Hi all,
I am trying to enable an erspan capture on a Nexus switch.
In a test environment with a basic setup, I was able to get everything working.
However, I have not quite figured out how to get it to work in a real life scenario where I am trying to capture packets from multiple sources where:
- One source is a port on the same switch with multiple sub-interfaces. I know that ERSPAN does not support this and so I have attempted to capture by configuring the VLANs on each of those sub-interfaces as sources but I do not think it is working. Will ERSPAN work if I configure the sessions's vrf to "default" but the sub-interfaces are on a different vrf and by specifying the vlans of the subinterfaces?
- Do all source vlans need to be reachable by the destination (capture station) and/or the switch where erspan is running? or would it simply duplicate the packets of all the sources specified for that monitor session to be sent to the destination/capture station of the erspan? for example: if my destination IP is configured to be 192.168.0.10/24 and my source are vlans 2,4,6,8,10 (each being a different subnet i.e. 10.0.0.0/24, 192.168.50.0/24 etc.), will that be an issue?
- I configured the origin ip-address as the IP address of the switch that belongs in the same vlan (also in the 192.168.0.0/24) network as per my destination capture station. Is that the correct thing to do?
Thank you
