Wednesday, February 8, 2017

Cisco Nexus: How To Span A Port On A Nexus 9K

I came across a need where I had to create a monitor session across a vPC across two Nexus 9Ks.  Otherwise known as spanning a port.  Port-mirroring.  etc.  Pick a name, its all the same.  Either way, I needed all traffic going across two vPCs to go to a firewall where I was waiting eagerly to capture the traffic and see what was going on.  Check Point and Palo Alto firewalls are excellent for this sort of thing.
Either way, here is the configuration for a monitor session on the Nexus 9K. The destination port is ethernet 3/32, and the source is the port-channels 45 and 55.
Nexus9K# config t
Enter configuration commands, one per line. End with CNTL/Z.
Nexus9K(config)# monitor session 1
Nexus9K(config-monitor)# exit
Nexus9K(config)# int eth 3/32
Nexus9K(config-if)# switchport monitor
Nexus9K(config-if)# exit
Nexus9K(config)# monitor session 1
Nexus9K(config-monitor)# destination int eth 3/32
Nexus9K(config-monitor)# source interface port-channel 45 both
Nexus9K(config-monitor)# source interface port-channel 55 both
Nexus9K(config-monitor)# exit
Nexus9K(config)# no monitor session 1 shut
Nexus9K(config)#

Nexus9K(config)# sh monitor session 1
   session 1
---------------
type              : local
state             : up
acl-name          : acl-name not specified
source intf       :
    rx            : Po45          Po55
    tx            : Po45          Po55
    both          : Po45          Po55
source VLANs      :
    rx            :
    tx            :
    both          :
filter VLANs      : filter not specified
source fwd drops  :
destination ports : Eth3/32
PFC On Interfaces :

Posted by

1 comment:

  1. kevinFebruary 1, 2021 at 12:53 PM

    Thanks for the post. I saw the Cisco tech writeup about it, but good to see someone actually using it!

    ReplyDelete

Your comment will be reviewed for approval. Thank you for submitting your comments.

Subscribe to: Post Comments (Atom)