Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1973
Views
10
Helpful
3
Replies

Nexus 9336- redirect the traffic from one port to other 2 ports

Go to solution
faradajay
Level 1
Level 1

‎01-27-2021 09:46 PM

Hi All,

 

Switch/router------------Accessport- --eth1/23(vlan 100)-Nexus 9336 --access port vlan 200------eth1/30&1/31--

 

Switch/router is sending the copy of their wan traffic towards Nexus on port 1/23.

I want to capture all this traffic and send or redirect towards port 1/30 and 1/31.

Also, i want to drop all traffic coming on port 1/23 so that it can not leave from nexus.

 

Please suggest, how can I achieve this goal.

 

Note: Nexus is used as an access-switch and configured with a default route.

 

 

 

 

 

 

 

 

 

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎01-27-2021 10:29 PM - edited ‎01-27-2021 10:31 PM

Hi @faradajay 

So basically you received a spanned traffic and you want to span it further to probably some monitoring or IPS/IDS devices, right?

I would say that a simple local span should work, but I am not entirely sure if the traffic is dropped before being spanned or not (since you do not have any destination). And the second problem is that you can send traffic to only one destination port- which means two monitor session needs to be cfg. If you are ok with it, try this:

! first configure the destination ports as switchport monitor
switch# configure terminal
switch(config)# interface ethernet 1/30-31
switch(config-if)# switchport
switch(config-if)# switchport monitor
switch(config-if)# no shut
switch(config-if)# exit
switch(config)# 

! then configure the monitor sessions
switch(config)# monitor session 1
switch(config-monitor)# source interface ethernet 1/23 rx
switch(config-monitor)# destination interface ethernet 1/30
switch(config-monitor)# no shut
switch(config-monitor)# exit
switch(config)# monitor session 2
switch(config-monitor)# source interface ethernet 1/23 rx
switch(config-monitor)# destination interface ethernet 1/31
switch(config-monitor)# no shut
switch(config-monitor)# exit

Alternatively, you can have a look at Cisco Nexus Data Broker (NDB) which is the Cisco Solution for what are you looking for. Your platform supports only NXAPI mode (openflow is not supported, it would have been nice though).

https://www.cisco.com/c/en/us/td/docs/net_mgmt/xnc/nexus_data_broker/deploy_config/3-x/b_Nexus_Data_Broker_Configuration_Guide_371/b_Nexus_Data_Broker_Configuration_Guide_371_chapter_00.html

 

Stay safe,

Sergiu

View solution in original post

3 Replies 3

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎01-27-2021 10:29 PM - edited ‎01-27-2021 10:31 PM

Hi @faradajay 

So basically you received a spanned traffic and you want to span it further to probably some monitoring or IPS/IDS devices, right?

I would say that a simple local span should work, but I am not entirely sure if the traffic is dropped before being spanned or not (since you do not have any destination). And the second problem is that you can send traffic to only one destination port- which means two monitor session needs to be cfg. If you are ok with it, try this:

! first configure the destination ports as switchport monitor
switch# configure terminal
switch(config)# interface ethernet 1/30-31
switch(config-if)# switchport
switch(config-if)# switchport monitor
switch(config-if)# no shut
switch(config-if)# exit
switch(config)# 

! then configure the monitor sessions
switch(config)# monitor session 1
switch(config-monitor)# source interface ethernet 1/23 rx
switch(config-monitor)# destination interface ethernet 1/30
switch(config-monitor)# no shut
switch(config-monitor)# exit
switch(config)# monitor session 2
switch(config-monitor)# source interface ethernet 1/23 rx
switch(config-monitor)# destination interface ethernet 1/31
switch(config-monitor)# no shut
switch(config-monitor)# exit

Alternatively, you can have a look at Cisco Nexus Data Broker (NDB) which is the Cisco Solution for what are you looking for. Your platform supports only NXAPI mode (openflow is not supported, it would have been nice though).

https://www.cisco.com/c/en/us/td/docs/net_mgmt/xnc/nexus_data_broker/deploy_config/3-x/b_Nexus_Data_Broker_Configuration_Guide_371/b_Nexus_Data_Broker_Configuration_Guide_371_chapter_00.html

 

Stay safe,

Sergiu

Go to solution
faradajay
Level 1
Level 1
In response to Sergiu.Daniluk

‎01-27-2021 10:57 PM

Hi @Sergiu.Daniluk ,

Thanks.

 

So basically you received a spanned traffic and you want to span it further to probably some monitoring or IPS/IDS devices, right? ---->Yes

 

I would say that a simple local span should work, 

And the second problem is that you can send traffic to only one destination port- which means two monitor session needs to be cfg. If you are ok with it, try this:

-->OK.

 

SPAN will create copy  of traffic and send it to destination port.

but i have concern with  what will happen with TAP traffic coming on port 1/23 because Nexus is configured with default route 0/0 , as per my understating , all the TAP traffic will  send towards the next hop. Please correct me if i am wrong. Therefore i want to drops it.

 

i tried to apply ACL on port1/23, but getting error that you cant not apply on switchport.

Please suggest how i can drops these TAP traffic.

 

Thanks,

Ajay

 

 

0 Helpful

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to faradajay

‎01-28-2021 12:35 AM

Hi @faradajay 

You can configure a PCAL: apply the ACL you configured using command "ip port access-list"

 

Cheers,

Sergiu

0 Helpful
Customers Also Viewed These Support Documents