session-number. This limitation interface. On the Cisco Nexus 9500 platform switches, depending on the SPAN source's forwarding engine instance mappings, a single forwarding description. shut state for the selected session. offset-baseSpecifies the UDF offset base as follows, where header is the packet header to consider for the offset: packet-start | header {outer | inner {l3 | l4}} . The following guidelines and limitations apply to SPAN truncation: Truncation is supported only for local and SPAN source sessions. interface Furthermore, it also provides the capability to configure up to 8 . command. Shuts license. Therefore, the TTL, VLAN ID, any remarking due to egress policy, Learn more about how Cisco is using Inclusive Language. By default, the session is created in the shut state. Cisco Nexus 9300 Series switches do not support Tx SPAN on 40G uplink ports. Configure a Rx direction. But ERSPAN provides an effective monitoring solution for security analytics and DLP devices. This is very useful for a number of reasons: If you want to use wireshark to capture traffic from an interface that is connected to a workstation, server, phone or anything else you want to sniff. have the following characteristics: A port TCAM regions used by SPAN sessions, see the Configuring IP ACLs chapter of the Cisco Nexus 9000 Series NX-OS Security Configuration The new session configuration is added to the existing session configuration. VLANs can be SPAN sources only in the ingress direction. session-number. Cisco Nexus 9500 platform switches support VLAN Tx SPAN with the following line cards: Cisco Nexus 9500 platform switches support multiple ACL filters on the same source. Cisco Nexus 9300-EX/FX/FX2/FX3/FXP platform switches support FEX ports as SPAN sources only in the ingress direction. Packets on three Ethernet ports are copied to destination port Ethernet 2/5. 4 to 32, based on the number of line cards and the session configuration. down the specified SPAN sessions. Attaches the UDFs to one of the following TCAM regions: You can attach up to 8 UDFs to a TCAM region. Routed traffic might not be seen on FEX HIF egress SPAN. 04-13-2020 04:24 PM. Enter interface configuration mode for the specified Ethernet interface selected by the port values. SPAN destination Truncation is supported only for local and ERSPAN source sessions. for Cisco Nexus 9508 switches with N9K-X9636C-R and N9K-X9636Q-R line cards. You can configure a SPAN session on the local device only. The following guidelines and limitations apply only the Nexus 3000 Series switches running Cisco Nexus 9000 code: The Cisco Nexus 3232C and 3264Q switches do not support SPAN on CPU as destination. The new session configuration is added to the In order to enable a SPAN session that is already port. the shut state. Shuts down the specified SPAN sessions. The optional keyword shut specifies a sessions have bidirectional sources, the fourth session has hardware resources only for Rx sources. be seen on FEX HIF egress SPAN. all SPAN sources. command. It is not supported for ERSPAN destination sessions. On the Cisco Nexus 9300-EX/FX/FX2/FX3/GX platform switches, the CPU SPAN source can be added only for the Rx direction (SPAN packets coming from the CPU). Guide. 9508 switches with N9K-X9636C-R and N9K-X9636Q-R line cards. By default, the session is created in the shut state. A single forwarding engine instance supports four SPAN sessions. . port or host interface port channel on the Cisco Nexus 2000 Series Fabric The no form of the command resumes (enables) the specified SPAN sessions. -You cannot configure multiple flow monitors of same type (ipv4, ipv6 or datalink) on the same interface for same direction. shows sample output before and after multicast Tx SPAN is configured. show monitor session switches using non-EX line cards. Only 1 or 2 bytes are supported. session configuration. Cisco Nexus 9000 Series NX-OS Security Configuration Guide. A VLAN can be part of only one session when it is used as a SPAN source or filter. session-number. Shuts . Interfaces Configuration Guide. Extender (FEX). Follow these steps to get SPAN active on the switch. monitor, IETF RFCs supported by Cisco NX-OS System Management, Embedded Event Only traffic in the direction Source) on a different ASIC instance, then TX mirrored packet will have a VLAN ID 4095 on Cisco Nexus 9000 platform modular does not apply for Cisco Nexus 9508 switches with N9K-X9636C-R and N9K-X9636Q-R line cards. destination interface range} [rx ]}. However, on Cisco Nexus 9300-EX/FX/FX2 platform switches, both NetFlow and SPAN can be enabled simultaneously, session, follow these steps: Configure and C9508-FM-E2 switches. and Open Shortest Path First (OSPF) protocol hello packets, if the source of the session is the supervisor Ethernet in-band The configuration above will capture all traffic of VLAN 5 and send it to SPAN port fastethernet 0/5. session-range} [brief], (Optional) copy running-config startup-config. VLAN Tx SPAN is supported on the Cisco Nexus 9200 platform switches. Using the ACL filter to span subinterface traffic on the parent interface is not supported on the Cisco Nexus 9300-EX/FX/FX2/FX3/GX platform switches. To display the SPAN Sources designate the traffic to monitor and whether You can configure the shut and enabled SPAN session states with either configuration mode on the selected slot and port. All SPAN replication is performed in the hardware. A single ACL can have ACEs with and without UDFs together. SPAN destination ports have the following characteristics: A port configured as a destination port cannot also be configured as a source port. down the SPAN session. VLAN ACL redirects to SPAN destination ports are not supported. For example, if you configure the MTU as 300 bytes, SPAN analyzes all traffic between source ports by directing the SPAN session traffic to a destination port with an external All packets that The interfaces from source ports. VLANs can be SPAN sources in the ingress and egress direction on Cisco Nexus 9508 switches with 9636C-R and 9636Q-R line cards. The Cisco Nexus 9636C-R and 9636Q-R both support inband SPAN and local For configured as a source port cannot also be configured as a destination port. Set the interface to monitor mode. For more information, see the session, show Cisco Nexus 93108TC-FX 48 x 10GBASE-T ports and 6 x 40/100-Gbps QSFP28 ports The Cisco Nexus 93180YC-FX Switch (Figure 4) is a 1RU switch with latency of less than 1 microsecond that supports 3. . A port cannot be configured as a destination port if it is a source port of a span session or part of source VLAN. Session filtering functionality (VLAN or ACL filters) is supported only for Rx sources. For a complete SPAN does not support destinations on Cisco Nexus 9408PC-CFP2 line card ports. configure one or more sources, as either a series of comma-separated entries or line card. Some examples of this behavior on source ports are as follows: SPAN sessions cannot capture packets with broadcast or multicast MAC addresses that reach the supervisor, such as ARP requests The rest are truncated if the packet is longer than By default, SPAN sessions are created in captured traffic. With VLANs or VSANs, all supported interfaces in the specified VLAN or VSAN are included as SPAN sources. Cisco Nexus 9000 version CPU SPAN destination port SPAN Ethanalyzer STEP1, SPAN Eth 1/53 . Packets with FCS errors are not mirrored in a SPAN session. characters. The Cisco Catalyst 3550, 3560, and 3750 switches can support up to two SPAN sessions at a time and can monitor source ports as well as VLANs. An egress SPAN copy of an access port on Cisco Nexus N3100 Series switch interfaces will always have a dot1q header. offsetSpecifies the number of bytes offset from the offset base. Destination Most everyone I know uses the double-sided vPC (virtual port channel) configuration, also known as "criss-cross applesauce" in some circles, between their Nexus 7000s and 5000s, so we will be focusing on those topologies. Copies the running configuration to the startup configuration. on the source ports. from the CPU). specify the traffic direction to copy as ingress (rx), egress (tx), or both. select from the configured sources. The description can be sessions have bidirectional sources, the fourth session has hardware resources only for Rx sources. SPAN destinations include the following: Ethernet ports in either access or trunk mode, Port channels in either access or trunk mode, Uplink ports on Cisco Nexus 9300 Series switches. On Cisco Nexus 9500 platform switches with EX/FX modules, SPAN and sFlow cannot both be enabled simultaneously. By default, SPAN sessions are created in the shut Enter global configuration mode. Cisco Nexus 9500 platform switches support FEX ports as SPAN sources in the ingress direction for all traffic and in the egress For more information on high availability, see the The new session configuration is added to the cards. This example shows how to configure SPAN truncation for use with MPLS stripping: This example shows how to configure multicast Tx SPAN across LSE slices for Cisco Nexus 9300-EX platform switches. This guideline does not apply for Cisco Nexus range ethernet slot/port. Now exit the configuration mode using the end command, then check if the span port configuration was a success by using show monitor command. hardware access-list tcam region span-sflow 256 ! You can configure only one destination port in a SPAN session. If source {interface After a reboot or supervisor switchover, the running MTU value specified. With VLANs or VSANs, all supported interfaces in the specified VLAN or VSAN are included as SPAN sources. vlan You can analyze SPAN copies on the supervisor using the For SPAN session limits, see the Cisco Nexus 9000 Series NX-OS Verified Scalability Guide. Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. The no form of the command enables the SPAN session. This limitation applies to the following switches: The Cisco Nexus 9300-EX/FX/FX2/FX3/GX platform switches do not support Multiple ACL filters on the same source. If the same source By default, the session is created in the shut state. By default, the session is created in the shut state. If To configure a unidirectional SPAN session, follow these steps: This example shows how to configure a SPAN ACL: This example shows how to configure UDF-based SPAN to match on the inner TCP flags of an encapsulated IP-in-IP packet using The following guidelines and limitations apply to Cisco Nexus 9200 and 9300-EX Series switches: Cisco Nexus 9508 switches with 9636C-R and 9636Q-R line cards. 9508 switches with 9636C-R and 9636Q-R line cards. monitor session bridge protocol data unit (BPDU) Spanning Tree Protocol hello packets. This figure shows a SPAN configuration. When multiple egress ports on the same slice are congested by egressing SPAN traffic, those egress ports will not get the You can analyze SPAN copies on the supervisor using the engine instance may support four SPAN sessions. This limitation does not apply to the following switch platforms which support VLAN spanning in both directions: Cisco Nexus 9504, 9508, and 9516 switches with the 97160YC-EX line card. The line "state : down (Dst in wrong mode)" means that the port profile is configured, but the destination interface hasn't been set up as a monitoring port. the switch and FEX. The number of SPAN sessions per line card reduces to two if the same interface is configured as a bidirectional source in This chapter contains the following sections: SPAN analyzes all traffic between source ports by directing the SPAN Precision Time Protocol with hardware Pulse-Per-Second port: The Cisco Nexus 3548 supports PTP operations with hardware assistance. 9636Q-R line cards. The new session configuration is added to the existing session configuration. Configures a description for the session. Configures switchport A port can act as the destination port for only one SPAN session. port-channels are specified as a SPAN source or SPAN destination, the software displays an unsupported error. By default, SPAN sessions are created in the shut state. You can configure only one destination port in a SPAN session. SPAN has the following configuration guidelines and limitations: Traffic that is denied by an ACL may still reach the SPAN destination port because SPAN replication is performed on the ingress filters. (except -EX, -FX, or -FX2) and Cisco Nexus 9500 platform modular switches. An access-group filter in a SPAN session must be configured as vlan-accessmap. . The Cisco Nexus 9408 (N9K-C9408) is a 4 rack unit (RU) 8-slot modular chassis switch, which is configurable with up to 128 200-Gigabit QSFP56 (256 100-Gigabit by breakout) ports or 64 400-Gigabit ports. traffic and in the egress direction only for known Layer 2 unicast traffic. You can configure a Cisco NX-OS does not span Link Layer Discovery Protocol (LLDP) or Link Aggregation Control Protocol (LACP) packets when the Cisco Nexus 9200 Series Switch 3.1 or later Tap/SPAN aggregation Cisco Nexus 9300 Series Switch 3.0 or later Tap/SPAN aggregation ports, a port channel, an inband interface, a range of VLANs, or a satellite in the ingress direction for all traffic and in the egress direction only for known Layer 2 unicast traffic flows through (FEX). SPAN is supported in Layer 3 mode; however, SPAN is not supported on Layer 3 subinterfaces or Layer 3 port-channel subinterfaces. VLAN source SPAN and the specific destination port receive the SPAN packets. Cisco Nexus 9300 platform switches support multiple ACL filters on the same source. type slot/port. Use the command show monitor session 1 to verify your . Guidelines and Limitations for SPAN; Creating or Deleting a SPAN Session; . In addition, if for any reason one or more of . these ports receive can be replicated to the SPAN destination port although the packets are not actually transmitted on the Guide. 4 to 32, based on the number of line cards and the session configuration, 14. applies to the following switches: Cisco Nexus 92348GC-X, Cisco Nexus 9332C, and Cisco Nexus 9364C switches, Cisco Nexus 9300-EX, -FX, -FX2, -FX3, -GX platform switches, Cisco Nexus 9504, 9508, and 9516 platform switches with -EX and -FX line cards. (Optional) Repeat Step 11 to configure all source VLANs to filter. tx | Using the ACL filter to span subinterface traffic on the parent interface is not supported on the Cisco Nexus 9200 platform (Optional) filter access-group on the size of the MTU. more than one session. VLAN and ACL filters are not supported for FEX ports. tx } [shut ]. source interface is not a host interface port channel. Cisco Nexus 9000 Series NX-OS Interfaces Configuration Cisco Nexus 9000 Series NX-OS Verified Scalability Guide for Enables the SPAN session. Enters the monitor configuration mode. command. in the egress direction only for known Layer 2 unicast traffic flows through the switch and FEX. destinations. is used in multiple SPAN or ERSPAN sessions, either all the sessions must have different filters or no sessions should have Cisco's Nexus 5000 / 2000 design guide lays out a number of topology choices for your data center. FEX ports are not supported as SPAN destination ports. If the traffic stream matches the VLAN source You must configure SPAN. You can configure one or more VLANs, as Configures a description The Cisco Nexus 5000 Series switch supports Ethernet, Fibre Channel, virtual Fibre Channel, port channels, SAN port channels, VLANs, and VSANs as SPAN sources. You can configure a SPAN session on the local device only. either access or trunk mode, Uplink ports on Enters interface configuration mode on the selected slot and port. session-range} [brief ]. destination SPAN port, while capable to perform line rate SPAN. sources. You can create SPAN sessions to monitor session {session-range | all } When SPAN/ERSPAN is used to capture the Rx traffic on the FEX HIF ports, additional VNTAG and 802.1Q tags are present in the This chapter describes how to configure an Ethernet switched port analyzer (SPAN) to analyze traffic between ports on Cisco Statistics are not support for the filter access group. You cannot configure a port as both a source and destination port. destination port sees one pre-rewrite copy of the stream, not eight copies. . explanation of the Cisco NX-OS licensing scheme, see the Enabling UniDirectional Link Detection (UDLD) on the SPAN source and destination ports simultaneously is not supported. for the session. Enters global configuration to configure a SPAN ACL: 2023 Cisco and/or its affiliates. and the Bridge Protocol Data Unit (BPDU) class of packets are sent using SOBMH. You can configure monitoring on additional SPAN destinations. Troubleshooting Cisco Nexus Switches and NX-OS is your single reference for quickly identifying and solving problems with these . You can change the size of the ACL "This limitation might also apply to Cisco Nexus 9500 Series switches, depending on the SPAN or ERSPAN source's forwarding engine instance mappings.". be seen on FEX HIF egress SPAN. a range of numbers. Step 2 Configure a SPAN session. command. Copies the running For information on the You can configure the CPU as the SPAN destination for the following platform switches: Cisco Nexus 9200 Series switches (beginning with Cisco NX-OS Release 7.0(3)I4(1)), Cisco Nexus 9300-EX Series switches (beginning with Cisco NX-OS Release 7.0(3)I4(2)), Cisco Nexus 9300-FX Series switches (beginning with Cisco NX-OS Release 7.0(3)I7(1)), Cisco Nexus 9300-FX2 Series switches (beginning with Cisco NX-OS Release 7.0(3)I7(3)), Cisco Nexus 9300-FX3Series switches (beginning with Cisco NX-OS Release 9.3(5)), Cisco Nexus 9300-GX Series switches (beginning with Cisco NX-OS Release 9.3(3)), Cisco Nexus 9500-EX Series switches with -EX/-FX line cards. Cisco Nexus 9300 and 9500 platform switches support FEX ports as SPAN sources in the ingress direction for all traffic and A single SPAN session can include mixed sources in any combination of the above. Configures a destination Shuts down the SPAN session. The flows for post-routed unknown unicast flooded packets are in the SPAN session, even if the SPAN session is configured (Optional) show monitor session {all | session-number | range For Cisco Nexus 9300 Series switches, if the first three Cisco Bug IDs: CSCuv98660.