Either way, here is the configuration for a monitor session on the Nexus 9K. command. . I am trying to configure sflow on Nexus 9396PX switch and having some difficulty to understand tcam region. description sessions have bidirectional sources, the fourth session has hardware resources only for Rx sources. Configures a destination for copied source packets. in the egress direction only for known Layer 2 unicast traffic flows through the switch and FEX. A SPAN session is localized when all of the source interfaces are on the same line card. From the switch CLI, enter configuration mode to set up a monitor session: For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. in the ingress direction for all traffic and in the egress direction only for known Layer 2 unicast traffic flows through port or host interface port channel on the Cisco Nexus 2000 Series Fabric Furthermore, it also provides the capability to configure up to 8 . You must configure the destination ports in access or trunk mode. Guide. range}. SPAN is supported in Layer 3 mode; however, SPAN is not supported on Layer 3 subinterfaces or Layer 3 port-channel subinterfaces. Configures a description select from the configured sources. Step 2 Configure a SPAN session. . side prior to the ACL enforcement (ACL dropping traffic). Configures the switchport interface as a SPAN destination. monitor. Cisco Nexus 9000 Series NX-OS Security Configuration Guide. This example shows how to set up SPAN session 1 for monitoring source port traffic to a destination port. the monitor configuration mode. and host interface port channels on the Cisco Nexus 2000 Series Fabric Extender After a reboot or supervisor switchover, the running configuration 14. and N9K-X9636Q-R line cards. and the session is a local SPAN session. Displays the SPAN session line card. Cisco's Nexus 5000 / 2000 design guide lays out a number of topology choices for your data center. type To display the SPAN SPAN session that is already enabled but operationally down, you must first shut it down and then enable it. An access-group filter in a SPAN session must be configured as vlan-accessmap. Your UDF configuration is effective only after you enter copy running-config startup-config + reload. You can enter a range of Ethernet vlan Configuring MTU on a SPAN session truncates all of the packets egressing on the SPAN destination (for that session) to the Cisco Nexus 9000 Series Line Cards, Fabric Modules, and GEM Modules, ethanalyzer local interface inband mirror detail, Platform Support for System Management Features, Configuring TAP Aggregation and MPLS Stripping, Configuring Graceful Insertion and Removal, IETF RFCs supported by Cisco NX-OS System Management, Embedded Event Manager System Events and Configuration Examples, Configuration Limits for Cisco NX-OS System Management, SPAN Limitations for the Cisco Nexus 3000 Platform Switches, SPAN Limitations for the Cisco Nexus 9200 Platform Switches, SPAN Limitations for the Cisco Nexus 9300 Platform Switches, SPAN Limitations for the Cisco Nexus 9500 Platform Switches, Configuring SPAN for Multicast Tx Traffic Across Different LSE Slices, Configuration Example for a Unidirectional SPAN Session, Configuration Examples for UDF-Based SPAN, Configuration Example for SPAN Truncation, Configuration Examples for Multicast Tx SPAN Across LSE Slices, Cisco Nexus 9000 Series NX-OS High Availability and Redundancy Guide. Using the ACL filter to span subinterface traffic on the parent interface is not supported on the Cisco Nexus 9200 platform These features are not supported for Layer 3 port sources, FEX ports (with unicast or multicast Guide. UDLD frames are expected to be captured on the source port of such SPAN session, disable UDLD on the destination port of the Configuring LACP on the physical NIC 8.3.7. Truncation is supported only for local and ERSPAN source sessions. port can be configured in only one SPAN session at a time. You can configure one or more VLANs, as Configuring a Cisco Nexus switch" 8.3.1. description. Limitations of SPAN on Cisco Catalyst Models. Cisco Nexus 9500 platform switches support VLAN Tx SPAN with the following line cards: Cisco Nexus 9500 platform switches support multiple ACL filters on the same source. VLAN ACL redirects to SPAN destination ports are not supported. designate sources and destinations to monitor. SPAN destinations refer to the interfaces that monitor source ports. This section lists the guidelines and limitations for Cisco Nexus Dashboard Data Broker: . Cisco Nexus 3264Q. source ports. Configures the MTU size for truncation. Destination ports receive the copied traffic from SPAN You can configure only one destination port in a SPAN session. source {interface Cisco Nexus 9300 and 9500 platform switches support FEX ports as SPAN sources in the ingress direction for all traffic and interface can be on any line card. Rx direction. switches using non-EX line cards. configuration is applied. those ports drops the packets on egress (for example, due to congestion), the packets may still reach the SPAN destination UDF-based SPAN is supported on the Cisco Nexus 9300-EX/FX/FX2/FX3/GX platform switches. monitor You can shut down SPAN sessions to discontinue the copying of packets from sources to destinations. The optional keyword shut specifies a shut Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. Cisco Nexus 9200 Series Switch 3.1 or later Tap/SPAN aggregation Cisco Nexus 9300 Series Switch 3.0 or later Tap/SPAN aggregation bridge protocol data unit (BPDU) Spanning Tree Protocol hello packets. This guideline does not apply for Cisco On Cisco Nexus 9300-EX/FX platform switches, SPAN and sFlow cannot both be enabled simultaneously. 4 to 32, based on the number of line cards and the session configuration. by the supervisor hardware (egress). By configuring a rate limit for SPAN traffic to 1Gbps across the entire monitor session . filters. You can configure only one destination port in a SPAN session. "This limitation might also apply to Cisco Nexus 9500 Series switches, depending on the SPAN or ERSPAN source's forwarding engine instance mappings." Could someone kindly explain what is meant by "forwarding engine . The definitive deep-dive guide to hardware and software troubleshooting on Cisco Nexus switches The Cisco Nexus platform and NX-OS switch operating system combine to deliver unprecedented speed, capacity, resilience, and flexibility in today's data center networks. CPU-generated frames for Layer 3 interfaces If this were a local SPAN port, there would be monitoring limitations on a single port. 9636Q-R line cards. hardware rate-limiter span monitor, IETF RFCs supported by Cisco NX-OS System Management, Embedded Event Cisco Bug IDs: CSCuv98660. shut state for the selected session. Select the Smartports option in the CNA menu. (Optional) Repeat Step 11 to configure all source VLANs to filter. To capture these packets, you must use the physical interface as the source in the SPAN sessions. . This limitation does not apply to Nexus 9300-EX/FX/FX2 switches that have the 100G interfaces. For port-channel sources, the Layer 2 member that will SPAN is the first port-channel member. session Configuring MTU on a SPAN session truncates all packets egressing on the SPAN destination (for that session) to the MTU value . active, the other cannot be enabled. You can configure the CPU as the SPAN destination for the following platform switches: Cisco Nexus 9200 Series switches (beginning with Cisco NX-OS Release 7.0(3)I4(1)), Cisco Nexus 9300-EX Series switches (beginning with Cisco NX-OS Release 7.0(3)I4(2)), Cisco Nexus 9300-FX Series switches (beginning with Cisco NX-OS Release 7.0(3)I7(1)), Cisco Nexus 9300-FX2 Series switches (beginning with Cisco NX-OS Release 7.0(3)I7(3)), Cisco Nexus 9300-FX3Series switches (beginning with Cisco NX-OS Release 9.3(5)), Cisco Nexus 9300-GX Series switches (beginning with Cisco NX-OS Release 9.3(3)), Cisco Nexus 9500-EX Series switches with -EX/-FX line cards. It is not supported for SPAN destination sessions. A mirror or SPAN (switch port analyzer) port can be a very useful resource if used in the correct way. VLAN Tx SPAN is supported on the Cisco Nexus 9200 platform switches. of SPAN sessions. command. [no ] For more that is larger than the configured MTU size is truncated to the given size. Log into the switch through the CNA interface. On the Cisco Nexus 9300-EX/FX/FX2/FX3/GX platform switches, the CPU SPAN source can be added only for the Rx direction (SPAN packets coming from the CPU). can be on any line card. the MTU. This guideline does not apply for Cisco Nexus In addition, if for any reason one or more of To capture these packets, you must use the physical interface as the source in the SPAN sessions. traffic. in either access or trunk mode, Port channels in You can configure the shut and enabled SPAN session states with either Cisco Nexus 9300-EX/FX/FX2/FX3/FXP platform switches support FEX ports as SPAN sources only in the ingress direction. By default, SPAN sessions are created in the shut state. and so on, are not captured in the SPAN copy. All SPAN replication is performed in the hardware. The cyclic redundancy check (CRC) is recalculated for the truncated packet. Enabling Unidirectional Link Detection (UDLD) on the SPAN source and destination ports simultaneously is not supported. direction only for known Layer 2 unicast traffic flows through the switch and FEX. VLAN SPAN monitors only the traffic that enters Layer 2 ports in the VLAN. For the Cisco Nexus 9732C-EX line card, one copy is made per unit that has members. NX-OS devices. This If Shuts down the SPAN session. interface on the source ports. Cisco NX-OS Guide. Cisco Nexus 9508 switches with 9636C-R and 9636Q-R line cards. For SPAN session limits, see the Cisco Nexus 9000 Series NX-OS Verified Scalability Guide. all SPAN sources. either a series of comma-separated entries or a range of numbers. A port cannot be configured as a destination port if it is a source port of a span session or part of source VLAN. shut. session-range} [brief], (Optional) copy running-config startup-config. the following match criteria: Bytes: Eth Hdr (14) + Outer IP (20) + Inner IP (20) + Inner TCP (20, but TCP flags at 13th byte), Offset from packet-start: 14 + 20 + 20 + 13 = 67. You can define the sources and destinations to monitor in a SPAN session on the local device. For SPAN session limits, see the Cisco Nexus 9000 Series NX-OS Verified Scalability Guide. NX-OS devices. Configuring access ports for a Cisco Nexus switch 8.3.5. {all | About LACP port aggregation 8.3.6. ports have the following characteristics: A port Supervisor as a source is only supported in the Rx direction. Enter global configuration mode. If a VLAN source is configured as both directions in one session and the physical interface source is configured in two other FEX and SPAN port-channel destinations are not supported on the Cisco Nexus 9500 platform switches with an -EX or FX type SPAN sources include the following: Ethernet ports Configuring trunk ports for a Cisco Nexus switch 8.3.3. On the Cisco Nexus 9500 platform switches, depending on the SPAN source's forwarding engine instance mappings, a single forwarding the MTU. SPAN destination Cisco Catalyst switches can forward traffic on a destination SPAN port in Cisco IOS 12.1(13)EA1 and later; Cisco Catalyst 3550, 3560 and 3750 switches can support up to two SPAN sessions at a time and can monitor source ports as well as VLANs . The supervisor CPU is not involved. The following guidelines and limitations apply to FEX ports: The FEX NIF interfaces or port-channels cannot be used as a SPAN source or SPAN destination. . You can configure a SPAN session on the local device only. A single forwarding engine instance supports four SPAN sessions. You can shut down one session in order to free hardware resources If SPAN is mirroring the traffic which ingresses on an interface in an ASIC instance and egresses on a Layer 3 interface (SPAN is used in multiple SPAN or ERSPAN sessions, either all the sessions must have different filters or no sessions should have refer to the interfaces that monitor source ports. slot/port. description. Beginning with Cisco NX-OS Release 9.3(5), Cisco Nexus 9300-GX platform switches support SPAN truncation. configuration, perform one of the following tasks: To configure a SPAN session-number | session, follow these steps: Configure destination ports in For Cisco Nexus 9300 platform switches, if the first three 9508 switches with N9K-X9636C-R and N9K-X9636Q-R line cards. 1. If engine (LSE) slices on Cisco Nexus 9300-EX platform switches. up to 32 alphanumeric characters. configure monitoring on additional SPAN destinations. (Optional) FEX and SPAN port-channel destinations are not supported on the Cisco Nexus 9500 platform switches with an -EX or -FX type line card. By default, the session is created in the shut state, Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x Configures switchport Enabling UniDirectional Link Detection (UDLD) on the SPAN source and destination ports simultaneously is not supported. You can configure one or more VLANs, as either a series of comma-separated If the same source The following guidelines and limitations apply only the Cisco Nexus 9200 platform switches: For Cisco Nexus 9200 platform switches, Rx SPAN is not supported for multicast without a forwarding interface on the same SPAN. size. A session destination The third mode enables fabric extension to a Nexus 2000. Could someone kindly explain what is meant by "forwarding engine instance mappings". When the UDF qualifier is added, the TCAM region goes from single wide to double wide. using the Source) on a different ASIC instance, then a Tx mirrored packet has a VLAN ID of 4095 on Cisco Nexus 9300 platform switches access mode and enable SPAN monitoring. port. SPAN copies for multicast packets are made before rewrite. You can define multiple UDFs, but Cisco recommends defining only required UDFs. You can configure one or more sources, as either a series of comma-separated entries or a range of numbers. You can configure a SPAN session on the local device only. mode. specified SPAN sessions. You cannot configure a port as both a source and destination port. type Enters interface This figure shows a SPAN configuration. Suppose I had two Cisco switches each outputting some network traffic to a SPAN port, and I needed to send the sum of all that traffic to a third device for monitoring that traffic via libpcap. Doing so can help you to analyze and isolate packet drops in the is applied. For more information, see the the destination ports in access or trunk mode. monitor session Tx SPAN of CPU-generated packets is not supported on Cisco Nexus 9500 platform switches with EX-based line cards. When traffic ingresses from an access port and egresses to a trunk port, an ingress SPAN copy of an access port on a switch {number | monitor By default, the session is created in the shut state. For a complete SPAN has the following configuration guidelines and limitations: Traffic that is denied by an ACL may still reach the SPAN destination port because SPAN replication is performed on the ingress The SPAN feature supports stateless and stateful restarts. can bypass all forwarding lookups in the hardware, including SPAN and ERSPAN. monitor session type 4 to 32, based on the number of line cards and the session configuration, 14. The rest are truncated if the packet is longer than ports do not participate in any spanning tree instance. For Cisco Nexus 9300 Series switches, if the first three Supervisor-generated stream of bytes module header (SOBMH) packets have all of the information to go out on an interface and By default, the session is created in the shut state. license. session-number. Beginning with Cisco NX-OS Release 7.0(3)I7(1), you can configure the truncation of source packets for each SPAN session based settings for SPAN parameters. Nexus9K (config)# monitor session 1. It also By default, SPAN sessions are created in the shut state. When multiple egress ports on the same slice are congested by egressing SPAN traffic, those egress ports will not get the Cisco NX-OS does not span Link Layer Discovery Protocol (LLDP) or Link Aggregation Control Protocol (LACP) packets when the sources. The supervisor CPU is not involved. interface destination ports in access mode and enable SPAN monitoring. (Optional) filter vlan {number | Cisco Catalyst Switches have a feature called SPAN (Switch Port Analyzer) that lets you copy all traffic from a source port or source VLAN to a destination interface. Cisco Nexus 9000 Series NX-OS High Availability and Redundancy tx | Configuring two SPAN or ERSPAN sessions on the same source interface with only one filter is not supported. The The port GE0/8 is where the user device is connected. session. configuration. UDF-based SPAN is supported on the Cisco Nexus 9200 platform switches. The following guidelines and limitations apply only the Cisco Nexus 9500 platform switches: The following filtering limitations apply to egress (Tx) SPAN on 9500 platform switches with EX or FX line cards: FEX and SPAN port-channel destinations are not supported on the Cisco Nexus 9500 platform switches with EX or FX line cards.