cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

748
Views
10
Helpful
3
Replies
faradajay
Beginner

Nexus 9336- redirect the traffic from one port to other 2 ports

Hi All,

 

Switch/router------------Accessport- --eth1/23(vlan 100)-Nexus 9336 --access port vlan 200------eth1/30&1/31--

 

Switch/router is sending the copy of their wan traffic towards Nexus on port 1/23.

I want to capture all this traffic and send or redirect towards port 1/30 and 1/31.

Also, i want to drop all traffic coming on port 1/23 so that it can not leave from nexus.

 

Please suggest, how can I achieve this goal.

 

Note: Nexus is used as an access-switch and configured with a default route.

 

 

 

 

 

 

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Sergiu.Daniluk
VIP Advocate

Hi @faradajay 

So basically you received a spanned traffic and you want to span it further to probably some monitoring or IPS/IDS devices, right?

I would say that a simple local span should work, but I am not entirely sure if the traffic is dropped before being spanned or not (since you do not have any destination). And the second problem is that you can send traffic to only one destination port- which means two monitor session needs to be cfg. If you are ok with it, try this:

! first configure the destination ports as switchport monitor
switch# configure terminal
switch(config)# interface ethernet 1/30-31
switch(config-if)# switchport
switch(config-if)# switchport monitor
switch(config-if)# no shut
switch(config-if)# exit
switch(config)# 

! then configure the monitor sessions
switch(config)# monitor session 1
switch(config-monitor)# source interface ethernet 1/23 rx
switch(config-monitor)# destination interface ethernet 1/30
switch(config-monitor)# no shut
switch(config-monitor)# exit
switch(config)# monitor session 2
switch(config-monitor)# source interface ethernet 1/23 rx
switch(config-monitor)# destination interface ethernet 1/31
switch(config-monitor)# no shut
switch(config-monitor)# exit

Alternatively, you can have a look at Cisco Nexus Data Broker (NDB) which is the Cisco Solution for what are you looking for. Your platform supports only NXAPI mode (openflow is not supported, it would have been nice though).

https://www.cisco.com/c/en/us/td/docs/net_mgmt/xnc/nexus_data_broker/deploy_config/3-x/b_Nexus_Data_Broker_Configuration_Guide_371/b_Nexus_Data_Broker_Configuration_Guide_371_chapter_00.html

 

Stay safe,

Sergiu

View solution in original post

3 REPLIES 3
Sergiu.Daniluk
VIP Advocate

Hi @faradajay 

So basically you received a spanned traffic and you want to span it further to probably some monitoring or IPS/IDS devices, right?

I would say that a simple local span should work, but I am not entirely sure if the traffic is dropped before being spanned or not (since you do not have any destination). And the second problem is that you can send traffic to only one destination port- which means two monitor session needs to be cfg. If you are ok with it, try this:

! first configure the destination ports as switchport monitor
switch# configure terminal
switch(config)# interface ethernet 1/30-31
switch(config-if)# switchport
switch(config-if)# switchport monitor
switch(config-if)# no shut
switch(config-if)# exit
switch(config)# 

! then configure the monitor sessions
switch(config)# monitor session 1
switch(config-monitor)# source interface ethernet 1/23 rx
switch(config-monitor)# destination interface ethernet 1/30
switch(config-monitor)# no shut
switch(config-monitor)# exit
switch(config)# monitor session 2
switch(config-monitor)# source interface ethernet 1/23 rx
switch(config-monitor)# destination interface ethernet 1/31
switch(config-monitor)# no shut
switch(config-monitor)# exit

Alternatively, you can have a look at Cisco Nexus Data Broker (NDB) which is the Cisco Solution for what are you looking for. Your platform supports only NXAPI mode (openflow is not supported, it would have been nice though).

https://www.cisco.com/c/en/us/td/docs/net_mgmt/xnc/nexus_data_broker/deploy_config/3-x/b_Nexus_Data_Broker_Configuration_Guide_371/b_Nexus_Data_Broker_Configuration_Guide_371_chapter_00.html

 

Stay safe,

Sergiu

View solution in original post

Hi @Sergiu.Daniluk ,

Thanks.

 

So basically you received a spanned traffic and you want to span it further to probably some monitoring or IPS/IDS devices, right? ---->Yes

 

I would say that a simple local span should work, 

And the second problem is that you can send traffic to only one destination port- which means two monitor session needs to be cfg. If you are ok with it, try this:

-->OK.

 

SPAN will create copy  of traffic and send it to destination port.

but i have concern with  what will happen with TAP traffic coming on port 1/23 because Nexus is configured with default route 0/0 , as per my understating , all the TAP traffic will  send towards the next hop. Please correct me if i am wrong. Therefore i want to drops it.

 

i tried to apply ACL on port1/23, but getting error that you cant not apply on switchport.

Please suggest how i can drops these TAP traffic.

 

Thanks,

Ajay

 

 

Hi @faradajay 

You can configure a PCAL: apply the ACL you configured using command "ip port access-list"

 

Cheers,

Sergiu