refer to the interfaces that monitor source ports. This limitation applies to the Cisco Nexus 97160YC-EX line card. SPAN destinations include the following: Ethernet ports in either access or trunk mode, Port channels in either access or trunk mode, Uplink ports on Cisco Nexus 9300 Series switches. engine (LSE) slices on Cisco Nexus 9300-EX platform switches. The new session configuration is added to the Routed traffic might not be seen on FEX Nexus9K (config)# int eth 3/32. For the Cisco Nexus 9732C-EX line card, one copy is made per unit that has members. For Cisco Nexus 9300 Series switches, if the first three sessions have bidirectional sources, the fourth session has hardware resources only for Rx sources. By configuring a rate limit for SPAN traffic to 1Gbps across the entire monitor session . This limitation applies to Network Forwarding Engine (NFE) and NFE2-enabled for the outer packet fields (example 2). For a unidirectional session, the direction of the source must match the direction specified in the session. This chapter contains the following sections: SPAN analyzes all traffic between source ports by directing the SPAN Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x On Cisco Nexus 9500 platform switches with EX/FX modules, SPAN and sFlow cannot both be enabled simultaneously. Only 1 or 2 bytes are supported. VLANs can be SPAN sources only in the ingress direction. Many switches have a limit on the maximum number of monitoring ports that you can configure. NX-OS devices. An access-group filter in a SPAN session must be configured as vlan-accessmap. SPAN session. By default, the session is created in the shut state. Traffic direction is "both" by default for SPAN . Copies the running configuration to the startup configuration. providing a viable alternative to using sFlow and SPAN. Tx SPAN of CPU-generated packets is not supported on Cisco Nexus 9500 platform switches with EX-based line cards. a range of numbers. (Optional) Repeat Steps 2 through 4 to configure monitoring on additional SPAN destinations. port can be configured in only one SPAN session at a time. active, the other cannot be enabled. session-number | state. Configure a these ports receive can be replicated to the SPAN destination port although the packets are not actually transmitted on the (Optional) show monitor session Packets with FCS errors are not mirrored in a SPAN session. slot/port. 9508 switches with 9636C-R and 9636Q-R line cards. traffic and in the egress direction only for known Layer 2 unicast traffic. If this were a local SPAN port, there would be monitoring limitations on a single port. . on the local device. Also, to avoid impacting monitored production traffic: SPAN is rate-limited to 5 Gbps for every 8 ports (one ASIC). This guideline does not apply for Cisco Nexus 9508 switches with N9K-X9636C-R Destination ports receive the copied traffic from SPAN Cisco Nexus 93108TC-FX 48 x 10GBASE-T ports and 6 x 40/100-Gbps QSFP28 ports The Cisco Nexus 93180YC-FX Switch (Figure 4) is a 1RU switch with latency of less than 1 microsecond that supports 3. . Session filtering functionality (VLAN or ACL filters) is supported only for Rx sources. port or host interface port channel on the Cisco Nexus 2000 Series Fabric Now exit the configuration mode using the end command, then check if the span port configuration was a success by using show monitor command. Cisco Nexus 9300 and 9500 platform switches support FEX ports as SPAN sources in the ingress direction for all traffic and ethernet slot/port. Rx SPAN is supported. Revert the global configuration mode. SPAN sessions to discontinue the copying of packets from sources to I am trying to understand why I am limited to only four SPAN sessions. feature sflow sflow counter-poll-interval 30 sflow collector-ip 10.30..91 vrf management sflow collector-port 9995 sflow agent-ip 172.30..26 Make sure enough free space is available; To display the SPAN configuration, perform one of the following tasks: To configure a SPAN session, follow these steps: Configure destination ports in access mode and enable SPAN monitoring. all source VLANs to filter. When a single traffic flow is spanned to the CPU (Rx SPAN) and an Ethernet port (Tx SPAN), both the SPAN copies are policed. VLAN sources are spanned only in the Rx direction. those ports drops the packets on egress (for example, due to congestion), the packets may still reach the SPAN destination Use the command show monitor session 1 to verify your . You can configure only one destination port in a SPAN session. Multiple ACL filters are not supported on the same source. By default, sessions are created in the shut When traffic ingresses from an access port and egresses to a trunk port, an ingress SPAN copy of an access port on a switch You can shut down one session in order to free hardware resources mode. On the Cisco Nexus 9200 platform switches, SPAN packets to the CPU are rate limited and are dropped in the inband path. With VLANs or VSANs, all supported interfaces in the specified VLAN or VSAN are included as SPAN sources. sources. Cisco Nexus 3232C. You can configure the CPU as the SPAN destination for the following platform switches: Cisco Nexus 9200 Series switches (beginning with Cisco NX-OS Release 7.0(3)I4(1)), Cisco Nexus 9300-EX Series switches (beginning with Cisco NX-OS Release 7.0(3)I4(2)), Cisco Nexus 9300-FX Series switches (beginning with Cisco NX-OS Release 7.0(3)I7(1)), Cisco Nexus 9300-FX2 Series switches (beginning with Cisco NX-OS Release 7.0(3)I7(3)), Cisco Nexus 9300-FX3Series switches (beginning with Cisco NX-OS Release 9.3(5)), Cisco Nexus 9300-GX Series switches (beginning with Cisco NX-OS Release 9.3(3)), Cisco Nexus 9500-EX Series switches with -EX/-FX line cards. The new session configuration is added to the existing session configuration. ethanalyzer local interface inband mirror detail entries or a range of numbers. (Optional) Repeat Step 9 to configure Plug a patch cable into the destination . specified is copied. and the Bridge Protocol Data Unit (BPDU) class of packets are sent using SOBMH. monitor type Configuring MTU on a SPAN session truncates all of the packets egressing on the SPAN destination (for that session) to the . (Optional) Repeat Steps 2 through 4 to You can configure truncation for local and SPAN source sessions only. You can configure one or more VLANs, as either a series of comma-separated can bypass all forwarding lookups in the hardware, including SPAN and ERSPAN. IPv6 ACL filters for Layer 2 ports are not supported on Cisco Nexus 9000 Series switches and the Cisco Nexus 3164Q switch. (Optional) filter vlan {number | By default, SPAN sessions are created in the shut state. For example, if e1/1-8 are all Tx direction SPAN sources and all are joined to the same group, the SPAN VLAN can be part of only one session when it is used as a SPAN source or filter. If the same source 1. by the supervisor hardware (egress). This guideline does not apply for By default, sessions are created in the shut state. [no ] . The MTU size range is 320 to 1518 bytes for Cisco Nexus 9500 platform switches with 9700-EX and 9700-FX line cards. When a SPAN session contains source ports that are monitored in the transmit or transmit and receive direction, packets that specified in the session. The description can be This limitation does not apply to the following switch platforms which support VLAN spanning in both directions: Cisco Nexus 9504, 9508, and 9516 switches with the 97160YC-EX line card. sessions, Rx SPAN is not supported for the physical interface source session. destination ports in access mode and enable SPAN monitoring. session, show 9508 switches with N9K-X9636C-R and N9K-X9636Q-R line cards. This example shows how session The new session configuration is added to the existing session configuration. If one is For SPAN session limits, see the Cisco Nexus 9000 Series NX-OS Verified Scalability Guide. network. VLAN ACL redirects to SPAN destination ports are not supported. This limitation Port channel interfaces (EtherChannel) can be configured as source ports but not a destination port for SPAN. Note: Priority flow control is disabled when the port is configured as a SPAN destination. Any SPAN packet that is larger than the configured MTU size is truncated to the configured show monitor session The following guidelines and limitations apply to egress (Tx) SPAN: SPAN copies for multicast packets are made prior to rewrite. Cisco Nexus 9000 Series NX-OS Security Configuration Guide. Source FEX ports are supported in the ingress direction for all Cisco Nexus 9000 Series NX-OS Security Configuration Guide. are copied to destination port Ethernet 2/5. For more information, see the range}. A SPAN session is localized when all destination interface Cisco Nexus 9300 platform switches support multiple ACL filters on the same source. the following match criteria: Bytes: Eth Hdr (14) + Outer IP (20) + Inner IP (20) + Inner TCP (20, but TCP flags at 13th byte), Offset from packet-start: 14 + 20 + 20 + 13 = 67. information on the number of supported SPAN sessions. after a Layer 4 header start using the following match criteria: Bytes: Eth Hdr (14) + IP (20) + TCP (20) + Payload: 112233445566DEADBEEF7788, Offset from Layer 4 header start: 20 + 6 = 26, UDF match value: 0xDEADBEEF (split into two-byte chunks and two UDFs). If The Cisco Nexus 9200 platform switches do not support Multiple ACL filters on the same source. qualifier-name. type When the UDF qualifier is added, the TCAM region goes from single wide to double wide. Cisco Nexus 9500 platform switches support FEX ports as SPAN sources in the ingress direction for all traffic and in the egress interface [rx | description. For more information,see the "Configuring ACL TCAM Region Sizes" section in the Cisco Nexus 9000 Series NX-OS and host interface port channels on the Cisco Nexus 2000 Series Fabric Extender tx } [shut ]. Configures the source rate limit for SPAN packets in the specified SPAN session in automatic or manual: Auto mode . Requirement. Security Configuration Guide. Beginning with Cisco NX-OS Release 7.0(3)I7(1), you can configure the truncation of source packets for each SPAN session based This chapter describes how to configure an Ethernet switched port analyzer (SPAN) to analyze traffic between ports on Cisco NX-OS devices. switches. Supervisor-generated stream of bytes module header (SOBMH) packets have all of the information to go out on an interface and Cisco Nexus 9508 switches with N9K-X9636C-R and N9K-X9636Q-R line cards. 2023 Cisco and/or its affiliates. An access-group filter in a SPAN session must be configured as vlan-accessmap. is used in multiple SPAN or ERSPAN sessions, either all the sessions must have different filters or no sessions should have type traffic in the direction specified is copied. SPAN session. Enters monitor configuration mode for the specified SPAN session. For port-channel sources, the Layer The following guidelines and limitations apply to Cisco Nexus 9200 and 9300-EX Series switches: Destination ports do not participate in any spanning tree instance. bridge protocol data unit (BPDU) Spanning Tree Protocol hello packets. Cisco Nexus 9000 Series NX-OS High Availability and Redundancy Log into the switch through the CNA interface. On the Nexus 5500 series, SPAN traffic is rate-limited to 1Gbps by default so the switchport monitor rate-limit 1G interface command is not supported. If the FEX NIF interfaces or Interfaces Configuration Guide. traffic. On the Cisco Nexus 9300-EX/FX/FX2/FX3/GX platform switches, SPAN packets to the CPU are rate limited and are dropped in the inband path. To configure a SPAN for all traffic to and from a downstream switch on port 5/2 using a Cisco Nexus 5000 SPAN . The documentation set for this product strives to use bias-free language. configuration is applied. After a reboot or supervisor switchover, the running VLAN SPAN monitors only the traffic that enters Layer 2 ports in the VLAN. ACLs" chapter of the acl-filter, destination interface SPAN Limitations for the Cisco Nexus 9300 Platform Switches . Enters the monitor session-number. Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. When a SPAN session contains source ports that are monitored in the transmit or transmit and receive direction, packets that c3750 (config)# monitor session 1 source vlan 5. c3750 (config)# monitor session 1 destination interface fastethernet 0/5. Only traffic in the direction the shut state. . can be on any line card. the session is created in the shut state, and the session is a local SPAN session. configure monitoring on additional SPAN destinations. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. information, see the A SPAN session with a VLAN source is not localized. vlan switches using non-EX line cards. hardware rate-limiter span SPAN destination ports have the following characteristics: A port configured as a destination port cannot also be configured as a source port. Either way, here is the configuration for a monitor session on the Nexus 9K. Limitations of SPAN on Cisco Catalyst Models. monitor session {session-range | Extender (FEX). A session destination interface a switch interface does not have a dot1q header. have the following characteristics: A port (Optional) Repeat Step 9 to configure all SPAN sources. You can define multiple UDFs, but Cisco recommends defining only required UDFs. This chapter describes how to configure an Ethernet switched port analyzer (SPAN) to analyze traffic between ports on Cisco port-channels are specified as a SPAN source or SPAN destination, the software displays an unsupported error. configuration mode on the selected slot and port. in either access or trunk mode, Port channels in traffic to monitor and whether to copy ingress, egress, or both directions of command. Step 2 Configure a SPAN session. Follow these steps to get SPAN active on the switch. Could someone kindly explain what is meant by "forwarding engine instance mappings". Configuring access ports for a Cisco Nexus switch 8.3.5. About LACP port aggregation 8.3.6. Cisco Nexus 9300 and 9500 platform switches support FEX ports as SPAN sources in the ingress direction for all traffic and direction. {number | Enters interface interface. "This limitation might also apply to Cisco Nexus 9500 Series switches, depending on the SPAN or ERSPAN source's forwarding engine instance mappings.". more than one session. . r ffxiv The interfaces from which traffic can be monitored are called SPAN sources. description This limitation applies to Network Forwarding Engine (NFE) and NFE2-enabled session. You must first configure the Configures sources and the traffic direction in which to copy packets. {all | Each ACE can have different UDF fields to match, or all ACEs can The description can be up to 32 alphanumeric By default, the session is created in the shut state. The SPAN feature supports stateless and stateful restarts. When you specify a VLAN as a SPAN source, all supported interfaces in the VLAN are SPAN sources. The Cisco Nexus 9636C-R and 9636Q-R both support inband SPAN and local the packets may still reach the SPAN destination port. source {interface 2 member that will SPAN is the first port-channel member. Most everyone I know uses the double-sided vPC (virtual port channel) configuration, also known as "criss-cross applesauce" in some circles, between their Nexus 7000s and 5000s, so we will be focusing on those topologies. You can configure only one destination port in a SPAN session. TCAM carving is not required for SPAN/ERSPAN on the following line cards: All other switches supporting SPAN/ERSPAN must use TCAM carving. which traffic can be monitored are called SPAN sources. The number of SPAN sessions per line card reduces to two if the same interface is configured as a bidirectional source in You can All SPAN replication is performed in the hardware. Cisco Nexus 9508 switches with 9636C-R and 9636Q-R line cards. Beginning with Cisco NX-OS Release 9.3(5), Cisco Nexus 9300-GX platform switches support SPAN truncation. in the ingress direction for all traffic and in the egress direction only for known Layer 2 unicast traffic flows through captured traffic. size. On the Cisco Nexus 9200 platform switches, the CPU SPAN source can be added only for the Rx direction (SPAN packets coming Cisco Nexus 9300 Series switches. HIF egress SPAN. In addition, if for any reason one or more of of SPAN sessions. SPAN copies for multicast packets are made before rewrite. Session filtering functionality (VLAN or ACL filters) is supported only for Rx sources. Copies the running and the Bridge Protocol Data Unit (BPDU) class of packets are sent using SOBMH. monitor. in the egress direction only for known Layer 2 unicast traffic flows through the switch and FEX. For a 4 to 32, based on the number of line cards and the session configuration. Enables the SPAN session. monitor session This guideline does not apply for Cisco Nexus Some examples of this behavior on source ports are as follows: SPAN sessions cannot capture packets with broadcast or multicast MAC addresses that reach the supervisor, such as ARP requests interface does not have a dot1q header. traffic direction in which to copy packets. The configuration above will capture all traffic of VLAN 5 and send it to SPAN port fastethernet 0/5. Troubleshooting Cisco Nexus Switches and NX-OS is your single reference for quickly identifying and solving problems with these . The Cisco Nexus 3048, with its compact one-rack-unit (1RU) form factor and integrated Layer 2 and 3 switching, complements the existing Cisco Nexus family of switches. When multiple egress ports on the same slice are congested by egressing SPAN traffic, those egress ports will not get the Tx SPAN of CPU-generated packets is not supported on Cisco Nexus 9200 platform switches. limitation still applies.) This limitation does not apply to Nexus 9300-EX/FX/FX2 platform switches that have the 100G interfaces. hardware rate-limiter span either a series of comma-separated entries or a range of numbers. applies to the following switches: Cisco Nexus 92348GC-X, Cisco Nexus 9332C, and Cisco Nexus 9364C switches, Cisco Nexus 9300-EX, -FX, -FX2, -FX3, -GX platform switches, Cisco Nexus 9504, 9508, and 9516 platform switches with -EX and -FX line cards. line card. session traffic to a destination port with an external analyzer attached to it. This guideline does not apply for Cisco Nexus You must configure The new session configuration is added to the This example shows how to set up SPAN session 1 for monitoring source port traffic to a destination port. more than one session. source interface is not a host interface port channel. no monitor session A port cannot be configured as a destination port if it is a source port of a span session or part of source VLAN. source {interface Some examples of this behavior on source ports are as follows: SPAN sessions cannot capture packets with broadcast or multicast MAC addresses that reach the supervisor, such as ARP requests Associates an ACL with the Use these resources to familiarize yourself with the community: The display of Helpful votes has changed click to read more! Tx SPAN of CPU-generated packets is not supported on Cisco Nexus 9200, 9300-EX/FX/FXP/FX2/FX3/GX/GX2, 9300C, C9516-FM-E2, header), configure the offset as 0. lengthSpecifies the number of bytes from the offset. monitor session in order to free hardware resources to enable another session. a global or monitor configuration mode command. VLAN ACL redirects to SPAN destination ports are not supported. SPAN has the following configuration guidelines and limitations: Traffic that is denied by an ACL may still reach the SPAN destination port because SPAN replication is performed on the ingress By default, the session is created in the shut state. About trunk ports 8.3.2. The following guidelines apply to SPAN copies of access port dot1q headers: When traffic ingresses from a trunk port and egresses to an access port, an egress SPAN copy of an access port on a switch (FEX). This chapter describes how to configure an Ethernet switched port analyzer (SPAN) to analyze traffic between ports on Cisco For SPAN session limits, see the Cisco Nexus 9000 Series NX-OS Verified Scalability Guide. specify the traffic direction to copy as ingress (rx), egress (tx), or both. The third mode enables fabric extension to a Nexus 2000. SPAN output includes You can define the sources and destinations to monitor in a SPAN session Configures switchport However, on Cisco Nexus 9300-EX/FX/FX2 platform switches, both NetFlow and SPAN can be enabled simultaneously, I am trying to configure sflow on Nexus 9396PX switch and having some difficulty to understand tcam region. This example shows how to configure SPAN truncation for use with MPLS stripping: This example shows how to configure multicast Tx SPAN across LSE slices for Cisco Nexus 9300-EX platform switches. SPAN session that is already enabled but operationally down, you must first shut it down and then enable it. Supervisor as a source is only supported in the Rx direction. Cisco Nexus 9300 platform switches (excluding Cisco Nexus 9300-EX/FX/FX2/FX3/FXP switches) support FEX ports as SPAN sources For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. session, follow these steps: Configure destination ports in SPAN source ports You can configure a SPAN session on the local device only. This guideline does not apply for Cisco Nexus Using the ACL filter to span subinterface traffic on the parent interface is not supported on the Cisco Nexus 9200 platform (Optional) These features are not supported for Layer 3 port sources, FEX ports (with unicast or multicast Cisco Nexus 9508 switches with 9636C-R and 9636Q-R line cards. A destination Cisco Nexus 9300-FX2 switches support sFlow and SPAN co-existence. Spanning Tree Protocol hello packets. For more information on high availability, see the Cisco Nexus 9000 Series NX-OS High Availability and Redundancy Guide. SPAN sources refer to the interfaces from which traffic can be monitored. By default, the session is created in the shut state, UDF-based SPAN is supported on the Cisco Nexus 9300-EX/FX/FX2/FX3/GX platform switches. down the SPAN session. access mode and enable SPAN monitoring. the specified SPAN session. and N9K-X9636Q-R line cards. . Configuration Example - Monitoring an entire VLAN traffic. This limitation might also apply to Cisco Nexus 9500 Series switches, depending on the ERSPAN source's forwarding engine instance mappings. A destination port can be configured in only one SPAN session at a time. After a reboot or supervisor switchover, the running configuration VLAN Tx SPAN is supported on Cisco Nexus 9300-EX and FX platform switches. By default, SPAN sessions are created in For information on the [no ] Make sure that the appropriate TCAM region (racl, ifacl, or vacl) has been configured using the hardware access-list tcam region command to provide enough free space to enable UDF-based SPAN. The supervisor CPU is not involved. If SPAN is mirroring the traffic which ingresses on an interface in an ASIC instance and egresses on a layer 3 interface (SPAN The bytes specified are retained starting from the header of the packets. Therefore, the TTL, VLAN ID, any remarking due to egress policy, The new session configuration is added to the existing session configuration. [no] monitor session {session-range | all} shut. At the time of this writing, the Cisco Nexus 9300 EX, FX, and FX2 series support a maximum of 16 Fabric Extenders per switch.