Configuring MTU on a SPAN session truncates all packets egressing on the SPAN destination (for that session) to the MTU value Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide. For Cisco Nexus 9300 Series switches, if the first three sessions have bidirectional sources, the fourth session has hardware resources only for Rx sources. be seen on FEX HIF egress SPAN. . A single ACL can have ACEs with and without UDFs together. direction only for known Layer 2 unicast traffic flows through the switch and FEX. -You cannot configure multiple flow monitors of same type (ipv4, ipv6 or datalink) on the same interface for same direction. . Using the ACL filter to span subinterface traffic on the parent interface is not supported on the Cisco Nexus 9200 platform down the specified SPAN sessions. Routed traffic might not The following guidelines and limitations apply to Cisco Nexus 9200 and 9300-EX Series switches: The following guidelines and limitations apply to VXLAN/VTEP: SPAN source or destination is supported on any port. You can specify the traffic direction to copy as ingress (rx), egress (tx), or both. You can define multiple UDFs, but Cisco recommends defining only required UDFs. destination SPAN port, while capable to perform line rate SPAN. This guideline does not apply for Cisco Nexus 9508 switches with The SPAN feature supports stateless Configuring MTU on a SPAN session truncates all of the packets egressing on the SPAN destination (for that session) to the session traffic to a destination port with an external analyzer attached to it. This example shows how To capture these packets, you must use the physical interface as the source in the SPAN sessions. entries or a range of numbers. sessions. traffic. To capture these packets, you must use the physical interface as the source in the SPAN sessions. Use the command show monitor session 1 to verify your . UDLD frames are expected to be captured on the source port of such SPAN session, disable UDLD on the destination port of the This example shows how to configure SPAN truncation for use with MPLS stripping: This example shows how to configure multicast Tx SPAN across LSE slices for Cisco Nexus 9300-EX platform switches. (Optional) Repeat Step 9 to configure ip access-list The flows for post-routed unknown unicast flooded packets are in the SPAN session, even if the SPAN session is configured Packets with FCS errors are not mirrored in a SPAN session. type {number | Make sure enough free space is available; When a SPAN session contains source ports that are monitored in the transmit or transmit and receive direction, packets that If necessary, you can reduce the TCAM space from unused regions and then re-enter For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Configures switchport parameters for the selected slot and port or range of ports. configure one or more sources, as either a series of comma-separated entries or Most everyone I know uses the double-sided vPC (virtual port channel) configuration, also known as "criss-cross applesauce" in some circles, between their Nexus 7000s and 5000s, so we will be focusing on those topologies. On the Nexus 5500 series, SPAN traffic is rate-limited to 1Gbps by default so the switchport monitor rate-limit 1G interface command is not supported. Traffic direction is "both" by default for SPAN . This guideline does not apply for Cisco Nexus 9508 switches with N9K-X9636C-R specified SPAN sessions. This guideline does not apply for This guideline does not apply for Cisco Nexus The following guidelines and limitations apply to Cisco Nexus 9200 and 9300-EX Series switches: By default, the session is created in the shut state. Statistics are not support for the filter access group. By default, You can enter a range of Ethernet ethanalyzer local interface inband mirror detail parameters for the selected slot and port or range of ports. 9508 switches with 9636C-R and 9636Q-R line cards. sessions, Rx SPAN is not supported for the physical interface source session. size. Enter global configuration mode. [no ] VLAN ACL redirects to SPAN destination ports are not supported. VLAN SPAN monitors only the traffic that enters Layer 2 ports in the VLAN. Cisco Nexus 9508 switches with 9636C-R and 9636Q-R line cards. and the Bridge Protocol Data Unit (BPDU) class of packets are sent using SOBMH. When SPAN/ERSPAN is used to capture the Rx traffic on the FEX HIF ports, additional VNTAG and 802.1Q tags are present in the Source) on a different ASIC instance, then a Tx mirrored packet has a VLAN ID of 4095 on Cisco Nexus 9300 platform switches port or host interface port channel on the Cisco Nexus 2000 Series Fabric Cisco Nexus 93108TC-FX 48 x 10GBASE-T ports and 6 x 40/100-Gbps QSFP28 ports The Cisco Nexus 93180YC-FX Switch (Figure 4) is a 1RU switch with latency of less than 1 microsecond that supports 3. . For a The description can be up to 32 alphanumeric Cisco Nexus 9300 and 9500 platform switches support FEX ports as SPAN sources in the ingress direction for all traffic and To match additional bytes, you must define An egress SPAN copy of an access port on a switch interface will always have a dot1q header. On the Cisco Nexus 9500 platform switches, depending on the SPAN source's forwarding engine instance mappings, a single forwarding The destination port is ethernet 3/32, and the source is the port-channels 45 and 55. the destination ports in access or trunk mode. The following table lists the default NX-OS devices. Configuration Example - Monitoring an entire VLAN traffic. . session configuration. The MTU size range is 320 to 1518 bytes for Cisco Nexus 9500 platform switches with 9700-EX and 9700-FX line cards. You can configure a SPAN session on the local device only. VLAN ACL redirects to SPAN destination ports are not supported. interface to the control plane CPU, Satellite ports Step 2 Configure a SPAN session. They are not supported in Layer 3 mode, and From the switch CLI, enter configuration mode to set up a monitor session: can be on any line card. source {interface be seen on FEX HIF egress SPAN. For information on the The new session configuration is added to the Cisco Bug IDs: CSCuv98660. Either way, here is the configuration for a monitor session on the Nexus 9K. The documentation set for this product strives to use bias-free language. SPAN session. for copied source packets. Log into the switch through the CNA interface. Furthermore, it also provides the capability to configure up to 8 . By default, sessions are created in the shut state. You can configure a destination port only one SPAN session at a time. Doing so can help you to analyze and isolate packet drops in the Configuring a Cisco Nexus switch" 8.3.1. sources. You can configure a SPAN session on the local device only. can change the rate limit using the (Optional) Repeat Step 11 to configure all source VLANs to filter. Cisco's Nexus 5000 / 2000 design guide lays out a number of topology choices for your data center. Configures which VLANs to select from the configured sources. the MTU. The new session configuration is added to the existing session configuration. can bypass all forwarding lookups in the hardware, including SPAN and ERSPAN. shut state for the selected session. However, on Cisco Nexus 9300-EX/FX/FX2 platform switches, both NetFlow and SPAN can be enabled simultaneously, port. port can be configured in only one SPAN session at a time. in the ingress direction for all traffic and in the egress direction only for known Layer 2 unicast traffic flows through For the Cisco Nexus 9732C-EX line card, one copy is made per unit that has members. To display the SPAN udf-nameSpecifies the name of the UDF. slot/port. For more information on high availability, see the Cisco Nexus 9000 Series NX-OS High Availability and Redundancy Guide. After a reboot or supervisor switchover, the running configuration specify the traffic direction to copy as ingress (rx), egress (tx), or both. For the Cisco Nexus 9732C-EX line card, one copy is made per unit that has members. nx-os image and is provided at no extra charge to you. Copies the running configuration to the startup configuration. monitor See the The following guidelines and limitations apply to egress (Tx) SPAN: SPAN copies for multicast packets are made prior to rewrite. Tx SPAN for multicast, unknown multicast, and broadcast traffic are not supported on the Cisco Nexus 9200 platform switches. The FEX NIF interfaces or port-channels cannot be used as a SPAN source or SPAN destination. You can configure the shut and enabled SPAN session states with either EOR switches and SPAN sessions that have Tx port sources. ports do not participate in any spanning tree instance. This limitation does not apply to the following switch platforms which support VLAN spanning in both directions: Cisco Nexus 9504, 9508, and 9516 switches with the 97160YC-EX line card. Shuts down the SPAN session. This limitation does not apply to Nexus 9300-EX/FX/FX2 platform switches that have the 100G interfaces. The Cisco Nexus device supports Ethernet, Fibre Channel, virtual Fibre Channel, port channels, SAN port channels, VSANs and VLANs as SPAN sources. SPAN requires no A destination Switch(config)#show monitor Session 1 --------- Type : Local Session Source Ports : Both : Ge0/1 Destination Ports : Ge0/8 Encapsulation : Native . Enters interface The forwarding application-specific integrated circuit (ASIC) time- . This limitation does not apply to Nexus 9300-EX/FX/FX2 switches that have the 100G interfaces. See the Cisco Nexus 9000 Series NX-OS Verified Scalability Guide for information on the number of supported SPAN sessions. On Cisco Nexus 9300-EX/FX platform switches, SPAN and sFlow cannot both be enabled simultaneously. You can configure the device to match on user-defined fields (UDFs) of the outer or inner packet fields (header or payload) Nexus 9508 platform switches with 9636C-R and 9636Q-R line cards. no form of the command resumes (enables) the show monitor session VLAN can be part of only one session when it is used as a SPAN source or filter. switches using non-EX line cards. session Routed traffic might not be seen on FEX HIF egress SPAN. Design Choices. range This chapter describes how to configure an Ethernet switched port analyzer (SPAN) to analyze traffic between ports on Cisco For SPAN session limits, see the Cisco Nexus 9000 Series NX-OS Verified Scalability Guide. and so on, are not captured in the SPAN copy. By default, the session is created in the shut state. hardware rate-limiter span 4 to 32, based on the number of line cards and the session configuration, 14. also apply to Cisco Nexus 9500 Series switches, depending on the SPAN source's forwarding engine instance mappings. For more information, see the Cisco Nexus 9000 Series NX-OS Cisco Nexus 9300 and 9500 platform switches support FEX ports as SPAN sources in the ingress direction for all traffic and You can change the size of the ACL command. . If the FEX NIF interfaces or SPAN is not supported for management ports. You can analyze SPAN copies on the supervisor using the Cisco NX-OS Network Security, VPN Security, Unified Communications, Hyper-V, Virtualization, Windows 2012, Routing, Switching, Network Management, Cisco Lab, Linux Administration Extender (FEX). type characters. be on the same leaf spine engine (LSE). You can enter a range of Ethernet ports, a port channel, (Otherwise, the slice the copied traffic from SPAN sources. For more information on high availability, see the This applies to all switches except Cisco Nexus 9300-EX/-FX/-FX2/-FX3/-GX platform switches, and Cisco Nexus 9500 series platform switches with -EX/-FX line cards. RX-SPAN is rate-limited to 0.71 Gbps per port when the RX-traffic on the port . UDF-SPAN acl-filtering only supports source interface rx. session-number. To configure a unidirectional SPAN By default, SPAN sessions are created in the shut state. these ports receive might be replicated to the SPAN destination port even though the packets are not actually transmitted Displays the SPAN unidirectional session, the direction of the source must match the direction Step 1 Configure destination ports in access or trunk mode, and enable SPAN monitoring. vlan For more information, see the When a single traffic flow is spanned to the CPU (Rx SPAN) and an Ethernet port (Tx SPAN), both the SPAN copies are policed. ethernet slot/port. SPAN has the following configuration guidelines and limitations: Traffic that is denied by an ACL may still reach the SPAN destination port because SPAN replication is performed on the ingress In addition, if for any reason one or more of A port cannot be configured as a destination port if it is a source port of a span session or part of source VLAN. Cisco Nexus 9300 platform switches do not support Tx SPAN on 40G uplink ports. The Cisco Nexus 3048, with its compact one-rack-unit (1RU) form factor and integrated Layer 2 and 3 switching, complements the existing Cisco Nexus family of switches. Configuring access ports for a Cisco Nexus switch 8.3.5. Routed traffic might not be seen on FEX traffic in the direction specified is copied. UDF-SPAN acl-filtering only supports source interface rx. up to 32 alphanumeric characters. of the source interfaces are on the same line card. This limitation Copies the running The rest are truncated if the packet is longer than in the same VLAN. acl-filter. traffic and in the egress direction only for known Layer 2 unicast traffic. This guideline does not apply for Cisco Nexus 9508 switches with 9636C-R and Sources designate the traffic to monitor and whether By default, the session is created in the shut state, SPAN is not supported for management ports. slot/port [rx | tx | both], mtu Configures a description network.