Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1080
Views
0
Helpful
4
Replies

N3K interface VLAN traffic

ammar-taha
Level 1
Level 1

‎08-30-2021 05:59 AM

hi all

 

 

I have nexus 3064 and the downlink is  trunk port-channel and there are many VLANs pass through this port-channel and each VLAN carry different service can is there any way to monitor the traffic of this VLANs  ? 

 

 

0 Helpful
4 Replies 4

Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎08-30-2021 01:49 PM

Hi @ammar-taha 

 

You can use SPAN:

The following example shows how to configure a port channel SPAN source:

switch# configure terminal
switch(config)# monitor session 2
switch(config-monitor)# filter access-group acl1
switch(config-monitor)# source interface port-channel 1 rx
switch(config-monitor)# source interface port-channel 3 tx
switch(config-monitor)# source interface port-channel 5 both
switch(config-monitor)#

The following example shows how to configure a VLAN SPAN source:

switch# configure terminal
switch(config)# monitor session 2
switch(config-monitor)# filter access-group acl1
switch(config-monitor)# source vlan 1
switch(config-monitor)#

 ACL is optional.

Documentation reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/system_mgmt/7_x/b_Cisco_Nexus_3000_Series_NX-OS_System_Management_Configuration_Guide_7x/b_Cisco_Nexus_3000_Series_NX-OS_System_Management_Configuration_Guide_7x_chapter_010001.ht...

 

Regards,

Sergiu

0 Helpful

ammar-taha
Level 1
Level 1
In response to Sergiu.Daniluk

‎08-30-2021 10:44 PM

HI @Sergiu.Daniluk

 

i believe in this method the destination port must be connected, i have 4 VLANs so i need to provide 4 connected port ?

0 Helpful

Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to ammar-taha

‎08-31-2021 02:34 AM

Local SPAN meas you redirect the monitored traffic to a local interface, where you have your monitoring device or monitoring network connected.

You have the option to configure ERSPAN, in which case you send the monitored traffic to a remote IP address.

In both cases, you can send traffic from multiple sources to the same single destination (local port or remote IP).

 

Stay safe,

Sergiu

0 Helpful

Christopher Hart
Cisco Employee
Cisco Employee

‎09-08-2021 04:22 PM

Hello!

The answer to this question will vary slightly depending on what specifically you want to monitor and how granular you want that monitoring to be.

@Sergiu.Daniluk provided you one option, which is SPAN. This will replicate all traffic that traverses the switch through this port-channel to another device, which can analyze the traffic and give you the data you want.

Another option you may want to consider is implementing sFlow so that you can sample the traffic traversing the switch. This will give you additional visibility into what types of hosts are talking to each other and what types of traffic traverses the switch.

Depending on your environment and what the business needs are that's driving this question, either SPAN or sFlow may be the appropriate solution.

You can reference the sFlow chapter of the Nexus 3000 System Management Configuration Guide for more details.

I hope this helps - thank you!

-Christopher

0 Helpful
Customers Also Viewed These Support Documents