Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
579
Views
0
Helpful
2
Replies

ERSPAN Port Configuration

dvag-nsafe
Level 1
Level 1

‎02-23-2017 02:57 AM

Hi,

i was wondering, if i have to configure anything on the source-ports on the switch where i have the monitor session set up. My config looks like this:

monitor session 3 type erspan-source
  description bfd_problem
  erspan-id 3
  vrf 30
  destination ip 10.61.203.177
  ip ttl 30
  source interface port-channel513 both
  no shut

monitor erspan origin ip-address 10.62.0.18 global

The configuration Guide says that youb have to configure the Ports first. But i cannot find any example of what i have to do. There is the option "switchport monitor" in Interface configuration mode, but it gives me an error:

switch(config-if)# switchport monitor
error: switchport monitor not supported for interface type

Also, what is the origin IP in the configuration for? I put the IP of the server i want to capture traffic from. Or does it have to be an IP on the Switch?

Thanks for any help...

Labels:
0 Helpful
2 Replies 2

Kirk J
Cisco Employee
Cisco Employee

‎02-23-2017 03:51 AM

Greetings.

The origin IP is a requirement for the ER Span mechanism itself, as it is effectively an IP to IP tunnel that is forwarding your source (in your case is source interface port-channel513 both) to an end destination that normally would not be able receive that traffic via span or rspan methods.

http://www.cisco.com/c/en/us/support/docs/switches/nexus-7000-series-switches/113480-erspan-nexus-7k-00.html

Thanks,

Kirk...

0 Helpful

dvag-nsafe
Level 1
Level 1
In response to Kirk J

‎02-23-2017 03:53 AM

Hi Kirk and thank you!

The reason i'm asking is because i feel like i dont get all the trafic that i want to see. Server-People are running test and i cannot see any traffic from their IP's. But the source is definetely correct...

0 Helpful
Customers Also Viewed These Support Documents