Re: CSR 1000v Local SPAN

Alexander Pickar · ‎08-17-2018

Hi Everyone,

Do you know, if the virtual CSR 1000v router supports Local span configuration?

- I have configured local span, as I would on any switching platform

- Traffic is flowing in and out of the router via interface Gi1

- I want interface Gi2 to be a SPAN destination

- On interface Gi2, I don't see any traffic going out. Tested with version 3.16.8s and Denali 16.3.6.

- (Side note: I have also tried to configure the router as ERSPAN Destination. This has worked as expected, traffic received from ERSPAN was successfully mirrored to Gi2 interface.)

I have a simple configuration like that:

monitor session 1 type local
description TEST-Monitor
source interface Gi1
destination interface Gi2

Monitor session is up:

prg-csr-cisco#show monitor session 1
Session 1
---------
Type                   : Local Session
Status                 : Admin Enabled
Description            : TEST-Monitor
Source Ports           :
    Both               : Gi1
Destination Ports      : Gi2

Interface Gi1 has some traffic, but Gi2 has no traffic comming out:

prg-csr-cisco#show int gi 1
GigabitEthernet1 is up, line protocol is up
Hardware is CSR vNIC, address is 0050.5695.498d (bia 0050.5695.498d)
Internet address is 10.132.1.68/24
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 1000Mbps, link type is auto, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:44, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 261000 bits/sec, 87 packets/sec
5 minute output rate 1000 bits/sec, 1 packets/sec
     208524 packets input, 78979536 bytes, 0 no buffer
      ...

1638 packets output, 163784 bytes, 0 underruns
...

prg-csr-cisco#
prg-csr-cisco#
prg-csr-cisco#show int gi 2
GigabitEthernet2 is up, line protocol is up (monitoring)
Hardware is CSR vNIC, address is 0050.5695.65c2 (bia 0050.5695.65c2)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 1000Mbps, link type is auto, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:02:07, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
     2 packets input, 120 bytes, 0 no buffer
     ...
     3 packets output, 231 bytes, 0 underruns
     ...

prg-csr-cisco#

Regards,

Alexander Pickar

Rey- · ‎03-07-2019

I have this exact same problem too.

Did you ever get a response from someone on how to address it?

Leszek Wojnarski · ‎05-08-2019

I opened a case with Cisco for this and they provided workaround which works for me:

Workaround:
Local SPAN is not available on the ASR, but creative use of ERSPAN can produce similar results. An example configuration is given below:int loopback0

int loopback0
ip address x.x.x.x y.y.y.y
!
!
monitor session 1 type erspan-source
source interface GigabitEthernet0/0/0
destination
erspan-id 100
ip address x.x.x.x
origin ip address x.x.x.x
!
!
monitor session 2 type erspan-destination
destination interface GigabitEthernet0/0/5
source
erspan-id 100
ip address x.x.x.x

This is as per defect

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCto80065

Rey- · ‎05-08-2019

Thanks!

I got it working with this:

***

interface Loopback0
ip address 1.1.1.1 255.255.255.255

!

monitor session 1 type erspan-source
source interface Gi2 rx
destination
erspan-id 100
ip address 1.1.1.1
origin ip address 1.1.1.1
!
monitor session 2 type erspan-destination
destination interface Gi4
source
erspan-id 100
ip address 1.1.1.1

***

yennylm4 · ‎06-19-2023

I have tried configuring erspan as you mentioned on a csr1000v router, but I can't see the packets being copied to the destination interface, would you know why this might be happening?

ziongeorge799 · ‎06-19-2023

Local SPAN allows you to monitor network traffic by configuring a port or VLAN to copy all the traffic to a designated monitoring port. This feature enables network analysis, troubleshooting, and monitoring of network traffic within the virtual router environment.

yennylm4 · ‎06-20-2023

I have configured the local SPAN, but when I ping the source interface I do not see the copy of the packets on the destination interface, in mycap I capture the packets from the source interface and mycap1 captures the destination interface.

csr1000v#show monitor session 1
Session 1
---------
Type                     : Local Session
Status                   : Admin Enabled
Source Ports             :
    Both                 : Gi2
Destination Ports        : Gi3



csr1000v#show monitor capture mycap buffer brief
 ----------------------------------------------------------------------------
 #   size   timestamp     source             destination      dscp    protocol
 ----------------------------------------------------------------------------
   0  114    0.000000   192.168.1.2      ->  192.168.16.2     0  BE   ICMP
   1  114    0.000000   192.168.1.2      ->  192.168.16.2     0  BE   ICMP
   2  114    0.000000   192.168.16.2     ->  192.168.1.2      0  BE   ICMP
   3  114    0.000000   192.168.1.2      ->  192.168.16.2     0  BE   ICMP
   4  114    0.000000   192.168.16.2     ->  192.168.1.2      0  BE   ICMP
   5  114    0.000000   192.168.16.2     ->  192.168.1.2      0  BE   ICMP
   6  114    0.017989   192.168.1.2      ->  192.168.16.2     0  BE   ICMP
   7  114    0.017989   192.168.16.2     ->  192.168.1.2      0  BE   ICMP
   8  114    0.038999   192.168.1.2      ->  192.168.16.2     0  BE   ICMP
   9  114    0.038999   192.168.16.2     ->  192.168.1.2      0  BE   ICMP

csr1000v#show monitor capture mycap1 buffer brief
 ----------------------------------------------------------------------------
 #   size   timestamp     source             destination      dscp    protocol
 ----------------------------------------------------------------------------

instastalkerpro · ‎08-10-2023

I'm truly grateful for your help! Your explanations were so clear and insightful. This is knowledge worth sharing, and I'm excited to do just that. I learn that The Cisco CSR 1000v is a virtual router that can be used for various networking tasks. Local SPAN (Switched Port Analyzer) is a feature that allows you to mirror network traffic from one port to another within the same switch or router. This is commonly used for network monitoring, troubleshooting, and analysis. instastalker.pro

instastoriesviewer · ‎12-11-2023

To configure local SPAN on a Cisco CSR 1000v, you typically use the monitor session command instastoriesviewer in the command-line interface (CLI). The configuration involves specifying the source interface (the interface whose traffic you want to monitor), the destination interface (where you want to send the monitored traffic), and other parameters as needed.