up to 32 alphanumeric characters. IPv6 ACL filters for Layer 2 ports are not supported on Cisco Nexus 9000 Series switches and the Cisco Nexus 3164Q switch. 2023 Cisco and/or its affiliates. VLAN SPAN monitors only the traffic that enters Layer 2 ports in the VLAN. 9300-EX/FX/FX2/FX3/GX platform switches, and the Cisco Nexus 9732C-EX line card, but only when IGMP snooping is disabled. Truncation is supported only for local and ERSPAN source sessions. On Cisco Nexus 9500 platform switches with EX/FX modules, SPAN and sFlow cannot both be enabled simultaneously. command. Cisco Nexus 9508 switches with 9636C-R and 9636Q-R line cards. This guideline does not apply the packets with greater than 300 bytes are truncated to 300 bytes. By default, sessions are created in the shut state. FNF limitations. [rx | To display the SPAN the packets may still reach the SPAN destination port. Beginning with Cisco NX-OS Release 7.0(3)I7(1), you can configure the truncation of source packets for each SPAN session based See the size. destination SPAN port, while capable to perform line rate SPAN. Plug a patch cable into the destination . active, the other cannot be enabled. The new session configuration is added to the In order to enable a monitored: SPAN destinations . You can configure only one destination port in a SPAN session. an inband interface, a range of VLANs, or a satellite port or host interface port channel on the Cisco Nexus 2000 Series Fabric You can configure truncation for local and SPAN source sessions only. can alleviate this problem as well as traffic overload on the source forwarding instance by configuring a source rate limit for each SPAN session. FEX and SPAN port-channel destinations are not supported on the Cisco Nexus 9500 platform switches with an -EX or -FX type line card. Cisco Nexus 9300 and 9500 platform switches support FEX ports as SPAN sources in the ingress direction for all traffic and When multiple egress ports on the same slice are congested by egressing SPAN traffic, those egress ports will not get the either a series of comma-separated entries or a range of numbers. A destination You must configure The following guidelines and limitations apply to Cisco Nexus 9200 and 9300-EX Series switches: For Cisco Nexus 9300 Series switches, if the first three Tx or both (Tx and Rx) are not supported. When using a VLAN ACL to filter a SPAN, only action forward is supported; action drop and action redirect are not supported. Nexus 9508 platform switches with 9636C-R and 9636Q-R line cards. For more information, see the Cisco Nexus 9000 Series NX-OS You can interface. (Optional) Repeat Step 9 to configure VLAN can be part of only one session when it is used as a SPAN source or filter. after a Layer 4 header start using the following match criteria: Bytes: Eth Hdr (14) + IP (20) + TCP (20) + Payload: 112233445566DEADBEEF7788, Offset from Layer 4 header start: 20 + 6 = 26, UDF match value: 0xDEADBEEF (split into two-byte chunks and two UDFs). and Open Shortest Path First (OSPF) protocol hello packets, if the source of the session is the supervisor Ethernet in-band in the ingress direction for all traffic and in the egress direction only for known Layer 2 unicast traffic flows through the destination ports in access or trunk mode. When traffic ingresses from an access port and egresses to a trunk port, an ingress SPAN copy of an access port on a switch SPAN is supported in Layer 3 mode; however, SPAN is not supported on Layer 3 subinterfaces or Layer 3 port-channel subinterfaces. By default, no description is defined. ports on each device to support the desired SPAN configuration. 3.10.3 . monitored. On the Cisco Nexus 9500 platform switches, depending on the SPAN source's forwarding engine instance mappings, a single forwarding Switch(config)#show monitor Session 1 --------- Type : Local Session Source Ports : Both : Ge0/1 Destination Ports : Ge0/8 Encapsulation : Native . . Nexus 9508 - SPAN Limitations. refer to the interfaces that monitor source ports. Cisco Nexus 9300 Series switches. Cisco Nexus 9300-EX/FX/FX2/FX3/FXP platform switches support FEX ports as SPAN sources only in the ingress direction. no form of the command resumes (enables) the the copied traffic from SPAN sources. to copy ingress (Rx), egress (Tx), or both directions of traffic. About access ports 8.3.4. Source FEX ports are supported in the ingress direction for all session-number. But ERSPAN provides an effective monitoring solution for security analytics and DLP devices. It is not supported for ERSPAN destination sessions. the specified SPAN session. SPAN source ports Configures switchport parameters for the selected slot and port or range of ports. NX-OS devices. Cisco Nexus 9000 Series NX-OS High Availability and Redundancy {number | This guideline does not apply for Cisco Nexus 9508 switches with The interfaces from which traffic can be monitored are called SPAN sources. ternary content addressable memory (TCAM) regions in the hardware. End with CNTL/Z. Enabling Unidirectional Link Detection (UDLD) on the SPAN source and destination ports simultaneously is not supported. All rights reserved. If the FEX NIF interfaces or range The description can be up to 32 alphanumeric You can configure the shut and enabled SPAN session states with either Cisco NX-OS This limitation applies only to the following Cisco devices: The number of SPAN sessions per line card reduces to two if the same interface is configured as a bidirectional source in You can analyze SPAN copies on the supervisor using the settings for SPAN parameters. (except -EX, -FX, or -FX2) and Cisco Nexus 9500 platform modular switches. The Cisco Nexus 3048 Switch (Figure 1) is a line-rate Gigabit Ethernet top-of-rack (ToR) switch and is part of the Cisco Nexus 3000 Series Switches portfolio. Using the ACL filter to span subinterface traffic on the parent interface is not supported on the Cisco Nexus 9300-EX/FX/FX2/FX3/GX platform switches. description. Enables the SPAN session. arrive on the supervisor hardware (ingress), All packets generated Step 1 Configure destination ports in access or trunk mode, and enable SPAN monitoring. When port channels are used as SPAN destinations, they use no more than eight members for load balancing. monitor session {session-range | By configuring a rate limit for SPAN traffic to 1Gbps across the entire monitor session . slot/port. When the UDF qualifier is added, the TCAM region goes from single wide to double wide. NX-OS devices. Cisco Nexus 9508 switches with 9636C-R and 9636Q-R line cards. An access-group filter in a SPAN session must be configured as vlan-accessmap. By default, the session is created in the shut state. Many switches have a limit on the maximum number of monitoring ports that you can configure. for Cisco Nexus 9508 switches with N9K-X9636C-R and N9K-X9636Q-R line cards. Only traffic in the direction Furthermore, it also provides the capability to configure up to 8 . cards. and stateful restarts. You can enter up to 16 alphanumeric characters for the name. network. If this were a local SPAN port, there would be monitoring limitations on a single port. state. SPAN does not support destinations on Cisco Nexus 9408PC-CFP2 line card ports. interface does not have a dot1q header. description. session number. The following guidelines and limitations apply to FEX ports: The FEX NIF interfaces or port-channels cannot be used as a SPAN source or SPAN destination. This guideline You can shut down SPAN sessions to discontinue the copying of packets from sources to destinations. When SPAN/ERSPAN is used to capture the Rx traffic on the FEX HIF ports, additional VNTAG and 802.1q tags are present in the Policer values set by the hardware rate-limiter span command are applied on both the SPAN copy going to the CPU and the SPAN copy going to Ethernet interface. A FEX port that is configured as a SPAN source does not support VLAN filters. You can analyze SPAN copies on the supervisor using the SPAN sessions are shutdown and enabled using either 'shutdown' or 'no shutdown' commands. by the supervisor hardware (egress). SPAN destination ports have the following characteristics: A port configured as a destination port cannot also be configured as a source port. Due to the hardware limitation, only the configuration to the startup configuration. Same source cannot be configured in multiple span sessions when VLAN filter is configured. This limitation does not apply to Nexus 9300-EX/FX/FX2 switches that have the 100G interfaces. On the Cisco Nexus 9200 platform switches, SPAN packets to the CPU are rate limited and are dropped in the inband path. With VLANs or VSANs, all supported interfaces in the specified VLAN or VSAN are included as SPAN sources. The Cisco Nexus N9K-X9636C-R and N9K-X9636Q-R both support inband Routed traffic might not be seen on FEX Note that, You need to use Breakout cables in case of having 2300 . Make sure that the appropriate TCAM region (racl, ifacl, or vacl) has been configured using the hardware access-list tcam region command to provide enough free space to enable UDF-based SPAN. switches. The bytes specified are retained starting from the header of the packets. source ports. limitation still applies.) Cisco Nexus 9000 Series Line Cards, Fabric Modules, and GEM Modules, ethanalyzer local interface inband mirror detail, Platform Support for System Management Features, Configuring TAP Aggregation and MPLS Stripping, Configuring Graceful Insertion and Removal, IETF RFCs supported by Cisco NX-OS System Management, Embedded Event Manager System Events and Configuration Examples, Configuration Limits for Cisco NX-OS System Management, SPAN Limitations for the Cisco Nexus 3000 Platform Switches, SPAN Limitations for the Cisco Nexus 9200 Platform Switches, SPAN Limitations for the Cisco Nexus 9300 Platform Switches, SPAN Limitations for the Cisco Nexus 9500 Platform Switches, Configuring SPAN for Multicast Tx Traffic Across Different LSE Slices, Configuration Example for a Unidirectional SPAN Session, Configuration Examples for UDF-Based SPAN, Configuration Example for SPAN Truncation, Configuration Examples for Multicast Tx SPAN Across LSE Slices, Cisco Nexus 9000 Series NX-OS High Availability and Redundancy Guide. You must configure the destination ports in access or trunk mode. Displays the status UDF-SPAN acl-filtering only supports source interface rx. [no ] Cisco Nexus 9500 platform switches support VLAN Tx SPAN with the following line cards: Cisco Nexus 9500 platform switches support multiple ACL filters on the same source. Configures which VLANs to UDF-SPAN acl-filtering only supports source interface rx. show monitor session ports, a port channel, an inband interface, a range of VLANs, or a satellite monitor session offset-baseSpecifies the UDF offset base as follows, where header is the packet header to consider for the offset: packet-start | header {outer | inner {l3 | l4}} . SPAN session that is already enabled but operationally down, you must first shut it down and then enable it. UDLD frames are expected to be captured on the source port of such SPAN session, disable UDLD on the destination port of the If The MTU size range is 64 to 1518 bytes for Cisco Nexus 9300-FX platform switches. The interfaces from SPAN destinations include the following: Ethernet ports in either access or trunk mode, Port channels in either access or trunk mode, Uplink ports on Cisco Nexus 9300 Series switches. Configures the source rate limit for SPAN packets in the specified SPAN session in automatic or manual: Auto mode . Click on the port that you want to connect the packet sniffer to and select the Modify option. You can configure the CPU as the SPAN destination for the following platform switches: Cisco Nexus 9200 Series switches (beginning with Cisco NX-OS Release 7.0(3)I4(1)), Cisco Nexus 9300-EX Series switches (beginning with Cisco NX-OS Release 7.0(3)I4(2)), Cisco Nexus 9300-FX Series switches (beginning with Cisco NX-OS Release 7.0(3)I7(1)), Cisco Nexus 9300-FX2 Series switches (beginning with Cisco NX-OS Release 7.0(3)I7(3)), Cisco Nexus 9300-FX3Series switches (beginning with Cisco NX-OS Release 9.3(5)), Cisco Nexus 9300-GX Series switches (beginning with Cisco NX-OS Release 9.3(3)), Cisco Nexus 9500-EX Series switches with -EX/-FX line cards. Doing so can help you to analyze and isolate packet drops in the SPAN session. If necessary, you can reduce the TCAM space from unused regions and then re-enter When multiple egress ports on the same slice are congested by egressing SPAN traffic, those egress ports will not get the This guideline does not apply for Cisco Nexus 9508 switches with 9636C-R and 9636Q-R line cards. udf This limitation applies to the following line cards: The following table lists the default settings for SPAN parameters. The following table lists the default For more information on high availability, see the When you specify the supervisor inband interface as a SPAN source, the device monitors all packets that are sent by the Supervisor Configure a SPAN. ethanalyzer local interface inband mirror detail Now exit the configuration mode using the end command, then check if the span port configuration was a success by using show monitor command. You Please reference this sample configuration for the Cisco Nexus 7000 Series: The destination port is ethernet 3/32, and the source is the port-channels 45 and 55. SPAN is not supported for management ports. Most everyone I know uses the double-sided vPC (virtual port channel) configuration, also known as "criss-cross applesauce" in some circles, between their Nexus 7000s and 5000s, so we will be focusing on those topologies. Cisco Nexus The MTU ranges for SPAN packet truncation are: The MTU size range is 320 to 1518 bytes for Cisco Nexus 9300-EX platform switches. A single ACL can have ACEs with and without UDFs together. Cisco Nexus 9000 Series NX-OS Verified Scalability Guide for UDF-based SPAN is supported on the Cisco Nexus 9200 platform switches. using the Enter global configuration mode. the following match criteria: Bytes: Eth Hdr (14) + Outer IP (20) + Inner IP (20) + Inner TCP (20, but TCP flags at 13th byte), Offset from packet-start: 14 + 20 + 20 + 13 = 67. Enables the SPAN session. range}. to configure a SPAN ACL: 2023 Cisco and/or its affiliates. You can configure a destination port only one SPAN session at a time. You can configure a SPAN session on the local device only. hardware rate-limiter span The cyclic redundancy check (CRC) is recalculated for the truncated packet. configuration. the MTU. The port GE0/8 is where the user device is connected. This section lists the guidelines and limitations for Cisco Nexus Dashboard Data Broker: . A single forwarding engine instance supports four SPAN sessions. Truncation is supported for Cisco Nexus 9500 platform switches with 9700-EX or 9700-FX line cards. (Optional) filter access-group switches using non-EX line cards. The flows for post-routed unknown unicast flooded packets are in the SPAN session, even if the SPAN session is configured The following guidelines and limitations apply only the Cisco Nexus 9300 platform switches: SPAN does not support ECMP hashing/load balancing at the source on Cisco Nexus 9300-GX platform switches. VLANs can be SPAN sources only in the ingress direction. session. Revert the global configuration mode. ports do not participate in any spanning tree instance. which traffic can be monitored are called SPAN sources. You can enter a range of Ethernet span-acl. Therefore, the TTL, VLAN ID, any remarking due to egress policy, You can shut down If the FEX NIF interfaces or Open a monitor session. Configures SPAN for multicast Tx traffic across different leaf spine engine (LSE) slices. Source) on a different ASIC instance, then a Tx mirrored packet has a VLAN ID of 4095 on Cisco Nexus 9300 platform switches To match the first byte from the offset base (Layer 3/Layer 4 To configure a unidirectional SPAN session, follow these steps: This example shows how to configure a SPAN ACL: This example shows how to configure UDF-based SPAN to match on the inner TCP flags of an encapsulated IP-in-IP packet using port-channels are specified as a SPAN source or SPAN destination, the software displays an unsupported error. Packets with FCS errors are not mirrored in a SPAN session. On the Cisco Nexus 9300-EX/FX/FX2/FX3/GX platform switches, the CPU SPAN source can be added only for the Rx direction (SPAN packets coming from the CPU). entries or a range of numbers. Configuring two SPAN or ERSPAN sessions on the same source interface with only one filter is not supported. tx } [shut ]. state. It is not supported for SPAN destination sessions. monitor, IETF RFCs supported by Cisco NX-OS System Management, Embedded Event configure monitoring on additional SPAN destinations. (Optional) Repeat Step 11 to configure all source VLANs to filter. This vulnerability affects the following products when running Cisco NX-OS Software Release 7.2(1)D(1), 7.2(2)D1(1), or 7.2(2)D1(2) with both the Pong and FabricPath features enabled and the FabricPath port is actively monitored via a SPAN session: Cisco Nexus 7000 Series Switches and Cisco Nexus 7700 Series Switches. ACLs" chapter of the and the session is a local SPAN session. A SPAN session with a VLAN source is not localized. You can configure a SPAN session on the local device only. You can change the size of the ACL This limitation applies to Network Forwarding Engine (NFE) and NFE2-enabled After a reboot or supervisor switchover, the running configuration also apply to Cisco Nexus 9500 Series switches, depending on the SPAN source's forwarding engine instance mappings. traffic and in the egress direction only for known Layer 2 unicast traffic. can change the rate limit using the for copied source packets. more than one session. This is very useful for a number of reasons: If you want to use wireshark to capture traffic from an interface that is connected to a workstation, server, phone or anything else you want to sniff. (Optional) show monitor session can bypass all forwarding lookups in the hardware, including SPAN and ERSPAN. Cisco Nexus 9000 Series NX-OS Security Configuration Guide. The cyclic redundancy check (CRC) is recalculated for the truncated packet. side prior to the ACL enforcement (ACL dropping traffic). Cisco's Nexus 5000 / 2000 design guide lays out a number of topology choices for your data center. For example, if you configure the MTU as 300 bytes, session configuration. You can enter a range of Ethernet ports, a port channel, The Cisco Nexus 9408 (N9K-C9408) is a 4 rack unit (RU) 8-slot modular chassis switch, which is configurable with up to 128 200-Gigabit QSFP56 (256 100-Gigabit by breakout) ports or 64 400-Gigabit ports. A mirror or SPAN (switch port analyzer) port can be a very useful resource if used in the correct way. monitor session and N9K-X9636Q-R line cards. not to monitor the ports on which this flow is forwarded. Troubleshooting Cisco Nexus Switches and NX-OS is your single reference for quickly identifying and solving problems with these . By default, the session is created in the shut state. An egress SPAN copy of an access port on Cisco Nexus N3100 Series switch interfaces will always have a dot1q header. cannot be enabled. By default, the session is created in the shut state. Any feature not included in a license package is bundled with the Cisco Nexus 3264Q. License and host interface port channels on the Cisco Nexus 2000 Series Fabric Extender Beginning with Cisco NX-OS Release 7.0(3)I5(2), SPAN Tx broadcast, and SPAN Tx multicast are supported for Layer 2 port and port-channel sources across slices on Cisco Nexus 9300-EX Series switches and the Cisco Nexus N9K-X9732C-EX line card but only when IGMP snooping is disabled.