Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
545
Views
0
Helpful
4
Replies

span source interface is not working as intended in NX-OS

lchan007
Level 1
Level 1

‎05-26-2020 09:55 AM - edited ‎05-26-2020 07:30 PM

I set up SPAN in nxos switch to capture all traffic (specific interest on one vlan) on switchport Eth25,26,27.

Eth24 is plugged into a Linux server with tcpdump running and it is running as the destination. However, the capture doesn't see anything except for multicast traffic until I specific vlan as the source interface. 

 

I expect the interfaces as source would capture all traffic, but it is not working. What am I missing?

 

 

Not Working

monitor session 2 
  source interface Ethernet1/25 both
  source interface Ethernet1/26 both
  source interface Ethernet1/27 both
  destination interface Ethernet1/24
  no shut

 

Workaround

monitor session 3 
  source interface Vlan802 both
  destination interface Ethernet1/24
  no shut

 

Partial Config

! Software
!   BIOS: version 07.64
!   NXOS: version 7.0(3)I7(5a)
!   BIOS compile time:  05/17/2018
!   NXOS image file is: bootflash:///nxos.7.0.3.I7.5a.bin
!   NXOS compile time:  10/12/2018 19:00:00 [10/13/2018 03:16:04]
vlan 1,11,21-26,35,90,92,120,162-167,802,2511-2512,2715-2716,2725-2726,2735-2736,2795-2796,3010-3011,3025-3026,3035-3036,3055-3056,3085-3086,3095-3096

interface Ethernet1/24
  description SPAN

interface Ethernet1/25
  description octrl-1-1:eth7
  switchport
  switchport access vlan 802
  spanning-tree port type edge
  no shutdown

interface Ethernet1/26
  description octrl-2-3:eth7
  switchport
  switchport access vlan 802
  spanning-tree port type edge
  no shutdown

interface Ethernet1/27
  description octrl-2-2:eth7
  switchport
  switchport access vlan 802
  spanning-tree port type edge
  no shutdown

interface Vlan802
  description openstack-dmz:neutrongw
  no shutdown
  mtu 9216
  vrf member openstack-dmz
  no ip redirects
  ip address 10.241.193.195/28
  ip address 10.146.71.3/25 secondary
  hsrp version 2
  hsrp 802 
    name openstack-dmz:neutrongw
    preempt delay minimum 5 reload 60 sync 15 
    priority 110
    timers  1  5
    ip 10.146.71.1

 

Labels:
0 Helpful
4 Replies 4

Reza Sharifi
Hall of Fame
Hall of Fame

‎05-26-2020 10:35 AM

Are ports e1/25, 26 and 27 supposed to be part of 

vrf member openstack-dmz

context?

HTH

0 Helpful

lchan007
Level 1
Level 1
In response to Reza Sharifi

‎05-26-2020 10:59 AM

e1/25-27 is part of an SVI. Vlan802 is part of the vrf openstack-dmz
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to lchan007

‎05-26-2020 11:57 AM

if the VLAN belong to X VRF. and Destination port is in Global Interface right ?

 

Can you post monitor session config also. ( i do not re-call the syntax long back tested - try to dig later at my archieve)

check there is vrf configure required in the monitor session.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

lchan007
Level 1
Level 1
In response to balaji.bandi

‎05-26-2020 12:04 PM - edited ‎05-26-2020 07:27 PM

BB,
I posted the monitor sessions in the first post, will add the actual config when I get a chance. The only difference is I set the source as the vlan, both don't have vrf configure on the monitor session.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card