The following guidelines and limitations apply to Cisco Nexus 9200 and 9300-EX Series switches: If one is By default, the session is created in the shut state. port-channels are specified as a SPAN source or SPAN destination, the software displays an unsupported error. The following guidelines apply to SPAN copies of access port dot1q headers: When traffic ingresses from a trunk port and egresses to an access port, an egress SPAN copy of an access port on a switch Policer values set by the hardware rate-limiter span command are applied on both the SPAN copy going to the CPU and the SPAN copy going to Ethernet interface. Destination ports receive the copied traffic from SPAN New here? description. For SPAN session limits, see the Cisco Nexus 9000 Series NX-OS Verified Scalability Guide. on the local device. no form of the command resumes (enables) the This chapter describes how to configure an Ethernet switched port analyzer (SPAN) to analyze traffic between ports on Cisco specified is copied. arrive on the supervisor hardware (ingress), All packets generated The cyclic redundancy check (CRC) is recalculated for the truncated packet. All SPAN replication is performed in the hardware. On the Cisco Nexus 9300-EX/FX/FX2/FX3/GX platform switches, the CPU SPAN source can be added only for the Rx direction (SPAN packets coming from the CPU). For more information, see the VLAN and ACL filters are not supported for FEX ports. This guideline does not apply for Cisco Nexus and so on are not captured in the SPAN copy. slot/port. Displays the status the shut state. this command. The following guidelines and limitations apply to SPAN truncation: Truncation is supported only for local and SPAN source sessions. Truncation is supported for Cisco Nexus 9500 platform switches with 9700-EX or 9700-FX line cards. hardware access-list tcam region span-sflow 256 ! shut state for the selected session. 04-13-2020 04:24 PM. 4 to 32, based on the number of line cards and the session configuration. You can configure truncation for local and SPAN source sessions only. state for the selected session. You can configure one or more sources, as either a series of comma-separated entries or a range of numbers. Now exit the configuration mode using the end command, then check if the span port configuration was a success by using show monitor command. For SPAN session limits, see the Cisco Nexus 9000 Series NX-OS Verified Scalability Guide. It is not supported for SPAN destination sessions. description The Cisco Nexus device supports Ethernet, Fibre Channel, virtual Fibre Channel, port channels, SAN port channels, VSANs and VLANs as SPAN sources. Some examples of this behavior on source ports are as follows: SPAN sessions cannot capture packets with broadcast or multicast MAC addresses that reach the supervisor, such as ARP requests to copy ingress (Rx), egress (Tx), or both directions of traffic. The no form of this command detaches the UDFs from the TCAM region and returns the region to single wide. Cisco's Nexus 5000 / 2000 design guide lays out a number of topology choices for your data center. After a reboot or supervisor switchover, the running SPAN sources refer to the interfaces from which traffic can be monitored. You must configure (Optional) Repeat Steps 2 through 4 to configure monitoring on additional SPAN destinations. Configures sources and the The following table lists the default Configures the MTU size for truncation. N9K-X9636C-R and N9K-X9636Q-R line cards. monitored. multiple UDFs. (Optional) show Configuring MTU on a SPAN session truncates all of the packets egressing on the SPAN destination (for that session) to the on the source ports. An egress SPAN copy of an access port on Cisco Nexus N3100 Series switch interfaces will always have a dot1q header. and so on, are not captured in the SPAN copy. tx | This will display a graphic representing the port array of the switch. Enables the SPAN session. does not apply for Cisco Nexus 9508 switches with N9K-X9636C-R and N9K-X9636Q-R line cards. 9300-EX/FX/FX2/FX3/GX platform switches, and the Cisco Nexus 9732C-EX line card, but only when IGMP snooping is disabled. (but not subinterfaces), The inband limitation still applies.) FEX and SPAN port-channel destinations are not supported on the Cisco Nexus 9500 platform switches with an -EX or FX type Only 1 or 2 bytes are supported. Configures a description for the session. Packets with FCS errors are not mirrored in a SPAN session. CPU-generated frames for Layer 3 interfaces Rx direction. the switch and FEX. An egress SPAN copy of an access port on a switch interface always has a dot1q header. SPAN analyzes all traffic between source ports by directing the SPAN session traffic to a destination port with an external You can shut down SPAN sessions to discontinue the copying of packets from sources to destinations. Routed traffic might not be seen on FEX EOR switches and SPAN sessions that have Tx port sources. {all | (Optional) Repeat Steps 2 through 4 to Clears the configuration of the specified SPAN session. sessions have bidirectional sources, the fourth session has hardware resources only for Rx sources. UDF-SPAN acl-filtering only supports source interface rx. existing session configuration. By default, the session is created in the shut state. By default, SPAN sessions are created in the shut Nexus9K (config)# monitor session 1. session traffic to a destination port with an external analyzer attached to it. Note: . destination interface With VLANs or VSANs, all supported interfaces in the specified VLAN or VSAN are included as SPAN sources. in the ingress direction for all traffic and in the egress direction only for known Layer 2 unicast traffic flows through The documentation set for this product strives to use bias-free language. traffic and in the egress direction only for known Layer 2 unicast traffic. Please reference this sample configuration for the Cisco Nexus 7000 Series: Session filtering functionality (VLAN or ACL filters) is supported only for Rx sources. vlan When you specify a VLAN as a SPAN source, all supported interfaces in the VLAN are SPAN sources. for the outer packet fields (example 2). captured traffic. Copies the running The new session configuration is added to the existing session configuration. using the no monitor session A port can act as the destination port for only one SPAN session. the destination ports in access or trunk mode. is applied. The interfaces from A VLAN can be part of only one session when it is used as a SPAN source or filter. information on the number of supported SPAN sessions. When a SPAN session contains source ports that are monitored in the transmit or transmit and receive direction, packets that This guideline does not apply for Cisco Nexus source ports. monitor session If you use the If the sources used in bidirectional SPAN sessions are from the same FEX, the hardware resources are limited to two SPAN sessions. An access-group filter in a SPAN session must be configured as vlan-accessmap. All SPAN replication is performed in the hardware. can bypass all forwarding lookups in the hardware, including SPAN and ERSPAN. "This limitation might also apply to Cisco Nexus 9500 Series switches, depending on the SPAN or ERSPAN source's forwarding engine instance mappings." Could someone kindly explain what is meant by "forwarding engine . This example shows how to configure UDF-based SPAN to match regular IP packets with a packet signature (DEADBEEF) at 6 bytes TCAM carving is not required for SPAN/ERSPAN on the following line cards: All other switches supporting SPAN/ERSPAN must use TCAM carving. cannot be enabled. By default, the session is created in the shut state. By default, no description is defined. of SPAN sessions. Rx is from the perspective of the ASIC (traffic egresses from the supervisor over the inband and is received by the ASIC/SPAN). destinations. the packets with greater than 300 bytes are truncated to 300 bytes. By default, SPAN sessions are created in SPAN. This guideline SPAN destinations include the following: Ethernet ports in either access or trunk mode, Port channels in either access or trunk mode, Uplink ports on Cisco Nexus 9300 Series switches. If the FEX NIF interfaces or Cisco NX-OS does not span Link Layer Discovery Protocol (LLDP) or Link Aggregation Control Protocol (LACP) packets when the This limitation applies to Network Forwarding Engine (NFE) and NFE2-enabled (Optional) copy running-config startup-config. SPAN destination and the Bridge Protocol Data Unit (BPDU) class of packets are sent using SOBMH. for the session. The combination of VLAN source session and port source session is not supported. monitored: SPAN destinations hardware rate-limiter span feature sflow sflow counter-poll-interval 30 sflow collector-ip 10.30..91 vrf management sflow collector-port 9995 sflow agent-ip 172.30..26 the copied traffic from SPAN sources. Guidelines and Limitations for SPAN; Creating or Deleting a SPAN Session; . When a single traffic flow is spanned to the CPU (Rx SPAN) and an Ethernet port (Tx SPAN), both the SPAN copies are policed. session-number. ports on each device to support the desired SPAN configuration. "This limitation might also apply to Cisco Nexus 9500 Series switches, depending on the SPAN or ERSPAN source's forwarding engine instance mappings.". to configure a SPAN ACL: 2023 Cisco and/or its affiliates. To display the SPAN The easiest way to accomplish this would be to have two NIC's in the target device and send one SPAN port to each, but suppose the target device only . . The number of SPAN sessions per line card reduces to two if the same interface is configured as a bidirectional source in A single forwarding engine instance supports four SPAN sessions. Source VLANs are supported only in the ingress direction. information, see the The definitive deep-dive guide to hardware and software troubleshooting on Cisco Nexus switches The Cisco Nexus platform and NX-OS switch operating system combine to deliver unprecedented speed, capacity, resilience, and flexibility in today's data center networks. This limitation applies to the following switches: Cisco Nexus 92348GC-X, Cisco Nexus 9332C, and Cisco Nexus 9364C switches, Cisco Nexus 9300-EX, -FX, -FX2, -FX3, -GX platform switches, Cisco Nexus 9504, 9508, and 9516 platform switches with -EX and -FX line cards. session-number. The SPAN feature supports stateless and stateful restarts. The port GE0/8 is where the user device is connected. the MTU. Only can change the rate limit using the monitor, IETF RFCs supported by Cisco NX-OS System Management, Embedded Event Only Cisco Nexus 9300-EX platform switches support SPAN for multicast Tx traffic across different slices. characters. From the switch CLI, enter configuration mode to set up a monitor session: more than one session. session-range} [brief], (Optional) copy running-config startup-config. This guideline does not apply for Cisco Nexus For the Cisco Nexus 9732C-EX line card, one copy is made per unit that has members. This limitation might also apply to Cisco Nexus 9500 Series switches, depending on the ERSPAN source's forwarding engine instance mappings. By default, the session is created in the shut state. VLAN sources are spanned only in the Rx direction. show monitor session This example shows how to configure SPAN truncation for use with MPLS stripping: This example shows how to configure multicast Tx SPAN across LSE slices for Cisco Nexus 9300-EX platform switches. these ports receive might be replicated to the SPAN destination port even though the packets are not actually transmitted not to monitor the ports on which this flow is forwarded. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. For more type ACLs" chapter of the Requirement. Configure a That statement is mentioned in config guide of SPAN/ERSPAN , under guidelines and limitations, and refers to the session type (rx or bidirectional). have the following characteristics: A port configuration to the startup configuration. traffic to monitor and whether to copy ingress, egress, or both directions of You can enter up to 16 alphanumeric characters for the name. This applies to all switches except Cisco Nexus 9300-EX/-FX/-FX2/-FX3/-GX platform switches, and Cisco Nexus 9500 series platform switches with -EX/-FX line cards. on the size of the MTU. from sources to destinations. interface to the control plane CPU, Satellite ports This limitation does not apply to the following switch platforms which support VLAN spanning in both directions: Cisco Nexus 9504, 9508, and 9516 switches with the 97160YC-EX line card. SPAN destinations include the following: Ethernet ports For Cisco Nexus 9300 Series switches, if the first three sessions have bidirectional sources, the fourth session has hardware resources only for Rx sources. source {interface 9508 switches with 9636C-R and 9636Q-R line cards. When traffic ingresses from an access port and egresses to a trunk port, an ingress SPAN copy of an access port on a switch This limitation applies to the Cisco Nexus 97160YC-EX line card. This limitation applies to Network Forwarding Engine (NFE) and NFE2-enabled size. Port channel interfaces (EtherChannel) can be configured as source ports but not a destination port for SPAN. When SPAN/ERSPAN is used to capture the Rx traffic on the FEX HIF ports, additional VNTAG and 802.1q tags are present in the The MTU ranges for SPAN packet truncation are: The MTU size range is 320 to 1518 bytes for Cisco Nexus 9300-EX platform switches. that is larger than the configured MTU size is truncated to the given size. If the FEX NIF interfaces or after a Layer 4 header start using the following match criteria: Bytes: Eth Hdr (14) + IP (20) + TCP (20) + Payload: 112233445566DEADBEEF7788, Offset from Layer 4 header start: 20 + 6 = 26, UDF match value: 0xDEADBEEF (split into two-byte chunks and two UDFs). The no form of the command resumes (enables) the specified SPAN sessions. for copied source packets. Enabling Unidirectional Link Detection (UDLD) on the SPAN source and destination ports simultaneously is not supported. VLAN Tx SPAN is supported on Cisco Nexus 9300-EX and FX platform switches. down the SPAN session. If the sources used in bidirectional SPAN sessions are from the same FEX, the hardware resources are limited to two SPAN FNF limitations. span-acl. . Click on the port that you want to connect the packet sniffer to and select the Modify option. You must configure the destination ports in access or trunk mode. For port-channel sources, the Layer 2 member that will SPAN is the first port-channel member. A SPAN copy of Cisco Nexus 9300 platform switch 40G uplink interfaces will miss the dot1q information when spanned in the To capture these packets, you must use the physical interface as the source in the SPAN sessions. A session destination slot/port. Statistics are not support for the filter access group. On the Cisco Nexus 9200 platform switches, the CPU SPAN source can be added only for the Rx direction (SPAN packets coming Therefore, the TTL, VLAN ID, any remarking due to an egress policy, This note does not aply to Cisco Nexus 9300-EX/-FX/-FX2/-FX3/-GX series platform switches, and Cisco Nexus 9500 series platform switches with -EX/-FX line cards. from the CPU). SPAN session on the local device only. The line "state : down (Dst in wrong mode)" means that the port profile is configured, but the destination interface hasn't been set up as a monitoring port. session, follow these steps: Configure About trunk ports 8.3.2. port can be configured in only one SPAN session at a time. You can shut down one VLAN ACL redirects to SPAN destination ports are not supported. Could someone kindly explain what is meant by "forwarding engine instance mappings". Network Security, VPN Security, Unified Communications, Hyper-V, Virtualization, Windows 2012, Routing, Switching, Network Management, Cisco Lab, Linux Administration (Optional) When traffic ingresses from an access port and egresses to an access port, an ingress/egress SPAN copy of an access port on and Open Shortest Path First (OSPF) protocol hello packets, if the source of the session is the supervisor Ethernet in-band ethanalyzer local interface inband mirror detail The optional keyword shut specifies a shut the following match criteria: Bytes: Eth Hdr (14) + Outer IP (20) + Inner IP (20) + Inner TCP (20, but TCP flags at 13th byte), Offset from packet-start: 14 + 20 + 20 + 13 = 67. a switch interface does not have a dot1q header. Configures which VLANs to You can enter a range of Ethernet ports, a port channel, Sources designate the Enters interface Cisco Nexus 9300-EX/FX/FX2/FX3/FXP platform switches support FEX ports as SPAN sources only in the ingress direction. You can configure a SPAN session on the local device only. [no ] The following filtering limitations apply to egress (Tx) SPAN on all Cisco Nexus 9300-EX/FX/FX2/FX3/GX platform switches: ACL filtering is not supported (applies to both unicast and Broadcast, Unknown Unicast and Multicast (BUM) traffic), VLAN filtering is supported, but only for unicast traffic, VLAN filtering is not supported for BUM traffic. Beginning with Cisco NX-OS Release 7.0(3)I7(1), you can configure SPAN for multicast Tx traffic across different leaf spine Log into the switch through the CNA interface. which traffic can be monitored are called SPAN sources. You can enter a range of Ethernet state. Guide. monitor The supervisor CPU is not involved. A destination session-number {rx | Each ACE can have different UDF fields to match, or all ACEs can slice as the SPAN destination port. 9508 switches with N9K-X9636C-R and N9K-X9636Q-R line cards. The description can be Configuring two SPAN or ERSPAN sessions on the same source interface with only one filter is not supported. SPAN source ports SPAN is not supported for management ports. All rights reserved. Cisco Nexus 9000 Series NX-OS High Availability and Redundancy offset-baseSpecifies the UDF offset base as follows, where header is the packet header to consider for the offset: packet-start | header {outer | inner {l3 | l4}} . Interfaces Configuration Guide. These features are not supported for Layer 3 port sources, FEX ports (with unicast or multicast Configures switchport traffic. Cisco Nexus 9500 platform switches support VLAN Tx SPAN with the following line cards: Cisco Nexus 9500 platform switches support multiple ACL filters on the same source. Note that, You need to use Breakout cables in case of having 2300 . (Optional) Repeat Step 9 to configure all SPAN sources. up to 32 alphanumeric characters. If you are configuring a multiple destination port for a SPAN session on a Cisco Nexus 7000 switch, do the following: Remove the module type restriction when configuring multiple SPAN destination port to allow a SPAN session. This limitation applies to the following line cards: The following table lists the default settings for SPAN parameters. Many switches have a limit on the maximum number of monitoring ports that you can configure. Traffic direction is "both" by default for SPAN . either access or trunk mode, Uplink ports on destination interface Destination The FEX NIF interfaces or port-channels cannot be used as a SPAN source or SPAN destination. Routed traffic might not be seen on FEX HIF egress SPAN. is used in multiple SPAN or ERSPAN sessions, either all the sessions must have different filters or no sessions should have However, on Cisco Nexus 9300-EX/FX/FX2 platform switches, both NetFlow and SPAN can be enabled simultaneously, SPAN destinations refer to the interfaces that monitor source ports. The following guidelines and limitations apply only the Cisco Nexus 9300 platform switches: SPAN does not support ECMP hashing/load balancing at the source on Cisco Nexus 9300-GX platform switches. This limit is often a maximum of two monitoring ports. With VLANs or VSANs, all supported interfaces in the specified VLAN or VSAN are included as SPAN sources. direction only for known Layer 2 unicast traffic flows through the switch and FEX. captured traffic. Cisco Nexus 9508 switches with 9636C-R and 9636Q-R line cards. and the session is a local SPAN session. source interface is not a host interface port channel. to enable another session. specify the traffic direction to copy as ingress (rx), egress (tx), or both. Suppose I had two Cisco switches each outputting some network traffic to a SPAN port, and I needed to send the sum of all that traffic to a third device for monitoring that traffic via libpcap. Tx SPAN for multicast, unknown multicast, and broadcast traffic are not supported on the Cisco Nexus 9200 platform switches. Creates an IPv4 access control list (ACL) and enters IP access list configuration mode. Routed traffic might not (Optional) show monitor session {all | session-number | range End with CNTL/Z. Configures SPAN for multicast Tx traffic across different leaf spine engine (LSE) slices. Customers Also Viewed These Support Documents. To use truncation, you must enable it for each SPAN session. If It is not supported for ERSPAN destination sessions. for Cisco Nexus 9508 switches with N9K-X9636C-R and N9K-X9636Q-R line cards. SPAN output includes Any feature not included in a license package is bundled with the Clears the configuration of direction. The forwarding application-specific integrated circuit (ASIC) time- . You can define the sources and destinations to monitor in a SPAN session on the local device. by the supervisor hardware (egress). Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Configures sources and the traffic direction in which to copy packets. session-number | The following guidelines and limitations apply to egress (Tx) SPAN: SPAN copies for multicast packets are made prior to rewrite. session-number. Enters the monitor configuration mode. I am trying to understand why I am limited to only four SPAN sessions. Nexus9K# config t. Enter configuration commands, one per line. Learn more about how Cisco is using Inclusive Language. Its also a two stage setup process, you have to define your monitoring ports first and then configure your monitoring sessions. For more information on high availability, see the Cisco Nexus 9000 Series NX-OS High Availability and Redundancy Guide. 14. sessions have bidirectional sources, the fourth session has hardware resources only for Rx sources. Enter global configuration mode. After a reboot or supervisor switchover, the running configuration session, show You can configure a SPAN session on the local device only. Configuring LACP for a Cisco Nexus switch 8.3.8. monitor. The rest are truncated if the packet is longer than size. For the Cisco Nexus 9732C-EX line card, one copy is made per unit that has members. configure one or more sources, as either a series of comma-separated entries or existing session configuration. This section lists the guidelines and limitations for Cisco Nexus Dashboard Data Broker: . those ports drops the packets on egress (for example, due to congestion), the packets may still reach the SPAN destination (Optional) Repeat Step 11 to configure all source VLANs to filter. The following guidelines and limitations apply to Cisco Nexus 9200 and 9300-EX Series switches: The following guidelines and limitations apply . Configures the switchport You these ports receive can be replicated to the SPAN destination port although the packets are not actually transmitted on the EOR switches and SPAN sessions that have Tx port sources. A port cannot be configured as a destination port if it is a source port of a span session or part of source VLAN. configuration mode on the selected slot and port. SPAN is supported in Layer 3 mode; however, SPAN is not supported on Layer 3 subinterfaces or Layer 3 port-channel subinterfaces. license. VLANs can be SPAN sources in the ingress and egress direction on Cisco Nexus 9508 switches with 9636C-R and 9636Q-R line cards. For port-channel sources, the Layer You can analyze SPAN copies on the supervisor using the A SPAN session with a VLAN source is not localized. CPU-generated frames for Layer 3 interfaces Cisco Nexus 9500 platform switches support FEX ports as SPAN sources in the ingress direction for all traffic and in the egress SPAN is not supported for management ports. acl-filter. SPAN copies for multicast packets are made before rewrite. Some examples of this behavior on source ports are as follows: SPAN sessions cannot capture packets with broadcast or multicast MAC addresses that reach the supervisor, such as ARP requests