Cisco NX-OS/IOS SPAN Comparison
From DocWiki
Objective
This tech note outlines the main differences in the Switched Port Analyzer (SPAN) between Cisco® NX-OS Software and Cisco IOS® Software. Sample configurations are included for Cisco NX-OS and Cisco IOS Software for some common features to demonstrate the similarities and differences. Please refer to the NX-OS documentation on Cisco.com for a complete list of supported features.
SPAN Overview
The SPAN feature allows traffic to be mirrored from within a switch from a source port to a destination port. This feature is typically used when detailed packet information is required for troubleshooting, traffic analysis, and security-threat prevention.
Important Cisco NX-OS and Cisco IOS Software Differences
In Cisco NX-OS:
- Only Local SPAN is supported.
- Remote SPAN (RSPAN) VLANs can be configured only as SPAN sources.
- 18 monitor sessions can be configured. Only two sessions can be active simultaneously.
- Cisco NX-OS uses a hierarchical configuration based on the monitor session <#> command, whereas Cisco IOS Software has the option for flat for hierarchical configuration in Cisco IOS Software Release 12.2(18)SXH and later.
- A single SPAN session can include mixed sources (Ethernet ports, Ethernet Port-Channels, RSPAN sources, VLANs, and the CPU control-plane interface).
- Destination SPAN ports must be configured as Layer 2 ports with the switchport command.
- Destination SPAN ports require the switchport monitor interface configuration command.
- The SPAN feature supports stateful and stateless process restarts.
Things You Should Know
The following list provides some additional facts about Cisco NX-OS that should be helpful when configuring the SPAN feature.
- Two active SPAN sessions are supported for all virtual device contexts (VDCs).
- Monitor sessions are disabled by default. They can be enabled with the no shut command.
- The source traffic direction can be configured as rx, tx, or both. The default is both.
- When a VLAN is specified as the source, traffic to and from the Layer 2 ports in the specified VLAN are sent to the destination.
- The in-band control-plane interface to the CPU can be monitored only from the default VDC. (All VDC traffic is visible.)
- By default, SPAN does not copy the IEEE 802.1q tag from trunk sources.
- A destination port can be configured in switchport access or trunk mode. (Trunk mode allows you to tag traffic toward a destination or to perform destination VLAN filtering.)
- A destination port does not participate in a spanning-tree instance.
- A destination port can be configured in only one SPAN session at a time.
- A port cannot be configured as both a source and destination port.
- 128 source interfaces can be configured per session.
- 32 source VLANs can be configured per session.
- 2 destination interfaces can be configured per session.
Configuration Comparison
The following sample code shows the configuration similarities and differences between the Cisco NX-OS and Cisco IOS Software command-line interfaces (CLIs). The Cisco IOS Software syntax shown here is from Cisco IOS Software Release 12.2(18)SXH, so its hierarchy is similar to that of as the Cisco NX-OS. Older versions of Cisco IOS Software support only a flat configuration.
| Cisco IOS CLI | Cisco NX-OS CLI | |
|---|---|---|
| Configuring the Destination Switchport Mode |
| Cisco IOS Software does not require any destination port configuration. | interface Ethernet2/2
switchport switchport monitor |
|---|
| Configuring Destination Port Ingress Forwarding and Learning |
| monitor session 1 type local
destination interface Gi2/2 ingress learning | interface Ethernet2/2
switchport switchport monitor ingress learning |
|---|
| Configuring a SPAN Monitor (Ethernet Source and Destination) |
| monitor session 1 type local
source interface Gi2/1 destination interface Gi2/2 | monitor session 1
source interface Ethernet2/1 both destination interface Ethernet2/2 no shut |
|---|
| Configuring a SPAN Monitor (VLAN Source) |
| monitor session 1 type local
source vlan 10 , 20 destination interface Gi2/2 | monitor session 1
source vlan 10,20 both destination interface Ethernet2/2 no shut |
|---|
| Filtering VLANs for IEEE 802.1q Trunk Sources |
| interface GigabitEthernet2/1
switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 10-20 switchport mode trunk
filter vlan 15 - 20 source interface Gi2/1 destination interface Gi2/1 no shutdown | interface Ethernet2/1
switchport switchport mode trunk switchport trunk allowed vlan 10-20
source interface Ethernet2/1 both destination interface Ethernet2/2 filter vlan 15-20 no shut |
|---|
| Configuring a SPAN Monitor (CPU Source) |
| monitor session 1 type local
source cpu rp rx destination interface Gi2/2 no shutdown | monitor session 1
source interface sup-eth0 rx destination interface Ethernet2/2 no shut |
|---|
Verification Command Comparison
The following table compares some useful show commands for verifying and troubleshooting the SPAN feature.
| Cisco NX-OS SPAN | Cisco IOS Software SPAN | Command Description |
|---|---|---|
| show interface | show interface | Displays destination port characteristics |
| - | - | - |
| show monitor session <#> | show monitor session <#> | Displays a specific SPAN and monitor session |
| show monitor session all | show monitor session all | Displays all SPAN and monitor sessions |
| show monitor range <#-#> | show monitor range <#-#> | Displays a range of specified SPAN sessions |
