Configuring SPAN

This chapter describes how to configure an Ethernet switched port analyzer (SPAN) to analyze traffic between ports on Cisco NX-OS devices.

About SPAN

SPAN analyzes all traffic between source ports by directing the SPAN session traffic to a destination port with an external analyzer attached to it.

You can define the sources and destinations to monitor in a SPAN session on the local device.

SPAN Sources

The interfaces from which traffic can be monitored are called SPAN sources. Sources designate the traffic to monitor. SPAN sources include the following:

  • Ethernet ports

  • Port-channels

A single SPAN session can include mixed sources in any combination of the above.

Characteristics of SPAN source ports:

  • A port configured as a source port cannot be configured as a destination port.

SPAN Destinations

SPAN destinations refer to the interfaces that monitor source ports. Destination ports receive the copied traffic from SPAN sources. SPAN destinations include the following:

  • Ethernet ports in either access or trunk mode

  • Port channels in either access or trunk mode

Characteristics of SPAN destination ports:

  • A port configured as a destination port cannot also be configured as a source port.

  • A destination port can be configured in only one SPAN session at a time.

  • Destination ports do not participate in any spanning tree instance. SPAN output includes bridge protocol data unit (BPDU) Spanning Tree Protocol hello packets.

SPAN Sessions

You can create SPAN sessions to designate sources and destinations to monitor.

See the Cisco Nexus 3550-T NX-OS Verified Scalability Guide for information on the number of supported SPAN sessions.

This figure shows a SPAN configuration. Packets on two ethernet ports are copied to destination port, ethernet 1/5. Only traffic in the direction specified is copied.

Figure 1. SPAN Configuration

High Availability

The SPAN feature supports stateless and stateful restarts. After a reboot, the running configuration is applied.

Guidelines and Limitations

SPAN has the following configuration guidelines and limitations:

  • Traffic that is denied by an ACL may still reach the SPAN destination port because SPAN replication is performed on the ingress side prior to the ACL enforcement (ACL dropping traffic).

  • Only ingress SPAN is supported.

  • For SPAN session limits, see the Cisco Nexus 3550-T NX-OS Verified Scalability Guide.

  • All SPAN replication is performed in the hardware. The supervisor CPU is not involved.

  • You can configure a SPAN session on the local device only.

  • Packets with FCS errors are not mirrored in a SPAN session.

  • You can configure only one destination port in a SPAN session.

  • You can configure a destination port for only one SPAN session at a time.

  • You cannot configure a port as both a source and destination port.

  • Spanned packets will reflect the ingress rewrites such as, vlan tag removal, destination-mac rewrite on routed packets. Also, the span output packets are always untagged.

  • Enabling UniDirectional Link Detection (UDLD) on the SPAN source and destination ports simultaneously is not supported. If UDLD frames are expected to be captured on the source port of such SPAN session, disable UDLD on the destination port of the SPAN session.

  • SPAN is supported in layer 2 and layer 3 mode.

  • SPAN is not supported for management ports.

  • SPAN MTU is not supported.

  • VLAN SPAN and VLAN ACL are not supported.

  • Cisco NX-OS does not span Link Layer Discovery Protocol (LLDP) or Link Aggregation Control Protocol (LACP) packets when the source interface is not a host interface port channel.

Prerequisites for SPAN

SPAN has the following prerequisites:

  • You must first configure the ports on each device to support the desired SPAN configuration. For more information, see the Cisco Nexus 3550-T NX-OS Interfaces Configuration Guide.

Default Settings for SPAN

The following table lists the default settings for SPAN parameters.

Parameters Default
SPAN sessions Created in the shut state

Configuring a SPAN Session

You can configure a SPAN session on the local device only. By default, SPAN sessions are created in the shut state.


Note
For bidirectional traditional sessions, you can configure the sessions without specifying the direction of the traffic.

Before you begin

You must configure the destination ports in access or trunk mode.

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

interface ethernet slot/port

Example:

switch(config)# interface ethernet 1/5
switch(config-if)#

Enters interface configuration mode on the selected slot and port.

Step 3

switchport

Example:

switch(config-if)# switchport

Configures switchport parameters for the selected slot and port or range of ports.

Step 4

switchport monitor

Example:

switch(config-if)# switchport monitor

Configures the switchport interface as a SPAN destination.

Step 5

(Optional) Repeat Steps 2 through 4 to configure monitoring on additional SPAN destinations.

(Optional)

Step 6

no monitor session session-number

Example:

switch(config)# no monitor session 3

Clears the configuration of the specified SPAN session. The new session configuration is added to the existing session configuration.

Step 7

monitor session session-number[rx ] [shut]

Example:

switch(config)# monitor session 3 rx
switch(config-monitor)#

Example:

switch(config)# monitor session 3 shut
switch(config-monitor)#

Enters the monitor configuration mode. The new session configuration is added to the existing session configuration. By default, the session is created in the shut state, and the session is a local SPAN session. The optional keyword shut specifies a shut state for the selected session.

Step 8

description description

Example:

switch(config-monitor)# description my_span_session_3

Configures a description for the session. By default, no description is defined. The description can be up to 32 alphanumeric characters.

Step 9

source {interface type [rx

Example:

switch(config-monitor)# source interface ethernet 1/3 rx

Configures sources and the traffic direction in which to copy packets. You can enter a range of Ethernet ports or a port channel.

You can configure one or more sources, as either a series of comma-separated entries or a range of numbers.

You can specify the traffic direction to copy as ingress (rx), egress (tx), or both.

For a unidirectional session, the direction of the source must match the direction specified in the session.

Step 10

(Optional) Repeat Step 9 to configure all SPAN sources.

 (Optional)

Step 11

destination interface type slot/port

Example:

switch(config-monitor)# destination interface ethernet 1/5

Configures a destination for copied source packets.

Note

 
The SPAN destination port must be either an access port or a trunk port.

Note

 
You must enable monitor mode on the destination port.

Step 12

no shut

Example:

switch(config-monitor)# no shut

Enables the SPAN session. By default, the session is created in the shut state.

Step 13

(Optional) show monitor session {all | session-number | range session-range} [brief]

Example:

switch(config-monitor)# show monitor session 3
(Optional)

Displays the SPAN configuration.

Step 14

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Shutting Down or Resuming a SPAN Session

You can shut down SPAN sessions to discontinue the copying of packets from sources to destinations. You can shut down one session in order to free hardware resources to enable another session. By default, SPAN sessions are created in the shut state.

You can resume (enable) SPAN sessions to resume the copying of packets from sources to destinations. In order to enable a SPAN session that is already enabled but operationally down, you must first shut it down and then enable it.

You can configure the shut and enabled SPAN session states with either a global or monitor configuration mode command.

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[no] monitor session {session-range | all} shut

Example:

switch(config)# monitor session 3 shut

Shuts down the specified SPAN sessions. By default, sessions are created in the shut state.

The no form of the command resumes (enables) the specified SPAN sessions. By default, sessions are created in the shut state.

Note

 
If a monitor session is enabled but its operational status is down, to enable the session, you must first specify the monitor session shut command followed by the no monitor session shut command.

Step 3

monitor session session-number

Example:

switch(config)# monitor session 3
switch(config-monitor)#

Enters the monitor configuration mode. The new session configuration is added to the existing session configuration.

Step 4

[no] shut

Example:

switch(config-monitor)# shut

Shuts down the SPAN session. By default, the session is created in the shut state.

The no form of the command enables the SPAN session. By default, the session is created in the shut state.

Step 5

(Optional) show monitor

Example:

switch(config-monitor)# show monitor
(Optional)

Displays the status of SPAN sessions.

Step 6

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Verifying SPAN Configurations

To display the SPAN configuration, perform one of the following tasks:

Command Purpose
show monitor session {all | session-number | range session-range} [brief] Displays the SPAN session configuration.

Configuration Examples

This section contains the following configuration examples:

Configuration Example for a SPAN Session

To configure a SPAN session:

  1. Configure destination ports in access mode and enable SPAN monitoring. 

    switch# configure terminal
switch(config)# interface ethernet 1/5
switch(config-if)# switchport
switch(config-if)# switchport monitor
switch(config-if)# no shut
switch(config-if)# exit
switch(config)#

  2. Configure a SPAN session. 

    switch(config)# no monitor session 3
switch(config)# monitor session 3
switch(config-monitor)# source interface ethernet 1/9 rx
switch(config-monitor)# source interface port-channel 2 rx
switch(config-monitor)# destination interface ethernet 1/5
switch(config-monitor)# no shut
switch(config-monitor)# exit