Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1079
Views
0
Helpful
1
Replies

ERSPAN Source and Destination Session on Nexus 9k

Nikhilkhandekar
Level 1
Level 1

‎06-01-2017 04:00 AM - edited ‎03-08-2019 10:48 AM

Hi,

I have switch-1(Nexus 9504) and switch-2(Nexus 93128).

These two switches are connected with each other in vPC and i want to configure ERSPAN session as Switch-1 as source and switch-2 as destination.

However it is not possible since Nexus 9000 does not support ERSPAN destination session.

Is there any work around for this.

3 people had this problem
Labels:
0 Helpful
1 Reply 1

sbhadrav@cisco.com
Level 5
Level 5

‎05-10-2018 12:32 AM

The interfaces from which traffic can be monitored are called ERSPAN sources. Sources designate the traffic
to monitor and whether to copy ingress, egress, or both directions of traffic. ERSPAN sources include the
following:
• Ethernet ports (but not subinterfaces)
• Port channels
• The inband interface to the control plane CPU
• VLANs
Guidelines and Limitations for ERSPAN
ERSPAN has the following configuration guidelines and limitations:
• For ERSPAN session limits, see the Cisco Nexus 9000 Series NX-OS Verified Scalability Guide.
• The number of ERSPAN sessions per line card reduces to two if the same interface is configured as a
bidirectional source in more than one session.
• Only ERSPAN source sessions are supported. Destination sessions are not supported.
• Statistics are not supported for the filter access group.
• An access-group filter in an ERSPAN session must be configured as vlan-accessmap.
• All ERSPAN replication is performed in the hardware. The supervisor CPU is not involved.
• Control plane packets generated by the supervisor cannot be ERSPAN encapsulated or filtered by an
ERSPAN access control list (ACL).
• ERSPAN is not supported for management ports.
• ERSPAN does not support destinations on Layer 3 port-channel subinterfaces.
• ERSPAN and ERSPAN ACL sessions are terminated identically at the destination router only when the
ERSPAN destination IP address is resolved through Cisco Nexus 9300 Series switch uplink ports.
• ERSPAN does not support destinations on N9K-X9408PC-CFP2 line card ports.
• Cisco Nexus 9500 Series switches with a X9732C-EX line card support ERSPANV2 or ERSPANv3
headers in spanned copy. Cisco Nexus 9300Series switches support ERSPANv2 or ERSPANv3 headers
but only for sessions with 40G uplink SPAN destinations.
• Supervisor-generated stream of bytes module header (SOBMH) packets have all of the information to
go out on an interface and can bypass all forwarding lookups in the hardware, including SPAN and
ERSPAN. CPU-generated frames for Layer 3 interfaces and the Bridge Protocol Data Unit (BPDU)
class of packets are sent using SOBMH. This guideline does not apply for Cisco Nexus 9508 switches
with N9K-X9636C-R and N9K-X9636Q-R line cards. The Cisco Nexus N9K-X9636C-R and
N9K-X9636Q-R both support inband SPAN and local SPAN.
• A VLAN can be part of only one session when it is used as an ERSPAN source or filter.
• VLAN ERSPAN monitors only the traffic that leaves or enters Layer 2 ports in the VLAN.
• If you enable ERSPAN on a vPC and ERSPAN packets need to be routed to the destination through the
vPC, packets that come through the vPC peer link cannot be captured.
• ERSPAN is not supported over a VXLAN overlay.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card