Hi,Not quite the answer i was

rob.hicks1 · ‎07-14-2014

Hi, I need to packet capture all traffic for a specific vlan configured on an etherchannel trunk interface (on a NEXUS 5548). A local span was successfully configured, however there appears to be no option to filter a specific vlan for the monitor session and therefore all traffic is being captured. Online documentation seems to suggest there is a way to filter a vlan - however i cannot see the option on the CLI (i am unsure if the filtering applies only to remote span, and not local span). Anyone know of a way to filter vlans for a monitor session, or know a work-around? I am currently capturing the whole VLAN which is not really what i wanted (and may also forward too much traffic) Many thanks current config is simply :- monitor session 1 source vlan 123 destination interface Ethernet1/1 no shut

Rajeev Sharma · ‎07-14-2014

Hey Rob,

Let us know what command is not accepted by system or where are you stuck?

I am adding a document for configuring SPAN and how to filter:

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/6_x/nx-os/system_management/configuration/guide/sm_nx_os_cg/sm_14span.html#pgfId-1313073

HTH.

Regards,

RS

rob.hicks1 · ‎07-15-2014

HI,

Thanks for the reply.

Below is an output from the CLI menu (within the monitor session sub menu) - as u can see there is no filter vlan option. I cannot see anywhere else to add a filter option for an etherchannel trunk interface?

At the moment the monitor session is currently set to monitor the whole vlan123, however i want to monitor only vlan 123 on a specific etherchannel trunk interface.

Thanks
Rob

Nexus5548
version 5.2(1)N1(1b)

--------------------------------------------------------------

sw_hostname(config-monitor)# ?
description Session description (max 32 characters)
destination Destination configuration
mtu          Set the MTU size for SPAN packets
no           Negate a command or set its defaults
shut         Shut a monitor session
source       Source configuration
end          Go to exec mode
exit         Exit from command interpreter
pop          Pop mode from stack or restore from name
push         Push current mode to stack or save it under name
where        Shows the cli context you are in

--------------------------------------------------------------

sw_hostname# show monitor session all
   session 1
---------------
type              : local
state             : up
source intf       :
    rx            :
    tx            :
    both          :
source VLANs      :
    rx            : 123
source VSANs      :
    rx            :
destination ports : Eth1/1

Legend: f = forwarding enabled, l = learning enabled

--------------------------------------------------------------

Rajeev Sharma · ‎07-15-2014

Hey Rob,

Unfortunately on Nexus5K traffic filtering options are very limited but an enhancement is already filed .And then it will allow to configure VACL for filtering, please have a look:

https://tools.cisco.com/bugsearch/bug/CSCtu14210

HTH.

Regards,

RS.

rob.hicks1 · ‎07-15-2014

Hi,

Not quite the answer i was hoping for, but many thanks for taking the time to confirm the situation.

Guess it looks like i need to wait for a code update :(

Thanks again,

Rob

How to filter a VLAN on NEXUS monitor session