. destination ip ip-address

12. erspan-id erspan-id

13. vrf vrf-name

14. (Optional) ip ttl ttl-number

15. (Optional) ip dscp dscp-number

16. no shut

17. (Optional) show monitor session { all | session-number | range session-range }

18. (Optional) show running-config monitor

19. (Optional) show startup-config monitor

20. (Optional) copy running-config startup-config

DETAILED STEPS

 

Command
Purpose

Step 1

config t

 

Example:

switch# config t

switch(config)#

Enters global configuration mode.

Step 2

monitor erspan origin ip-address ip-address global

 

Example:

switch(config)# monitor erspan origin ip-address 10.0.0.1 global

Configures the ERSPAN global origin IP address.

Note The global origin IP address can be configured only in the default VDC. The value that is configured in the default VDC is valid across all VDCs. Any change made in the default VDC is applied across all nondefault VDCs.

Step 3

no monitor session { session-number | all }

 

Example:

switch(config)# no monitor session 3

Clears the configuration of the specified ERSPAN session. The new session configuration is added to the existing session configuration.

Step 4

monitor session { session-number | all } type erspan-source

 

Example:

switch(config)# monitor session 3 type erspan-source

switch(config-erspan-src)#

Configures an ERSPAN source session.

Step 5

description description

 

Example:

switch(config-erspan-src)# description erspan_src_session_3

Configures a description for the session. By default, no description is defined. The description can be up to 32 alphanumeric characters.

Step 6

source {[ interface [ type slot / port [- port ][, type slot / port [- port ]]] [ port-channel channel-number]] | [vlan { number | range }]} [ rx | tx | both ]

 

Example 1:

switch(config-erspan-src)# source interface ethernet 2/1-3, ethernet 3/1 rx

 

Example 2:

switch(config-erspan-src)# source interface port-channel 2

 

Example 3:

switch(config-erspan-src)# source interface sup-eth 0 both

 

Example 4:

switch(config-erspan-src)# source vlan 3, 6-8 tx

 

Example 5:

switch(config-monitor)# source interface ethernet 101/1/1-3

Configures the sources and traffic direction in which to copy packets. You can enter a range of Ethernet ports, a port channel, an inband interface, a range of VLANs, a Cisco Nexus 2000 Series Fabric Extender interface, or a fabric port channel connected to a Cisco Nexus 2000 Series Fabric Extender.

You can configure one or more sources, as either a series of comma-separated entries or a range of numbers. You can specify up to 128 interfaces. For information on the VLAN range, see the Cisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration Guide, Release 5.x.

You can specify the traffic direction to copy as ingress, egress, or both. The default direction is both.

Note You can monitor the inband interface only from the default VDC. The inband traffic from all VDCs is monitored.

Step 7

(Optional) Repeat Step 6 to configure all ERSPAN sources.

Step 8

filter vlan { number | range }

 

Example:

switch(config-erspan-src)# filter vlan 3-5, 7

(Optional) Configures which VLANs to select from the configured sources. You can configure one or more VLANs, as either a series of comma-separated entries or a range of numbers. For information on the VLAN range, see the Cisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration Guide, Release 5.x.

Step 9

(Optional) Repeat Step 8 to configure all source VLANs to filter.

Step 10

filter access-group acl-filter

 

Example:

switch(config-erspan-src)# filter access-group ACL1

(Optional) Associates an ACL with the ERSPAN session.

Note You can create an ACL using the standard ACL configuration process. For more information, see the Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release 5.x.

Step 11

destination ip ip-address

 

Example:

switch(config-erspan-src)# destination ip 10.1.1.1

Configures the destination IP address in the ERSPAN session. Only one destination IP address is supported per ERSPAN source session.

Note The Cisco Nexus 2000 Series Fabric Extender interfaces and the fabric port channels connected to the Cisco Nexus 2000 Series Fabric Extender cannot be configured as SPAN destinations.

Step 12

erspan-id erspan-id

 

Example:

switch(config-erspan-src)# erspan-id 5

Configures the ERSPAN ID for the ERSPAN session. The ERSPAN range is from 1 to 1023.

Step 13

vrf vrf-name

 

Example:

switch(config-erspan-src)# vrf default

 

Configures the VRF that the ERSPAN source session uses for traffic forwarding.

Step 14

ip ttl ttl-number

 

Example:

switch(config-erspan-src)# ip ttl 25

(Optional) Configures the IP time-to-live (TTL) value for the ERSPAN traffic. The range is from 1 to 255.

Step 15

ip dscp dscp-number

 

Example:

switch(config-erspan-src)# ip dscp 42

(Optional) Configures the differentiated services code point (DSCP) value of the packets in the ERSPAN traffic. The range is from 0 to 63.

Step 16

no shut

 

Example:

switch(config-erspan-src)# no shut

Enables the ERSPAN source session. By default, the session is created in the shut state.

Note Only two ERSPAN source sessions can be running simultaneously.

Step 17

show monitor session { all | session-number | range session-range }

 

Example:

switch(config-erspan-src)# show monitor session 3

(Optional) Displays the ERSPAN session configuration.

Step 18

show running-config monitor

 

Example:

switch(config-erspan-src)# show running-config monitor

(Optional) Displays the running ERSPAN configuration.

Step 19

show startup-config monitor

 

Example:

switch(config-erspan-src)# show startup-config monitor

(Optional) Displays the ERSPAN startup configuration.

Step 20

copy running-config startup-config

 

Example:

switch(config-erspan-src)# copy running-config startup-config

(Optional) Copies the running configuration to the startup configuration.

Configuring an ERSPAN Destination Session

You can configure an ERSPAN destination session to copy packets from a source IP address to destination ports on the local device. By default, ERSPAN destination sessions are created in the shut state.

BEFORE YOU BEGIN

Ensure that you are in the correct VDC (or use the switchto vdc command).

Ensure that you have already configured the destination ports in monitor mode. For more information, see the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release 5.x.

SUMMARY STEPS

1. config t

2. interface ethernet slot / port [- port ]

3. switchport

4. switchport mode [access | trunk]

5. switchport monitor

6. (Optional) Repeat Steps 2 to 5 to configure monitoring on additional ERSPAN destinations.

7. no monitor session { session-number | all }

8. monitor session { session-number | all } type erspan-destination

9. description description

10. source ip ip-address

11. destination {[ interface [ type slot / port [- port ][, type slot / port [- port ]]] | [ port-channel channel-number] ]}

12. (Optional) Repeat Step 11 to configure all ERSPAN destination ports.

13. erspan-id erspan-id

14. vrf vrf-name

15. no shut

16. (Optional) show monitor session { all | session-number | range session-range }

17. (Optional) show running-config monitor

18. (Optional) show startup-config monitor

19. (Optional) copy running-config startup-config

DETAILED STEPS

 

Command
Purpose

Step 1

config t

 

Example:

switch# config t

switch(config)#

Enters global configuration mode.

Step 2

interface ethernet slot / port [- port ]

 

Example:

switch(config)# interface ethernet 2/5

switch(config-if)#

Enters interface configuration mode on the selected slot and port or range of ports.

Step 3

switchport

 

Example:

switch(config-if)# switchport

Configures switchport parameters for the selected slot and port or range of ports.

Step 4

switchport mode [access | trunk]

 

Example:

switch(config-if)# switchport mode trunk

Configures the following switchport modes for the selected slot and port or range of ports:

  • access
  • trunk

Step 5

switchport monitor

 

Example:

switch(config-if)# switchport monitor

Configures the switchport interface as an ERSPAN destination.

Step 6

(Optional) Repeat Steps 2 to 5 to configure monitoring on additional ERSPAN destinations.

Step 7

no monitor session { session-number | all }

 

Example:

switch(config-if)# no monitor session 3

Clears the configuration of the specified ERSPAN session. The new session configuration is added to the existing session configuration.

Step 8

monitor session { session-number | all } type erspan-destination

 

Example:

switch(config-if)# monitor session 3 type erspan-destination

switch(config-erspan-dst)#

Configures an ERSPAN destination session.

Step 9

description description

 

Example:

switch(config-erspan-dst)# description erspan_dst_session_3

Configures a description for the session. By default, no description is defined. The description can be up to 32 alphanumeric characters.

Step 10

source ip ip-address

 

Example:

switch(config-erspan-dst)# source ip 10.1.1.1

Configures the source IP address in the ERSPAN session. Only one source IP address is supported per ERSPAN destination session.

Step 11

destination {[ interface [ type slot / port [- port ][, type slot / port [- port ]]] [ port-channel channel-number]]}

 

Example:

switch(config-erspan-dst)# destination interface ethernet 2/5, ethernet 3/7

Configures a destination for copied source packets. You can configure one or more interfaces as a series of comma-separated entries.

Note You can configure destination ports as trunk ports. For more information, see the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release 5.x.

Step 12

(Optional) Repeat Step 11 to configure all ERSPAN destinations.

Step 13

erspan-id erspan-id

 

Example:

switch(config-erspan-dst)# erspan-id 5

Configures the ERSPAN ID for the ERSPAN session. The range is from 1 to 1023.

Step 14

vrf vrf-name

 

Example:

switch(config-erspan-dst)# vrf default

Configures the VRF that the ERSPAN destination session uses for traffic forwarding.

Step 15

no shut

 

Example:

switch(config)# no shut

Enables the ERSPAN destination session. By default, the session is created in the shut state.

Note Only 23 ERSPAN destination sessions across VDCs can be running simultaneously.

Step 16

show monitor session { all | session-number | range session-range }

 

Example:

switch(config)# show monitor session 3

(Optional) Displays the ERSPAN session configuration.

Step 17

show running-config monitor

 

Example:

switch(config)# show running-config monitor

(Optional) Displays the running ERSPAN configuration.

Step 18

show startup-config monitor

 

Example:

switch(config)# show startup-config monitor

(Optional) Displays the ERSPAN startup configuration.

Step 19

copy running-config startup-config

 

Example:

switch(config)# copy running-config startup-config

(Optional) Copies the running configuration to the startup configuration.

Shutting Down or Activating an ERSPAN Session

You can shut down ERSPAN sessions to discontinue the copying of packets from sources to destinations. Because only two ERSPAN sessions can be running simultaneously, you can shut down one session in order to free hardware resources to enable another session. By default, ERSPAN sessions are created in the shut state.

You can enable ERSPAN sessions to activate the copying of packets from sources to destinations. To enable an ERSPAN session that is already enabled but operationally down, you must first shut it down and then enable it. You can shut down and enable the ERSPAN session states with either a global or monitor configuration mode command.

BEFORE YOU BEGIN

Ensure that you are in the correct VDC (or use the switchto vdc command).

SUMMARY STEPS

1. config t

2. monitor session { session-range | all } shut

3. no monitor session { session-range | all } shut

4. monitor session session-number type erspan-source

5. monitor session session-number type erspan-destination

6. shut

7. no shut

8. (Optional) show monitor session all

9. (Optional) show running-config monitor

10. (Optional) show startup-config monitor

11. (Optional) copy running-config startup-config

DETAILED STEPS

 

Command
Purpose

Step 1

config t

 

Example:

switch# config t

switch(config)#

Enters global configuration mode.

Step 2

monitor session { session-range | all } shut

 

Example:

switch(config)# monitor session 3 shut

Shuts down the specified ERSPAN sessions. The session range is from 1 to 48. By default, sessions are created in the shut state. Only two sessions can be running at a time.

Step 3

no monitor session { session-range | all } shut

 

Example:

switch(config)# no monitor session 3 shut

Resumes (enables) the specified ERSPAN sessions. The session range is from 1 to 48. By default, sessions are created in the shut state. Only two sessions can be running at a time.

Note If a monitor session is enabled but its operational status is down, then to enable the session, you must first specify the monitor session shut command followed by the no monitor session shut command.

Step 4

monitor session session-number type erspan-source

 

Example:

switch(config)# monitor session 3 type erspan-source

switch(config-erspan-src)#

Enters the monitor configuration mode for the ERSPAN source type. The new session configuration is added to the existing session configuration.

Step 5

monitor session session-number type erspan-destination

 

Example:

switch(config-erspan-src)# monitor session 3 type erspan-destination

Enters the monitor configuration mode for the ERSPAN destination type.

Step 6

shut

 

Example:

switch(config-erspan-src)# shut

Shuts down the ERSPAN session. By default, the session is created in the shut state.

Step 7

no shut

 

Example:

switch(config-erspan-src)# no shut

Enables the ERSPAN session. By default, the session is created in the shut state.

Note Only two ERSPAN sessions can be running simultaneously.

Step 8

show monitor session all

 

Example:

switch(config-erspan-src)# show monitor session all

(Optional) Displays the status of ERSPAN sessions.

Step 9

show running-config monitor

 

Example:

switch(config-erspan-src)# show running-config monitor

(Optional) Displays the ERSPAN running configuration.

Step 10

show startup-config monitor

 

Example:

switch(config-erspan-src)# show startup-config monitor

(Optional) Displays the ERSPAN startup configuration.

Step 11

copy running-config startup-config

 

Example:

switch(config-erspan-src)# copy running-config startup-config

(Optional) Copies the running configuration to the startup configuration.

Configuring the Multicast Best Effort Mode for an ERSPAN Session

You can configure the multicast best effort mode for any ERSPAN session. By default, ERSPAN replication occurs on both the ingress and egress line card. When you enable the multicast best effort mode, ERSPAN replication occurs only on the ingress line card for multicast traffic or on the egress line card for packets egressing out of Layer 3 interfaces (that is, on the egress line card, packets egressing out of Layer 2 interfaces are not replicated for ERSPAN).

BEFORE YOU BEGIN

Ensure that you are in the correct VDC (or use the switchto vdc command).

SUMMARY STEPS

1. config t

2. monitor session session-number

3. [no] multicast best-effort

4. (Optional) show monitor session-number

5. (Optional) copy running-config startup-config

DETAILED STEPS

 

Command
Purpose

Step 1

config t

 

Example:

switch# config t

switch(config)#

Enters global configuration mode.

Step 2

monitor session session-number

 

Example:

switch(config)# monitor session 3

switch(config-monitor)#

Enters the monitor configuration mode and specifies the ERSPAN session for which the multicast best effort mode is to be configured.

Step 3

[no] multicast best-effort

 

Example:

switch(config-monitor)# multicast best-effort

Configures the multicast best effort mode for the specified ERSPAN session.

Step 4

show monitor session session-number

 

Example:

switch(config-monitor)# show monitor session 3

(Optional) Displays the status of ERSPAN sessions, including the configuration status of the multicast best effort mode and the modules on which the best effort mode is and is not supported.

Step 5

copy running-config startup-config

 

Example:

switch(config-monitor)# copy running-config startup-config

(Optional) Copies the running configuration to the startup configuration.

Verifying the ERSPAN Configuration

To display the ERSPAN configuration, perform one of the following tasks:

 

Command
Purpose

show monitor session { all | session-number | range session-range }

Displays the ERSPAN session configuration.

show running-config monitor

Displays the running ERSPAN configuration.

show startup-config monitor

Displays the ERSPAN startup configuration.

For detailed information about the fields in the output from these commands, see the Cisco Nexus 7000 Series NX-OS System Management Command Reference.

Configuration Examples for ERSPAN

This section includes the following topics:

Configuration Example for an ERSPAN Source Session

This example shows how to configure an ERSPAN source session:

switch# config t
switch(config)# interface e14/30
switch(config-if)# no shut
switch(config-if)# exit
switch(config)# monitor erspan origin ip-address 3.3.3.3 global
switch(config)# monitor session 1 type erspan-source
switch(config-erspan-src)# source interface e14/30
switch(config-erspan-src)# erspan-id 1
switch(config-erspan-src)# ip ttl 16
switch(config-erspan-src)# ip dscp 5
switch(config-erspan-src)# vrf default
switch(config-erspan-src)# destination ip 9.1.1.2
switch(config-erspan-src)# no shut
switch(config-erspan-src)# exit
switch(config)# show monitor session 1

Configuration Example for an ERSPAN Destination Session

This example shows how to configure an ERSPAN destination session:

switch# config t
switch(config)# interface e14/29
switch(config-if)# no shut
switch(config-if)# switchport
switch(config-if)# switchport monitor
switch(config-if)# exit
switch(config)# monitor session 2 type erspan-destination
switch(config-erspan-dst)# source ip 9.1.1.2
switch(config-erspan-dst)# destination interface e14/29
switch(config-erspan-dst)# erspan-id 1
switch(config-erspan-dst)# vrf default
switch(config-erspan-dst)# no shut
switch(config-erspan-dst)# exit
switch(config)# show monitor session 2

Configuration Example for an ERSPAN ACL

This example shows how to configure an ERSPAN ACL:

switch# config t
switch(config)# ip access-list match_11_pkts
switch(config-acl)# permit ip 11.0.0.0 0.255.255.255 any
switch(config-acl)# exit
switch(config)# ip access-list match_12_pkts
switch(config-acl)# permit ip 12.0.0.0 0.255.255.255 any
switch(config-acl)# exit
switch(config)# vlan access-map erspan_filter 5
switch(config-access-map)# match ip address match_11_pkts
switch(config-access-map)# action forward
switch(config-access-map)# exit
switch(config)# vlan access-map erspan_filter 10
switch(config-access-map)# match ip address match_12_pkts
switch(config-access-map)# action forward
switch(config-access-map)# exit
switch(config)# monitor session 1 type erspan-source
switch(config-erspan-src)# filter access_group erspan_filter
 

Configuration Example for ERSPAN Using the Multicast Best Effort Mode

This example shows how to configure the multicast best effort mode for an ERSPAN session:

switch# config t
switch(config)# monitor session 1
switch(config-monitor)# multicast best-effort
switch(config-monitor)# show monitor session 1

Additional References

For additional information related to implementing ERSPAN, see the following sections:

Related Documents

Related Topic
Document Title

VDCs

Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide, Release 5.x

Fabric Extender

Configuring the Cisco Nexus 2000 Series Fabric Extender

ERSPAN commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples

Cisco Nexus 7000 Series NX-OS System Management Command Reference

Standards

Standards
Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

Feature History for ERSPAN

Table 19-2 lists the release history for this feature.

 

Table 19-2 Feature History for ERSPAN
Feature Name
Releases
Feature Information

ERSPAN

5.2(1)

Added ERSPAN source support for Cisco Nexus 2000 Series Fabric Extender interfaces.

ERSPAN

5.2(1)

Added the ability to configure the multicast best effort mode for an ERSPAN session.

ERSPAN and ERSPAN ACLs

5.1(1)

This feature was introduced.