01-27-2021 09:46 PM
Hi All,
Switch/router------------Accessport- --eth1/23(vlan 100)-Nexus 9336 --access port vlan 200------eth1/30&1/31--
Switch/router is sending the copy of their wan traffic towards Nexus on port 1/23.
I want to capture all this traffic and send or redirect towards port 1/30 and 1/31.
Also, i want to drop all traffic coming on port 1/23 so that it can not leave from nexus.
Please suggest, how can I achieve this goal.
Note: Nexus is used as an access-switch and configured with a default route.
Solved! Go to Solution.
01-27-2021 10:29 PM - edited 01-27-2021 10:31 PM
Hi @faradajay
So basically you received a spanned traffic and you want to span it further to probably some monitoring or IPS/IDS devices, right?
I would say that a simple local span should work, but I am not entirely sure if the traffic is dropped before being spanned or not (since you do not have any destination). And the second problem is that you can send traffic to only one destination port- which means two monitor session needs to be cfg. If you are ok with it, try this:
! first configure the destination ports as switchport monitor
switch# configure terminal
switch(config)# interface ethernet 1/30-31
switch(config-if)# switchport
switch(config-if)# switchport monitor
switch(config-if)# no shut
switch(config-if)# exit
switch(config)#
! then configure the monitor sessions
switch(config)# monitor session 1
switch(config-monitor)# source interface ethernet 1/23 rx
switch(config-monitor)# destination interface ethernet 1/30
switch(config-monitor)# no shut
switch(config-monitor)# exit
switch(config)# monitor session 2
switch(config-monitor)# source interface ethernet 1/23 rx
switch(config-monitor)# destination interface ethernet 1/31
switch(config-monitor)# no shut
switch(config-monitor)# exit
Alternatively, you can have a look at Cisco Nexus Data Broker (NDB) which is the Cisco Solution for what are you looking for. Your platform supports only NXAPI mode (openflow is not supported, it would have been nice though).
Stay safe,
Sergiu
01-27-2021 10:29 PM - edited 01-27-2021 10:31 PM
Hi @faradajay
So basically you received a spanned traffic and you want to span it further to probably some monitoring or IPS/IDS devices, right?
I would say that a simple local span should work, but I am not entirely sure if the traffic is dropped before being spanned or not (since you do not have any destination). And the second problem is that you can send traffic to only one destination port- which means two monitor session needs to be cfg. If you are ok with it, try this:
! first configure the destination ports as switchport monitor
switch# configure terminal
switch(config)# interface ethernet 1/30-31
switch(config-if)# switchport
switch(config-if)# switchport monitor
switch(config-if)# no shut
switch(config-if)# exit
switch(config)#
! then configure the monitor sessions
switch(config)# monitor session 1
switch(config-monitor)# source interface ethernet 1/23 rx
switch(config-monitor)# destination interface ethernet 1/30
switch(config-monitor)# no shut
switch(config-monitor)# exit
switch(config)# monitor session 2
switch(config-monitor)# source interface ethernet 1/23 rx
switch(config-monitor)# destination interface ethernet 1/31
switch(config-monitor)# no shut
switch(config-monitor)# exit
Alternatively, you can have a look at Cisco Nexus Data Broker (NDB) which is the Cisco Solution for what are you looking for. Your platform supports only NXAPI mode (openflow is not supported, it would have been nice though).
Stay safe,
Sergiu
01-27-2021 10:57 PM
Hi @Sergiu.Daniluk ,
Thanks.
So basically you received a spanned traffic and you want to span it further to probably some monitoring or IPS/IDS devices, right? ---->Yes
I would say that a simple local span should work,
And the second problem is that you can send traffic to only one destination port- which means two monitor session needs to be cfg. If you are ok with it, try this:
-->OK.
SPAN will create copy of traffic and send it to destination port.
but i have concern with what will happen with TAP traffic coming on port 1/23 because Nexus is configured with default route 0/0 , as per my understating , all the TAP traffic will send towards the next hop. Please correct me if i am wrong. Therefore i want to drops it.
i tried to apply ACL on port1/23, but getting error that you cant not apply on switchport.
Please suggest how i can drops these TAP traffic.
Thanks,
Ajay
01-28-2021 12:35 AM
Hi @faradajay
You can configure a PCAL: apply the ACL you configured using command "ip port access-list"
Cheers,
Sergiu
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide