Saturday, July 4, 2020

Configuring SPAN on a Cisco Nexus Switch

This is how to configure SPAN (Switch Port Analyzer) on a Cisco Nexus switch.

N5K(config)# show monitor session all
Note: There are no sessions configured

N5K# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
N5K(config)# monitor session  10
N5K(config-monitor)# ?
  description  Session description (max 32 characters)
  destination  Destination configuration
  filter       Filter configuration
  mtu          Set the MTU size for SPAN packets
  no           Negate a command or set its defaults
  shut         Shut a monitor session
  source       Source configuration
  end          Go to exec mode
  exit         Exit from command interpreter
  pop          Pop mode from stack or restore from name
  push         Push current mode to stack or save it under name
  where        Shows the cli context you are in

N5K(config-monitor)# source ?
  interface  Configure interfaces
  vlan       Vlan type
  vsan       Vsan type

N5K(config-monitor)# source interface ?
  ethernet          Ethernet IEEE 802.3z
  fc                Fiber Channel interface
  port-channel      Port Channel interface
  san-port-channel  SAN Port Channel interface
  vfc               Virtual FC interface

N5K(config-monitor)# source interface ethernet 1/30 ?
  <CR>  
  ,      Multi range separator
  -      Range separator
  .      Sub interface separator
  both   Both
  rx     Ingress
  tx     Egress

N5K(config-monitor)# source interface ethernet 1/30 tx ?
  <CR>  

N5K(config-monitor)# source interface ethernet 1/30 tx
N5K(config-monitor)# destination interface ethernet 1/35
N5K(config-monitor)# end
N5K# show monitor session 10
   session 10
---------------
type              : local
state             : down (Session admin shut)
acl-name          : acl-name not specified
source intf       :
    rx            :
    tx            : Eth1/30      
    both          :
source VLANs      :
    rx            :
source VSANs      :
    rx            :
destination ports : Eth1/35      

Legend: f = forwarding enabled, l = learning enabled


N5K(config)# monitor session 10
N5K(config-monitor)# no shutdown

N5K# show run monitor

!Command: show running-config monitor
!Time: Tue Oct  1 01:46:27 2019

version 7.0(1)N1(1)
monitor session 10
  source interface Ethernet1/30 tx
  destination interface Ethernet1/35
  no shut

N5K# show monitor ?
  <CR>     
  >         Redirect it to a file
  >>        Redirect it to a file in append mode
  internal  Commands for internal use
  session   Show session info
  |         Pipe command output to filter

N5K# show monitor

Session  State        Reason                  Description
-------  -----------  ----------------------  --------------------------------
10       down         No operational src/dst 

N5K# show monitor session 10

   session 10
---------------
type              : local
state             : down (No operational src/dst)
acl-name          : acl-name not specified
source intf       :
    rx            :
    tx            : Eth1/30      
    both          :
source VLANs      :
    rx            :
source VSANs      :
    rx            :
destination ports : Eth1/35      

Legend: f = forwarding enabled, l = learning enabled


N5K(config-if)# show run interface e1/30


!Command: show running-config interface Ethernet1/30
!Time: Tue Oct  1 01:51:06 2019

version 7.0(1)N1(1)

interface Ethernet1/30
  switchport mode trunk
  speed 1000
  duplex full


N5K(config-if)# show run interface e1/35


!Command: show running-config interface Ethernet1/35
!Time: Tue Oct  1 01:50:36 2019

version 7.0(1)N1(1)

interface Ethernet1/35
  description ### FREE ###


N5K(config)# configure terminal
N5K(config-if)# interface e1/35

N5K(config-if)# speed ?
  10     10Mb/s
  100    100Mb/s
  1000   1Gb/s
  10000  10Gb/s
  40000  40Gb/s
  auto   Auto negotiate speed

N5K(config-if)# speed 1000

N5K(config-if)# duplex full
N5K(config-if)# switchport mode trunk


N5K# show run int e1/35


!Command: show running-config interface Ethernet1/35
!Time: Tue Oct  1 01:51:58 2019

version 7.0(1)N1(1)

interface Ethernet1/35
  description ### FREE ###
  switchport mode trunk
  speed 1000
  duplex full


N5K# show monitor

Session  State        Reason                  Description
-------  -----------  ----------------------  --------------------------------
10       down         Dst in wrong mode


N5K(config-if)# interface e1/35
N5K(config-if)# switchport ?
  <CR>        
  access       Set access mode characteristics of the interface
  autostate    Include or exclude this port from vlan link up calculation
  block        Block specified outbound traffic for all VLANs
  description  Enter description of maximum 80 characters
  dot1q        Configure dot1q EtherType value
  host         Set port host
  mode         Enter the port mode
  monitor      Configures an interface as span-destination
  monitor      Monitor session related traffic
  priority     CoS Priority parameter
  trunk        Configure trunking parameters on an interface
  voice        Set voice mode characterestics of the interface

N5K(config-if)# switchport monitor


N5K(config-if)# show monitor session all

   session 10
---------------
type              : local
state             : up
acl-name          : acl-name not specified
source intf       :
    rx            :
    tx            : Eth1/30      
    both          :
source VLANs      :
    rx            :
source VSANs      :
    rx            :
destination ports : Eth1/35      

Legend: f = forwarding enabled, l = learning enabled


N5K(config-if)# show run interface e1/35


!Command: show running-config interface Ethernet1/35
!Time: Tue Oct  1 02:48:39 2019

version 7.0(1)N1(1)

interface Ethernet1/35
  description ### FREE ###
  switchport mode trunk
  switchport monitor
  speed 1000
  duplex full

N5K(config-if)# show interface e1/35
Ethernet1/35 is up
 Dedicated Interface
  Hardware: 1000/10000 Ethernet, address: 8c60.4f2b.268a (bia 8c60.4f2b.268a)
  Description: ### FREE ###
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec
  reliability 255/255, txload 4/255, rxload 1/255
  Encapsulation ARPA
  Port mode is trunk
  full-duplex, 1000 Mb/s, media type is 1G
  Beacon is turned off
  Input flow-control is off, output flow-control is off
  Rate mode is dedicated
  Switchport monitor is on
  EtherType is 0x8100
  Last link flapped 00:02:39
  Last clearing of "show interface" counters 00:57:01
  4 interface resets
  30 seconds input rate 0 bits/sec, 0 packets/sec
  30 seconds output rate 3741480 bits/sec, 547 packets/sec
  Load-Interval #2: 5 minute (300 seconds)
    input rate 80 bps, 0 pps; output rate 16.82 Mbps, 2.32 Kpps
  RX
    0 unicast packets  4 multicast packets  57 broadcast packets
    61 input packets  15360 bytes
    0 jumbo packets  0 storm suppression bytes
    0 runts  0 giants  0 CRC  0 no buffer
    0 input error  0 short frame  0 overrun   0 underrun  0 ignored
    0 watchdog  0 bad etype drop  0 bad proto drop  0 if down drop
    0 input with dribble  0 input discard
    0 Rx pause
  TX
    9230721 unicast packets  58953 multicast packets  13734 broadcast packets
    9303408 output packets  7566100980 bytes
    341 jumbo packets
    0 output error  0 collision  0 deferred  0 late collision
    0 lost carrier  0 no carrier  0 babble 0 output discard
    0 Tx pause


N5K# show run monitor

!Command: show running-config monitor
!Time: Tue Oct  1 05:24:29 2019

version 7.0(1)N1(1)
monitor session 10
  source interface Ethernet1/30 tx
  destination interface Ethernet1/35
  no shut

N5K(config)# no monitor session 10
N5K(config)# show run monitor

!Command: show running-config monitor
!Time: Tue Oct  1 05:24:41 2019

version 7.0(1)N1(1)