ERSPAN Port Configuration

dvag-nsafe · ‎02-23-2017

Hi,

i was wondering, if i have to configure anything on the source-ports on the switch where i have the monitor session set up. My config looks like this:

monitor session 3 type erspan-source
  description bfd_problem
  erspan-id 3
  vrf 30
  destination ip 10.61.203.177
  ip ttl 30
  source interface port-channel513 both
  no shut

monitor erspan origin ip-address 10.62.0.18 global

The configuration Guide says that youb have to configure the Ports first. But i cannot find any example of what i have to do. There is the option "switchport monitor" in Interface configuration mode, but it gives me an error:

switch(config-if)# switchport monitor
error: switchport monitor not supported for interface type

Also, what is the origin IP in the configuration for? I put the IP of the server i want to capture traffic from. Or does it have to be an IP on the Switch?

Thanks for any help...

Kirk J · ‎02-23-2017

Greetings.

The origin IP is a requirement for the ER Span mechanism itself, as it is effectively an IP to IP tunnel that is forwarding your source (in your case is source interface port-channel513 both) to an end destination that normally would not be able receive that traffic via span or rspan methods.

http://www.cisco.com/c/en/us/support/docs/switches/nexus-7000-series-switches/113480-erspan-nexus-7k-00.html

Thanks,

Kirk...

dvag-nsafe · ‎02-23-2017

Hi Kirk and thank you!

The reason i'm asking is because i feel like i dont get all the trafic that i want to see. Server-People are running test and i cannot see any traffic from their IP's. But the source is definetely correct...