Configuring SPAN

This chapter contains the following sections:

Information About SPAN

The Switched Port Analyzer (SPAN) feature (sometimes called port mirroring or port monitoring) selects network traffic for analysis by a network analyzer. The network analyzer can be a Cisco SwitchProbe or other Remote Monitoring (RMON) probes.

SPAN Sources

SPAN sources refer to the interfaces from which traffic can be monitored. The Cisco Nexus Series device supports Ethernet, port channels, and VLANs as SPAN sources. With VLANs, all supported interfaces in the specified VLAN are included as SPAN sources. You can choose the SPAN traffic in the ingress direction, the egress direction, or both directions for Ethernet source interfaces:

  • Ingress source (Rx)—Traffic entering the device through this source port is copied to the SPAN destination port.

  • Egress source (Tx)—Traffic exiting the device through this source port is copied to the SPAN destination port.

Characteristics of Source Ports

A source port, also called a monitored port, is a switched interface that you monitor for network traffic analysis. The switch supports any number of ingress source ports (up to the maximum number of available ports on the switch) and any number of source VLANs.

A source port has these characteristics:

  • Can be of Ethernet, port channel, or VLAN port type.

  • Cannot be monitored in multiple SPAN sessions.

  • Cannot be a destination port.

  • Each source port can be configured with a direction (ingress, egress, or both) to monitor. For VLAN sources, the monitored direction can only be ingress and applies to all physical ports in the group. The RX/TX option is not available for VLAN SPAN sessions.

  • Source ports can be in the same or different VLANs.

SPAN Destinations

SPAN destinations refer to the interfaces that monitors source ports. The Cisco Nexus Series device supports Ethernet interfaces as SPAN destinations.

Source SPAN

Dest SPAN

Ethernet

Ethernet

Characteristics of Destination Ports

Each local SPAN session must have a destination port (also called a monitoring port) that receives a copy of traffic from the source ports or VLANs. A destination port has these characteristics:

  • Can be any physical port. Source ethernet ports cannot be destination ports.

  • Cannot be a source port.

  • Cannot be a port channel.

  • Does not participate in spanning tree while the SPAN session is active.

  • Is excluded from the source list and is not monitored if it belongs to a source VLAN of any SPAN session.

  • Receives copies of sent and received traffic for all monitored source ports. If a destination port is oversubscribed, it can become congested. This congestion can affect traffic forwarding on one or more of the source ports.

Guidelines and Limitations for SPAN

SPAN has the following guidelines and limitations:

  • If you install NX-OS 5.0(3)U2(2) and then downgrade to a lower version of software, the SPAN configuration is lost.

    To avoid this, you need to save the configuration before upgrading to NX-OS 5.0(3)U2(2), and then reapply the local span configurations after the downgrade.

    For information about a similar ERSPAN limitation, see Guidelines and Limitations for ERSPAN for ERSPAN.

Creating or Deleting a SPAN Session

You create a SPAN session by assigning a session number using the monitor session command. If the session already exists, any additional configuration information is added to the existing session.

Procedure
     Command or ActionPurpose
    Step 1switch# configure terminal  

    Enters global configuration mode.

     
    Step 2 switch(config)# monitor session session-number
     

    Enters the monitor configuration mode. New session configuration is added to the existing session configuration.

     

    This example shows how to configure a SPAN monitor session:

    switch# configure terminal
switch(config) # monitor session 2
switch(config) #

    Configuring an Ethernet Destination Port

    You can configure an Ethernet interface as a SPAN destination port.


    Note

    The SPAN destination port can only be a physical port on the switch.

    Procedure
       Command or ActionPurpose
      Step 1switch# configure terminal  

      Enters global configuration mode.

       
      Step 2 switch(config)# interface ethernet slot/port
       

      Enters interface configuration mode for the Ethernet interface with the specified slot and port.

       
      Step 3 switch(config-if)# switchport monitor
       

      Enters monitor mode for the specified Ethernet interface. Priority flow control is disabled when the port is configured as a SPAN destination.

       
      Step 4 switch(config-if)# exit
       

      Reverts to global configuration mode.

       
      Step 5 switch(config)# monitor session session-number
       

      Enters monitor configuration mode for the specified SPAN session.

       
      Step 6 switch(config-monitor)# destination interface ethernet slot/port
       

      Configures the Ethernet SPAN destination port.

       

      The following example shows how to configure an Ethernet SPAN destination port: 

      switch# configure terminal
switch(config)# interface ethernet 1/3
switch(config-if)# switchport monitor
switch(config-if)# exit
switch(config)# monitor session 2
switch(config-monitor)# destination interface ethernet 1/3
switch(config-monitor)#

      Configuring Source Ports

      Source ports can only be Ethernet ports.

      Procedure
         Command or ActionPurpose
        Step 1switch# configure terminal  

        Enters global configuration mode.

         
        Step 2switch(config) # monitor session session-number 

        Enters monitor configuration mode for the specified monitoring session.

         
        Step 3 switch(config-monitor) # source interface type slot/port [rx | tx | both]
         

        Configures sources and the traffic direction in which to duplicate packets. You can enter a range of Etherne ports. You can specify the traffic direction to duplicate as ingress (rx), egress (tx), or both. By default, the direction is both.

         

        The following example shows how to configure an Ethernet SPAN source port: 

        switch# configure terminal
switch(config)# monitor session 2
switch(config-monitor)# source interface ethernet 1/16
switch(config-monitor)#

        Configuring Source Port Channels or VLANs

        You can configure the source channels for a SPAN session. These ports can be port channels, and VLANs. The monitored direction can be ingress, egress, or both and applies to all physical ports in the group.

        Procedure
           Command or ActionPurpose
          Step 1switch# configure terminal  

          Enters global configuration mode.

           
          Step 2switch(config) # monitor session session-number 

          Enters monitor configuration mode for the specified SPAN session.

           
          Step 3 switch(config-monitor) # source {interface {port-channel} channel-number [rx | tx | both] | vlan vlan-range}
           

          Configures port channel, or VLAN sources. For VLAN sources, the monitored direction is implicit.

           

          This example shows how to configure a port channel SPAN source: 

          switch# configure terminal
switch(config)# monitor session 2
switch(config-monitor)# source interface port-channel 1 rx
switch(config-monitor)# source interface port-channel 3 tx
switch(config-monitor)# source interface port-channel 5 both
switch(config-monitor)#

          This example shows how to configure a VLAN SPAN source: 

          switch# configure terminal
switch(config)# monitor session 2
switch(config-monitor)# source vlan 1
switch(config-monitor)#

          Configuring the Description of a SPAN Session

          For ease of reference, you can provide a descriptive name for a SPAN session.

          Procedure
             Command or ActionPurpose
            Step 1switch# configure terminal  

            Enters global configuration mode.

             
            Step 2switch(config) # monitor session session-number 

            Enters monitor configuration mode for the specified SPAN session.

             
            Step 3 switch(config-monitor) # description description
             

            Creates descriptive name for the SPAN session.

             

            The following example shows how to configure a SPAN session description: 

            switch# configure terminal
switch(config) # monitor session 2
switch(config-monitor) # description monitoring ports eth2/2-eth2/4
switch(config-monitor) #

            Activating a SPAN Session

            The default is to keep the session state shut. You can open a session that duplicates packets from sources to destinations.

            Procedure
               Command or ActionPurpose
              Step 1switch# configure terminal  

              Enters global configuration mode.

               
              Step 2 switch(config) # no monitor session {all | session-number} shut
               

              Opens the specified SPAN session or all sessions.

               

              The following example shows how to activate a SPAN session: 

              switch# configure terminal
switch(config) # no monitor session 3 shut

              Suspending a SPAN Session

              By default, the session state is shut.

              Procedure
                 Command or ActionPurpose
                Step 1switch# configure terminal  

                Enters global configuration mode.

                 
                Step 2 switch(config) # monitor session {all | session-number} shut
                 

                Suspends the specified SPAN session or all sessions.

                 

                The following example shows how to suspend a SPAN session: 

                switch# configure terminal
switch(config) # monitor session 3 shut
switch(config) #

                Displaying SPAN Information

                Procedure
                   Command or ActionPurpose
                  Step 1 switch# show monitor [session {all | session-number | range session-range} [brief]]
                   

                  Displays the SPAN configuration.

                   

                  This example shows how to display SPAN session information:

                  switch# show monitor
SESSION  STATE        REASON                  DESCRIPTION
-------  -----------  ----------------------  --------------------------------
2        up           The session is up
3        down         Session suspended
4        down         No hardware resource

                  This example shows how to display SPAN session details:

                  switch# show monitor session 2
   session 2
---------------
type              : local
state             : up
source intf       :

source VLANs      :
    rx            :

destination ports : Eth3/1