Cisco Nexus 9300 and 9500 platform switches support FEX ports as SPAN sources in the ingress direction for all traffic and . to configure a SPAN ACL: 2023 Cisco and/or its affiliates. Enters the monitor configuration mode. session-number[rx | tx] [shut]. For more information on high availability, see the command. This example shows how When a single traffic flow is spanned to the CPU (Rx SPAN) and an Ethernet port (Tx SPAN), both the SPAN copies are policed. The interfaces from On the Cisco Nexus 9300-EX/FX/FX2/FX3/GX platform switches, SPAN packets to the CPU are rate limited and are dropped in the inband path. Rx SPAN is supported. hardware access-list tcam region span-sflow 256 ! This guideline does not apply for Cisco Nexus This limitation applies to Network Forwarding Engine (NFE) and NFE2-enabled SPAN sources include the following: The inband interface to the control plane CPU. session and port source session, two copies are needed at two destination ports. SPAN destination In order to enable a switches. This limit is often a maximum of two monitoring ports. Cisco Nexus 9300 platform switches (excluding Cisco Nexus 9300-EX/FX/FX2/FX3/FXP switches) support FEX ports as SPAN sources can bypass all forwarding lookups in the hardware, including SPAN and ERSPAN. This guideline does not apply for Cisco Nexus range}. You can define the sources and destinations to monitor in a SPAN session select from the configured sources. cards. Your UDF configuration is effective only after you enter copy running-config startup-config + reload. switches using non-EX line cards. VLANs can be SPAN sources in the ingress and egress direction on Cisco Nexus 9508 switches with 9636C-R and 9636Q-R line cards. destination interface and SPAN can both be enabled simultaneously, providing a viable alternative to using sFlow and SPAN. When traffic ingresses from an access port and egresses to an access port, an ingress/egress SPAN copy of an access port on The rest are truncated if the packet is longer than SPAN is not supported for management ports. SPAN. Enables the SPAN session. IPv6 ACL filters for Layer 2 ports are not supported on Cisco Nexus 9000 Series switches and the Cisco Nexus 3164Q switch. Select the Smartports option in the CNA menu. udf-nameSpecifies the name of the UDF. monitor session SPAN session. on the local device. active, the other cannot be enabled. in the egress direction only for known Layer 2 unicast traffic flows through the switch and FEX. You must configure Note: Priority flow control is disabled when the port is configured as a SPAN destination. type A FEX port that is configured as a SPAN source does not support VLAN filters. When you specify a VLAN as a SPAN source, all supported interfaces in the VLAN are SPAN sources. To configure the device. This example shows how to configure UDF-based SPAN to match regular IP packets with a packet signature (DEADBEEF) at 6 bytes This limitation applies only to the following Cisco devices: The number of SPAN sessions per line card reduces to two if the same interface is configured as a bidirectional source in Interfaces Configuration Guide. A SPAN session with a VLAN source is not localized. For a unidirectional session, the direction of the source must match the direction specified in the session. enabled but operationally down, you must first shut it down and then enable it. Configuring MTU on a SPAN session truncates all packets egressing on the SPAN destination (for that session) to the MTU value This applies to all switches except Cisco Nexus 9300-EX/-FX/-FX2/-FX3/-GX platform switches, and Cisco Nexus 9500 series platform switches with -EX/-FX line cards. Cisco NX-OS Cisco Nexus 3232C. existing session configuration. SPAN is not supported for management ports. The Cisco Nexus N9K-X9636C-R and N9K-X9636Q-R both support inband Customers Also Viewed These Support Documents. acl-filter, destination interface port. Cisco Nexus 9000 Series NX-OS Interfaces Configuration can bypass all forwarding lookups in the hardware, including SPAN and ERSPAN. the packets may still reach the SPAN destination port. A destination 2023 Cisco and/or its affiliates. NX-OS devices. You can configure a Cisco Nexus 9200 Series Switch 3.1 or later Tap/SPAN aggregation Cisco Nexus 9300 Series Switch 3.0 or later Tap/SPAN aggregation SPAN sessions to discontinue the copying of packets from sources to The new session configuration is added to the existing session configuration. analyzer attached to it. monitor session (Optional) show monitor session {all | session-number | range traffic and in the egress direction only for known Layer 2 unicast traffic. Shuts Log into the switch through the CNA interface. The number of SPAN sessions per line card reduces to two if the same interface is configured as a bidirectional source in Guidelines and Limitations for SPAN; Creating or Deleting a SPAN Session; . Make sure that the appropriate TCAM region (racl, ifacl, or vacl) has been configured using the hardware access-list tcam region command to provide enough free space to enable UDF-based SPAN. configure one or more sources, as either a series of comma-separated entries or Nexus 9508 - SPAN Limitations. be on the same leaf spine engine (LSE). Cisco Nexus 9000 Series NX-OS High Availability and Redundancy Configures SPAN for multicast Tx traffic across different leaf spine engine (LSE) slices. A port can act as the destination port for only one SPAN session. configuration to the startup configuration. An egress SPAN copy of an access port on a switch interface will always have a dot1q header. After a reboot or supervisor switchover, the running The optional keyword shut specifies a designate sources and destinations to monitor. About trunk ports 8.3.2. UDF-based SPAN is supported on the Cisco Nexus 9300-EX/FX/FX2/FX3/GX platform switches. Associates an ACL with the A port cannot be configured as a destination port if it is a source port of a span session or part of source VLAN. If SPAN is mirroring the traffic which ingresses on an interface in an ASIC instance and egresses on a Layer 3 interface (SPAN state for the selected session. limitation still applies.) no monitor session Configures the source rate limit for SPAN packets in the specified SPAN session in automatic or manual: Auto mode . configure monitoring on additional SPAN destinations. This chapter contains the following sections: SPAN analyzes all traffic between source ports by directing the SPAN For type Policer values set by the hardware rate-limiter span command are applied on both the SPAN copy going to the CPU and the SPAN copy going to Ethernet interface. The MTU size range is 320 to 1518 bytes for Cisco Nexus 9500 platform switches with 9700-EX and 9700-FX line cards. shut state for the selected session. You must first configure the "This limitation might also apply to Cisco Nexus 9500 Series switches, depending on the SPAN or ERSPAN source's forwarding engine instance mappings.". On Cisco Nexus 9300-EX/FX platform switches, SPAN and sFlow cannot both be enabled simultaneously. Note: . show monitor session udf-name offset-base offset length. using the Cisco Nexus Some examples of this behavior on source ports are as follows: SPAN sessions cannot capture packets with broadcast or multicast MAC addresses that reach the supervisor, such as ARP requests The following guidelines apply to SPAN copies of access port dot1q headers: When traffic ingresses from a trunk port and egresses to an access port, an egress SPAN copy of an access port on a switch Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 6.x, View with Adobe Reader on a variety of devices. The flows for post-routed unknown unicast flooded packets are in the SPAN session, even if the SPAN session is configured the following match criteria: Bytes: Eth Hdr (14) + Outer IP (20) + Inner IP (20) + Inner TCP (20, but TCP flags at 13th byte), Offset from packet-start: 14 + 20 + 20 + 13 = 67. Any SPAN packet that is larger than the configured MTU size is truncated to the configured engine (LSE) slices on Cisco Nexus 9300-EX platform switches. more than one session. You can configure only one destination port in a SPAN session. You can change the size of the ACL (Optional) filter vlan {number | information on the number of supported SPAN sessions. The optional keyword shut specifies a shut For more information, see the The new session configuration is added to the existing session configuration. Source VLANs are supported only in the ingress direction. Tx SPAN of CPU-generated packets is not supported on Cisco Nexus 9200 platform switches. information, see the either a series of comma-separated entries or a range of numbers.