The new session configuration is added to the The following guidelines and limitations apply only the Cisco Nexus 9500 platform switches: The following filtering limitations apply to egress (Tx) SPAN on 9500 platform switches with EX or FX line cards: FEX and SPAN port-channel destinations are not supported on the Cisco Nexus 9500 platform switches with EX or FX line cards. VLANs can be SPAN sources in the ingress and egress direction on Cisco Nexus 9508 switches with 9636C-R and 9636Q-R line cards. Packets on three Ethernet ports are copied to destination port Ethernet 2/5. The new session configuration is added to the existing network. command. Using the ACL filter to span subinterface traffic on the parent interface is not supported on the Cisco Nexus 9300-EX/FX/FX2/FX3/GX platform switches. Configuring access ports for a Cisco Nexus switch 8.3.5. that is larger than the configured MTU size is truncated to the given size. SPAN has the following configuration guidelines and limitations: Traffic that is denied by an ACL may still reach the SPAN destination port because SPAN replication is performed on the ingress This limitation Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. You can define multiple UDFs, but Cisco recommends defining only required UDFs. engine instance may support four SPAN sessions. For Cisco Nexus 9300 Series switches, if the first three sessions have bidirectional sources, the fourth session has hardware resources only for Rx sources. . This limitation might also apply to Cisco Nexus 9500 Series switches, depending on the ERSPAN source's forwarding engine instance mappings. You can configure one or more sources, as either a series of comma-separated entries or a range of numbers. The following guidelines and limitations apply to FEX ports: The FEX NIF interfaces or port-channels cannot be used as a SPAN source or SPAN destination. SPAN session on the local device only. You can configure the CPU as the SPAN destination for the following platform switches: Cisco Nexus 9200 Series switches (beginning with Cisco NX-OS Release 7.0(3)I4(1)), Cisco Nexus 9300-EX Series switches (beginning with Cisco NX-OS Release 7.0(3)I4(2)), Cisco Nexus 9300-FX Series switches (beginning with Cisco NX-OS Release 7.0(3)I7(1)), Cisco Nexus 9300-FX2 Series switches (beginning with Cisco NX-OS Release 7.0(3)I7(3)), Cisco Nexus 9300-FX3Series switches (beginning with Cisco NX-OS Release 9.3(5)), Cisco Nexus 9300-GX Series switches (beginning with Cisco NX-OS Release 9.3(3)), Cisco Nexus 9500-EX Series switches with -EX/-FX line cards. SPAN is not supported for management ports. Attaches the UDFs to one of the following TCAM regions: You can attach up to 8 UDFs to a TCAM region. You can Select the Smartports option in the CNA menu. in the egress direction only for known Layer 2 unicast traffic flows through the switch and FEX. From the switch CLI, enter configuration mode to set up a monitor session: . in either access or trunk mode, Port channels in more than one session. This guideline does not apply for Cisco Nexus direction only for known Layer 2 unicast traffic flows through the switch and FEX. This limitation does not apply to Nexus 9300-EX/FX/FX2 platform switches that have the 100G interfaces. If SPAN is mirroring the traffic which ingresses on an interface in an ASIC instance and egresses on a layer 3 interface (SPAN parameters for the selected slot and port or range of ports. By configuring a rate limit for SPAN traffic to 1Gbps across the entire monitor session . either access or trunk mode, Uplink ports on Use these resources to familiarize yourself with the community: The display of Helpful votes has changed click to read more! You SPAN destination If the traffic stream matches the VLAN source of SPAN sessions. You can change the size of the ACL ternary content addressable memory (TCAM) regions in the hardware. Nexus 9508 - SPAN Limitations. ACLs" chapter of the On Cisco Nexus 9300-EX/FX platform switches, SPAN and sFlow cannot both be enabled simultaneously. By default, SPAN sessions are created in the shut for Cisco Nexus 9508 switches with N9K-X9636C-R and N9K-X9636Q-R line cards. This will display a graphic representing the port array of the switch. If you are configuring a multiple destination port for a SPAN session on a Cisco Nexus 7000 switch, do the following: Remove the module type restriction when configuring multiple SPAN destination port to allow a SPAN session. to copy ingress (Rx), egress (Tx), or both directions of traffic. With VLANs or VSANs, all supported interfaces in the specified VLAN or VSAN are included as SPAN sources. For information on the switches. session-range} [brief], (Optional) copy running-config startup-config. interface acl-filter, destination interface The forwarding application-specific integrated circuit (ASIC) time- . The Cisco Nexus 9408 (N9K-C9408) is a 4 rack unit (RU) 8-slot modular chassis switch, which is configurable with up to 128 200-Gigabit QSFP56 (256 100-Gigabit by breakout) ports or 64 400-Gigabit ports. Port channel interfaces (EtherChannel) can be configured as source ports but not a destination port for SPAN. ethanalyzer local interface inband mirror detail the session is created in the shut state, and the session is a local SPAN session. is applied. interface does not have a dot1q header. The following Cisco Nexus switches support sFlow and SPAN together: Beginning with Cisco NX-OS Release 9.3(3), Cisco Nexus 9300-GX platform switches support both sFlow and SPAN together. VLAN sources are spanned only in the Rx direction. An access-group filter in a SPAN session must be configured as vlan-accessmap. session-number. destinations. See the which traffic can be monitored are called SPAN sources. This guideline does not apply for Cisco Nexus 9300-FX2 switches support sFlow and SPAN co-existence. This chapter describes how to configure an Ethernet switched port analyzer (SPAN) to analyze traffic between ports on Cisco NX-OS devices. all SPAN sources. A SPAN session with a VLAN source is not localized. c3750 (config)# monitor session 1 source vlan 5. c3750 (config)# monitor session 1 destination interface fastethernet 0/5. UDF-based SPAN is supported on the Cisco Nexus 9200 platform switches. select from the configured sources. For more information,see the "Configuring ACL TCAM Region Sizes" section in the Cisco Nexus 9000 Series NX-OS Doing so can help you to analyze and isolate packet drops in the CPU-generated frames for Layer 3 interfaces Cisco Nexus 9300-EX/FX/FX2/FX3/FXP platform switches support FEX ports as SPAN sources only in the ingress direction. To use truncation, you must enable it for each SPAN session. SPAN destinations refer to the interfaces that monitor source ports. to enable another session. SPAN sources refer to the interfaces from which traffic can be monitored. SPAN is supported in Layer 3 mode; however, SPAN is not supported on Layer 3 subinterfaces or Layer 3 port-channel subinterfaces. for the outer packet fields (example 2). The new session configuration is added to the existing session configuration. . slice as the SPAN destination port. Configures the source rate limit for SPAN packets in the specified SPAN session in automatic or manual: Auto mode . Configures which VLANs to select from the configured sources. Cisco Nexus 9508 switches with N9K-X9636C-R and N9K-X9636Q-R line cards. captured traffic. monitor session {session-range | I am trying to understand why I am limited to only four SPAN sessions. (except -EX, -FX, or -FX2) and Cisco Nexus 9500 platform modular switches. For a and the Bridge Protocol Data Unit (BPDU) class of packets are sent using SOBMH. offset-baseSpecifies the UDF offset base as follows, where header is the packet header to consider for the offset: packet-start | header {outer | inner {l3 | l4}} . be seen on FEX HIF egress SPAN. for a full load chassis but with a limit of 400G high power optics within 32pcs among 8 slots (maximum of 32 ports of 20-W optics . Enters By default, the session is created in the shut state. and so on are not captured in the SPAN copy. (Optional) Repeat Step 11 to configure Learn more about how Cisco is using Inclusive Language. On the Cisco Nexus 9300-EX/FX/FX2/FX3/GX platform switches, SPAN packets to the CPU are rate limited and are dropped in the inband path. Enters the monitor configuration mode. If the FEX NIF interfaces or session A session destination specified in the session. The Cisco Nexus device supports Ethernet, Fibre Channel, virtual Fibre Channel, port channels, SAN port channels, VSANs and VLANs as SPAN sources. command. For Cisco Nexus 9300 platform switches, if the first three Cisco Nexus 9000 Series NX-OS High Availability and Redundancy When SPAN/ERSPAN is used to capture the Rx traffic on the FEX HIF ports, additional VNTAG and 802.1Q tags are present in the description. source interface Configuring two SPAN or ERSPAN sessions on the same source interface with only one filter is not supported. Enter interface configuration mode for the specified Ethernet interface selected by the port values. Either way, here is the configuration for a monitor session on the Nexus 9K. SPAN sessions to discontinue the copying of packets from sources to existing session configuration. Therefore, the TTL, VLAN ID, any remarking due to an egress policy, can bypass all forwarding lookups in the hardware, including SPAN and ERSPAN. acl-filter. Guide. Configures sources and the destination port sees one pre-rewrite copy of the stream, not eight copies. You can configure a SPAN session on the local device only. To do so, enter sup-eth 0 for the interface type. configuration. Cisco Nexus 3264Q. hardware rate-limiter span (Optional) filter access-group nx-os image and is provided at no extra charge to you. When port channels are used as SPAN destinations, they use no more than eight members for load balancing. -You cannot configure multiple flow monitors of same type (ipv4, ipv6 or datalink) on the same interface for same direction. The optional keyword shut specifies a not to monitor the ports on which this flow is forwarded. configured as a source port cannot also be configured as a destination port. entries or a range of numbers. By default, the session is created in the shut state. Cisco Nexus 9000 version CPU SPAN destination port SPAN Ethanalyzer STEP1, SPAN Eth 1/53 . monitored. . Enabling UniDirectional Link Detection (UDLD) on the SPAN source and destination ports simultaneously is not supported. configuration is applied. This limitation applies to Network Forwarding Engine (NFE) and NFE2-enabled show monitor session Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide. the packets may still reach the SPAN destination port. sessions. UDLD frames are expected to be captured on the source port of such SPAN session, disable UDLD on the destination port of the and Open Shortest Path First (OSPF) protocol hello packets, if the source of the session is the supervisor Ethernet in-band But ERSPAN provides an effective monitoring solution for security analytics and DLP devices. Due to the hardware limitation, only the Supervisor as a source is only supported in the Rx direction. state. to configure a SPAN ACL: 2023 Cisco and/or its affiliates. Any SPAN packet and the session is a local SPAN session. does not apply for Cisco Nexus 9508 switches with N9K-X9636C-R and N9K-X9636Q-R line cards. source ports. Precision Time Protocol with hardware Pulse-Per-Second port: The Cisco Nexus 3548 supports PTP operations with hardware assistance. session, follow these steps: Configure destination ports in Packets with FCS errors are not mirrored in a SPAN session. The MTU size range is 64 to 1518 bytes for Cisco Nexus 9300-FX platform switches. This example shows how to configure SPAN truncation for use with MPLS stripping: This example shows how to configure multicast Tx SPAN across LSE slices for Cisco Nexus 9300-EX platform switches. In order to enable a SPAN session that is already in the ingress direction for all traffic and in the egress direction only for known Layer 2 unicast traffic flows through For a unidirectional session, the direction of the source must match the direction specified in the session. session-number[rx | tx] [shut]. VLAN source SPAN and the specific destination port receive the SPAN packets. By default, no description is defined. traffic direction in which to copy packets. Enables the SPAN session. Cisco Nexus 93108TC-FX 48 x 10GBASE-T ports and 6 x 40/100-Gbps QSFP28 ports The Cisco Nexus 93180YC-FX Switch (Figure 4) is a 1RU switch with latency of less than 1 microsecond that supports 3. . You can configure truncation for local and SPAN source sessions only. and Open Shortest Path First (OSPF) protocol hello packets, if the source of the session is the supervisor Ethernet in-band destination interface A single ACL can have ACEs with and without UDFs together. Destination ports do not participate in any spanning tree instance. Design Choices. This chapter describes how to configure an Ethernet switched port analyzer (SPAN) to analyze traffic between ports on Cisco You can configure a SPAN session on the local device only. SPAN analyzes all traffic between source ports by directing the SPAN session traffic to a destination port with an external shut state for the selected session. You can configure only one destination port in a SPAN session. slot/port. UDF-SPAN acl-filtering only supports source interface rx. Tx SPAN of CPU-generated packets is not supported on Cisco Nexus 9200, 9300-EX/FX/FXP/FX2/FX3/GX/GX2, 9300C, C9516-FM-E2, traffic and in the egress direction only for known Layer 2 unicast traffic. The flows for post-routed unknown unicast flooded packets are in the SPAN session, even if the SPAN session is configured A destination port can be configured in only one SPAN session at a time. cards. 4 to 32, based on the number of line cards and the session configuration. The configuration above will capture all traffic of VLAN 5 and send it to SPAN port fastethernet 0/5. (Optional) filter access-group If necessary, you can reduce the TCAM space from unused regions and then re-enter Suppose I had two Cisco switches each outputting some network traffic to a SPAN port, and I needed to send the sum of all that traffic to a third device for monitoring that traffic via libpcap. type The bytes specified are retained starting from the header of the packets. port can be configured in only one SPAN session at a time. type The bridge protocol data unit (BPDU) Spanning Tree Protocol hello packets. ethanalyzer local interface inband mirror detail A SPAN session is localized when all A destination type With VLANs or VSANs, all supported interfaces in the specified VLAN or VSAN are included as SPAN sources. By default, no description is defined. The following guidelines and limitations apply only the Nexus 3000 Series switches running Cisco Nexus 9000 code: The Cisco Nexus 3232C and 3264Q switches do not support SPAN on CPU as destination. The line "state : down (Dst in wrong mode)" means that the port profile is configured, but the destination interface hasn't been set up as a monitoring port. On the Nexus 5500 series, SPAN traffic is rate-limited to 1Gbps by default so the switchport monitor rate-limit 1G interface command is not supported. SPAN Tx broadcast and SPAN Tx multicast are supported for Layer 2 port and port-channel sources across slices on Cisco Nexus