Cisco NX-OS/IOS SPAN Comparison

From DocWiki

(Difference between revisions)
Jump to: navigation, search
Line 12: Line 12:
In Cisco NX-OS:
In Cisco NX-OS:
-
* Only Local SPAN is supported.
+
* Local SPAN and Encapsulated Remote SPAN (ERSPAN) are supported.
* Remote SPAN (RSPAN) VLANs can be configured only as SPAN sources.
* Remote SPAN (RSPAN) VLANs can be configured only as SPAN sources.
-
* 18 monitor sessions can be configured. Only two sessions can be active simultaneously.
+
* 48 monitor sessions can be configured. Only 2 SPAN sessions (SPAN, ERSPAN source) sessions can be active simultaneously (23 ERSPAN destination sessions can be active simultaneously).
* Cisco NX-OS uses a hierarchical configuration based on the '''monitor session '''''<#>'' command, whereas Cisco IOS Software has the option for flat for hierarchical configuration in Cisco IOS Software Release 12.2(18)SXH and later.
* Cisco NX-OS uses a hierarchical configuration based on the '''monitor session '''''<#>'' command, whereas Cisco IOS Software has the option for flat for hierarchical configuration in Cisco IOS Software Release 12.2(18)SXH and later.
* A single SPAN session can include mixed sources (Ethernet ports, Ethernet Port-Channels, RSPAN sources, VLANs, and the CPU control-plane interface).
* A single SPAN session can include mixed sources (Ethernet ports, Ethernet Port-Channels, RSPAN sources, VLANs, and the CPU control-plane interface).
-
* Destination SPAN ports must be configured as Layer 2 ports with the '''switchport '''command.
+
* Destination SPAN interfaces must be configured as a layer-2 interface with the '''switchport''' and the '''switchport monitor''' interface commands.
-
* Destination SPAN ports require the '''switchport monitor''' interface configuration command.
+
* The SPAN feature supports stateless and stateful process restarts.
-
* The SPAN feature supports stateful and stateless process restarts.
+
Line 27: Line 26:
The following list provides some additional facts about Cisco NX-OS that should be helpful when configuring the SPAN feature.
The following list provides some additional facts about Cisco NX-OS that should be helpful when configuring the SPAN feature.
-
* Two active SPAN sessions are supported for all virtual device contexts (VDCs).
+
* Two active sessions are supported for all virtual device contexts (VDCs).
 +
* 128 source interfaces can be configured per session.
 +
* 32 source VLANs can be configured per session.
 +
* 32 destination interfaces can be configured per session.
* Monitor sessions are disabled by default. They can be enabled with the '''no shut''' command.
* Monitor sessions are disabled by default. They can be enabled with the '''no shut''' command.
 +
* An active SPAN session uses hardware resources and should always be disabled with the <b>shut</b> command when monitoring is not required.
 +
* The supervisor module management interface (<b>mgmt0</b>) cannot be configured as a SPAN source or destination interface.
 +
* An interface cannot be configured as both a source and destination interface.
 +
* An Ethernet sub-interface cannot be configured as a source or destination interface.
 +
* The in-band control-plane interface to the CPU can be monitored only from the default VDC. (All traffic to and from the CPU for all VDC's is visible.)
* The source traffic direction can be configured as '''rx''', '''tx''', or '''both'''. The default is '''both'''.
* The source traffic direction can be configured as '''rx''', '''tx''', or '''both'''. The default is '''both'''.
-
* When a VLAN is specified as the source, traffic to and from the Layer 2 ports in the specified VLAN are sent to the destination.
+
* When a VLAN is specified as a source, traffic to and from the layer-2 physical interfaces associated to the specified VLAN are sent to the SPAN destination (Ingress and egress traffic between SVI/VLANs are not captured if the traffic does not go in our out a physical interface).
-
* The in-band control-plane interface to the CPU can be monitored only from the default VDC. (All VDC traffic is visible.)
+
* By default, SPAN does not copy the IEEE 802.1q tag from trunk source interfaces.
-
* By default, SPAN does not copy the IEEE 802.1q tag from trunk sources.
+
* A destination interface can be configured in <b>switchport access</b> or <b>switchport trunk</b> mode. (Trunk mode allows you to tag traffic toward a destination or to perform destination VLAN filtering.)
-
* A destination port can be configured in switchport access or trunk mode. (Trunk mode allows you to tag traffic toward a destination or to perform destination VLAN filtering.)
+
* A destination interface does not participate in a spanning-tree instance.
-
* A destination port does not participate in a spanning-tree instance.
+
* A destination interface can be configured with the <b>switchport monitor ingress</b> interface command to allow the destination device (IE: IDS) to disrupt packet flows.
* A destination port can be configured in only one SPAN session at a time.
* A destination port can be configured in only one SPAN session at a time.
-
* A port cannot be configured as both a source and destination port.
+
* ERSPAN is VRF aware.  The <b>vrf</b> command can be configured under the monitor session to specify which VRF instance the source and destination addresses belong too.
-
* 128 source interfaces can be configured per session.
+
* ERSPAN uses the <b>erspan-id <i><#></i></b> monitor session command to associate the source and destination ERSPAN monitors sessions.
-
* 32 source VLANs can be configured per session.
+
* An ERSPAN source can be configured with an extended ACL to preserve bandwidth by filtering unwanted traffic prior to sending the interesting traffic to the remote destination.
-
* 2 destination interfaces can be configured per session.
+
 
<font size = "3">'''Configuration Comparison'''</font>
<font size = "3">'''Configuration Comparison'''</font>
-
The following sample code shows the configuration similarities and differences between the Cisco NX-OS and Cisco IOS Software command-line interfaces (CLIs). The Cisco IOS Software syntax shown here is from Cisco IOS Software Release 12.2(18)SXH, so its hierarchy is similar to that of as the Cisco NX-OS. Older versions of Cisco IOS Software support only a flat configuration.
+
The following sample code shows the configuration similarities and differences between the Cisco NX-OS and Cisco IOS Software command-line interfaces (CLIs). The Cisco IOS Software syntax shown here is from Cisco IOS Software Release 12.2(18)SXH, so its hierarchy is similar to the Cisco NX-OS Software. Older versions of Cisco IOS Software only support a flat configuration.
Line 56: Line 63:
{| border="0" cellpadding="2" cellspacing="6"
{| border="0" cellpadding="2" cellspacing="6"
!width="475" align="left" style="background:#ED9121;" |<font color="white">'''Cisco IOS Software does not require any destination port configuration.'''
!width="475" align="left" style="background:#ED9121;" |<font color="white">'''Cisco IOS Software does not require any destination port configuration.'''
-
!width="475" align="left" style="background:#99CCFF;" |'''interface Ethernet2/2
+
!width="475" align="left" style="background:#99CCFF;" |'''interface ethernet 2/2
switchport
switchport
Line 68: Line 75:
!width="475" align="left" style="background:#ED9121;" |<font color="white">'''monitor session 1 type local
!width="475" align="left" style="background:#ED9121;" |<font color="white">'''monitor session 1 type local
   
   
-
destination interface Gi2/2 ingress learning'''
+
destination interface gigabitethernet2/2 ingress learning'''
-
!width="475" align="left" style="background:#99CCFF;" |'''interface Ethernet2/2
+
!width="475" align="left" style="background:#99CCFF;" |'''interface ethernet 2/2
switchport
switchport
Line 81: Line 88:
!width="475" align="left" style="background:#ED9121;" |<font color="white">'''monitor session 1 type local
!width="475" align="left" style="background:#ED9121;" |<font color="white">'''monitor session 1 type local
   
   
-
source interface Gi2/1
+
source interface gigabitethernet 2/1
   
   
-
destination interface Gi2/2'''
+
destination interface gigabitethernet 2/2
 +
 
 +
no shutdown'''
!width="475" align="left" style="background:#99CCFF;" |'''monitor session 1
!width="475" align="left" style="background:#99CCFF;" |'''monitor session 1
-
source interface Ethernet2/1 both
+
source interface ethernet 2/1 both
-
destination interface Ethernet2/2
+
destination interface ethernet 2/2
    
    
no shut'''
no shut'''
Line 98: Line 107:
!width="475" align="left" style="background:#ED9121;" |<font color="white">'''monitor session 1 type local
!width="475" align="left" style="background:#ED9121;" |<font color="white">'''monitor session 1 type local
   
   
-
source vlan 10 , 20
+
source vlan 10 , 20 both
-
destination interface Gi2/2'''
+
destination interface gigabitethernet 2/2
 +
 
 +
no shutdown'''
!width="475" align="left" style="background:#99CCFF;" |'''monitor session 1
!width="475" align="left" style="background:#99CCFF;" |'''monitor session 1
    
    
source vlan 10,20 both
source vlan 10,20 both
    
    
-
destination interface Ethernet2/2
+
destination interface ethernet 2/2
    
    
no shut'''
no shut'''
Line 113: Line 124:
|-
|-
{| border="0" cellpadding="2" cellspacing="6"
{| border="0" cellpadding="2" cellspacing="6"
-
!width="475" align="left" style="background:#ED9121;" |<font color="white">'''interface GigabitEthernet2/1
+
!width="475" align="left" style="background:#ED9121;" |<font color="white">'''interface gigabitethernet 2/1
switchport
switchport
Line 127: Line 138:
filter vlan 15 - 20
filter vlan 15 - 20
-
source interface Gi2/1
+
source interface gigabitethernet 2/1
-
destination interface Gi2/1
+
destination interface gigabitethernet 2/1
no shutdown'''
no shutdown'''
-
!width="475" align="left" style="background:#99CCFF;" |'''interface Ethernet2/1
+
!width="475" align="left" style="background:#99CCFF;" |'''interface ethernet 2/1
   
   
switchport
switchport
Line 144: Line 155:
monitor session 1
monitor session 1
    
    
-
source interface Ethernet2/1 both
+
source interface ethernet 2/1 both
    
    
-
destination interface Ethernet2/2
+
destination interface ethernet 2/2
    
    
filter vlan 15-20
filter vlan 15-20
Line 160: Line 171:
source cpu rp rx
source cpu rp rx
   
   
-
destination interface Gi2/2
+
destination interface gigabitethernet 2/2
   
   
no shutdown'''
no shutdown'''
Line 167: Line 178:
source interface sup-eth0 rx
source interface sup-eth0 rx
    
    
-
destination interface Ethernet2/2
+
destination interface ethernet 2/2
    
    
no shut'''
no shut'''
|-
|-
 +
{| border="0" cellpadding="2" cellspacing="6"
 +
|<font size = "3">'''Configuring an ERSPAN Monitor (Source)'''</font>
 +
|-
 +
{| border="0" cellpadding="2" cellspacing="6"
 +
!width="475" align="left" style="background:#ED9121;" |<font color="white">monitor session 1 type erspan-source
 +
 +
source interface gigabitethernet 2/2
 +
 +
destination
 +
 +
ip address 192.168.2.1
 +
 +
origin ip address 192.168.1.1
 +
 +
erspan-id 1
 +
 +
no shutdown'''
 +
!width="475" align="left" style="background:#99CCFF;" |'''monitor erspan origin ip-address 192.168.1.1 global
 +
 +
 +
monitor session 1 type erspan-source
 +
 +
destination ip 192.168.2.1
 +
 +
erspan-id 1
 +
 +
vrf default
 +
 +
source interface ethernet 1/26 both
 +
 +
no shut'''
 +
|-
 +
{| border="0" cellpadding="2" cellspacing="6"
 +
|<font size = "3">'''Configuring an ERSPAN Monitor (Destination)'''</font>
 +
|-
 +
{| border="0" cellpadding="2" cellspacing="6"
 +
!width="475" align="left" style="background:#ED9121;" |<font color="white">monitor session 1 type erspan-destination
 +
 +
destination interface gigabitethernet 1/26
 +
 +
source
 +
 +
ip address 192.168.2.1
 +
 +
erspan-d 1
 +
 +
no shutdown'''
 +
!width="475" align="left" style="background:#99CCFF;" |'''interface ethernet 1/26
 +
switchport
 +
 +
switchport monitor
 +
 +
 +
 +
monitor session 1 type erspan-destination
 +
 +
source ip 192.168.2.1
 +
 +
destination interface ethernet 1/26
 +
 +
erspan-id 1
 +
 +
vrf default
 +
 +
no shut
 +
'''
|}
|}
Line 186: Line 263:
!width="450" align="left" style="background:#99CCFF;" |'''Command Description'''
!width="450" align="left" style="background:#99CCFF;" |'''Command Description'''
|-
|-
-
|'''show interface'''|| show interface || Displays destination port characteristics
+
|'''show interface'''|| show interface || Displays interface status and characteristics
|-
|-
| <font color="white"> - || <font color="white"> - || <font color="white"> -
| <font color="white"> - || <font color="white"> - || <font color="white"> -
|-
|-
-
|'''show monitor session '''''<#>'''''|| show monitor session <#> || Displays a specific SPAN and monitor session
+
|'''show monitor session ''<#>'''''|| show monitor session <#> || Displays a specific monitor session
 +
|-
 +
|'''show monitor session ''<#>'' brief'''|| - || Displays brief information for a specific monitor session
|-
|-
|'''show monitor session all'''|| show monitor session all || Displays all SPAN and monitor sessions
|'''show monitor session all'''|| show monitor session all || Displays all SPAN and monitor sessions
|-
|-
-
|'''show monitor range '''''<#-#>'''''|| show monitor range ''<#-#>'' || Displays a range of specified SPAN sessions
+
|'''show monitor session all brief'''|| - || Displays brief information for all monitor sessions
 +
|-
 +
|'''show monitor range ''<#-#>'''''|| show monitor range ''<#-#>'' || Displays a range of specific monitor sessions
 +
|-
 +
|'''show monitor range ''<#-#>'' brief'''|| - || Displays brief information for a range of specific monitor sessions
|-
|-
|}
|}

Revision as of 21:24, 23 January 2011

Objective

This tech note outlines the main differences in the Switched Port Analyzer (SPAN) between Cisco® NX-OS Software and Cisco IOS® Software. Sample configurations are included for Cisco NX-OS and Cisco IOS Software for some common features to demonstrate the similarities and differences. Please refer to the NX-OS documentation on Cisco.com for a complete list of supported features.


SPAN Overview

The SPAN feature allows traffic to be mirrored from within a switch from a source port to a destination port. This feature is typically used when detailed packet information is required for troubleshooting, traffic analysis, and security-threat prevention.


Important Cisco NX-OS and Cisco IOS Software Differences

In Cisco NX-OS:

  • Local SPAN and Encapsulated Remote SPAN (ERSPAN) are supported.
  • Remote SPAN (RSPAN) VLANs can be configured only as SPAN sources.
  • 48 monitor sessions can be configured. Only 2 SPAN sessions (SPAN, ERSPAN source) sessions can be active simultaneously (23 ERSPAN destination sessions can be active simultaneously).
  • Cisco NX-OS uses a hierarchical configuration based on the monitor session <#> command, whereas Cisco IOS Software has the option for flat for hierarchical configuration in Cisco IOS Software Release 12.2(18)SXH and later.
  • A single SPAN session can include mixed sources (Ethernet ports, Ethernet Port-Channels, RSPAN sources, VLANs, and the CPU control-plane interface).
  • Destination SPAN interfaces must be configured as a layer-2 interface with the switchport and the switchport monitor interface commands.
  • The SPAN feature supports stateless and stateful process restarts.


Things You Should Know

The following list provides some additional facts about Cisco NX-OS that should be helpful when configuring the SPAN feature.

  • Two active sessions are supported for all virtual device contexts (VDCs).
  • 128 source interfaces can be configured per session.
  • 32 source VLANs can be configured per session.
  • 32 destination interfaces can be configured per session.
  • Monitor sessions are disabled by default. They can be enabled with the no shut command.
  • An active SPAN session uses hardware resources and should always be disabled with the shut command when monitoring is not required.
  • The supervisor module management interface (mgmt0) cannot be configured as a SPAN source or destination interface.
  • An interface cannot be configured as both a source and destination interface.
  • An Ethernet sub-interface cannot be configured as a source or destination interface.
  • The in-band control-plane interface to the CPU can be monitored only from the default VDC. (All traffic to and from the CPU for all VDC's is visible.)
  • The source traffic direction can be configured as rx, tx, or both. The default is both.
  • When a VLAN is specified as a source, traffic to and from the layer-2 physical interfaces associated to the specified VLAN are sent to the SPAN destination (Ingress and egress traffic between SVI/VLANs are not captured if the traffic does not go in our out a physical interface).
  • By default, SPAN does not copy the IEEE 802.1q tag from trunk source interfaces.
  • A destination interface can be configured in switchport access or switchport trunk mode. (Trunk mode allows you to tag traffic toward a destination or to perform destination VLAN filtering.)
  • A destination interface does not participate in a spanning-tree instance.
  • A destination interface can be configured with the switchport monitor ingress interface command to allow the destination device (IE: IDS) to disrupt packet flows.
  • A destination port can be configured in only one SPAN session at a time.
  • ERSPAN is VRF aware. The vrf command can be configured under the monitor session to specify which VRF instance the source and destination addresses belong too.
  • ERSPAN uses the erspan-id <#> monitor session command to associate the source and destination ERSPAN monitors sessions.
  • An ERSPAN source can be configured with an extended ACL to preserve bandwidth by filtering unwanted traffic prior to sending the interesting traffic to the remote destination.


Configuration Comparison

The following sample code shows the configuration similarities and differences between the Cisco NX-OS and Cisco IOS Software command-line interfaces (CLIs). The Cisco IOS Software syntax shown here is from Cisco IOS Software Release 12.2(18)SXH, so its hierarchy is similar to the Cisco NX-OS Software. Older versions of Cisco IOS Software only support a flat configuration.


Cisco IOS CLI Cisco NX-OS CLI
Configuring the Destination Switchport Mode
Cisco IOS Software does not require any destination port configuration. interface ethernet 2/2

switchport

switchport monitor

Configuring Destination Port Ingress Forwarding and Learning
monitor session 1 type local

destination interface gigabitethernet2/2 ingress learning

interface ethernet 2/2

switchport

switchport monitor ingress learning

Configuring a SPAN Monitor (Ethernet Source and Destination)
monitor session 1 type local

source interface gigabitethernet 2/1

destination interface gigabitethernet 2/2

no shutdown

monitor session 1

source interface ethernet 2/1 both

destination interface ethernet 2/2

no shut

Configuring a SPAN Monitor (VLAN Source)
monitor session 1 type local

source vlan 10 , 20 both

destination interface gigabitethernet 2/2

no shutdown

monitor session 1

source vlan 10,20 both

destination interface ethernet 2/2

no shut

Filtering VLANs for IEEE 802.1q Trunk Sources
interface gigabitethernet 2/1

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10-20

switchport mode trunk


monitor session 1 type local

filter vlan 15 - 20

source interface gigabitethernet 2/1

destination interface gigabitethernet 2/1

no shutdown

interface ethernet 2/1

switchport

switchport mode trunk

switchport trunk allowed vlan 10-20


monitor session 1

source interface ethernet 2/1 both

destination interface ethernet 2/2

filter vlan 15-20

no shut

Configuring a SPAN Monitor (CPU Source)
monitor session 1 type local

source cpu rp rx

destination interface gigabitethernet 2/2

no shutdown

monitor session 1

source interface sup-eth0 rx

destination interface ethernet 2/2

no shut

Configuring an ERSPAN Monitor (Source)
monitor session 1 type erspan-source

source interface gigabitethernet 2/2

destination

ip address 192.168.2.1

origin ip address 192.168.1.1

erspan-id 1

no shutdown

monitor erspan origin ip-address 192.168.1.1 global


monitor session 1 type erspan-source

destination ip 192.168.2.1

erspan-id 1

vrf default

source interface ethernet 1/26 both

no shut

Configuring an ERSPAN Monitor (Destination)
monitor session 1 type erspan-destination

destination interface gigabitethernet 1/26

source

ip address 192.168.2.1

erspan-d 1

no shutdown

interface ethernet 1/26

switchport

switchport monitor


monitor session 1 type erspan-destination

source ip 192.168.2.1

destination interface ethernet 1/26

erspan-id 1

vrf default

no shut



Verification Command Comparison

The following table compares some useful show commands for verifying and troubleshooting the SPAN feature.


Cisco NX-OS SPAN Cisco IOS Software SPAN Command Description
show interface show interface Displays interface status and characteristics
- - -
show monitor session <#> show monitor session <#> Displays a specific monitor session
show monitor session <#> brief - Displays brief information for a specific monitor session
show monitor session all show monitor session all Displays all SPAN and monitor sessions
show monitor session all brief - Displays brief information for all monitor sessions
show monitor range <#-#> show monitor range <#-#> Displays a range of specific monitor sessions
show monitor range <#-#> brief - Displays brief information for a range of specific monitor sessions

Rating: 3.7/5 (10 votes cast)

Personal tools