Multiple destinations are not supported on ERSPAN, or SPAN-on-Latency sessions.Note
SPAN with ACL
The SPAN with ACL filtering feature allows you to filter SPAN traffic so that you can reduce bandwidth
congestion. To configure SPAN with ACL filtering, you use ACL’s for the session to filter out traffic that
you do not want to span. An ACL is a list of permissions associated to any entity in the system; in the context
of a monitoring session, an ACL is a list of rules which results in spanning only the traffic that matches the
ACL criteria, saving bandwidth for more meaningful data. The filter can apply to all sources in the session.
SPAN on Drop
The SPAN-on-drop feature enables the spanning of packets which would normally be dropped due to
unavailable buffer or queue space on ingress. Instead of dropping a packet when congestion occurs, the system
stores the packet in a separate SPAN-on-drop buffer and then sends the packet to the specified SPAN-on-drop
destination port.
SPAN-on-Latency Sessions
The SPAN-on-Latency feature allows the system to SPAN packets that exceed a pre-configured latency
threshold.
For high-latency flows the system can be configured to send a copy to any pre-configured SPAN destination.
This creates a data set for analytics that can be used to check which applications are impacted by increased
latency in the network. This feature can also be used to identify traffic flows that experience congestion.
Packets exceeding the latency measurements, egressing out of the source port only will be spanned.
SPAN copies can be transported to a local analyzer port, or remote analyzer using IPFIX/ERSPAN
encapsulation. The SPAN copies can be truncated to save bandwidth.
Note
Guidelines and Limitations for SPAN
SPAN is not supported on a management interface.
If an interface is configured as a source port for a SPAN session, either directly as a source interface or
indirectly as part of a port-channel, traffic from this interface will not be visible in VLAN SPAN sessions that
include this interface as part of a configured VLAN. This limitation occurs as the Ternary Content-Addressable
Memory (TCAM) entries for interface SPAN sources are always programmed before the TCAM entries for
VLAN SPAN sources.
SPAN traffic is rate-limited as follows on Cisco Nexus devices to prevent a negative impact to production
traffic:
Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x
178 OL-31641-01
Configuring SPAN
SPAN with ACL
To Next Page
Loading...
