Encapsulated Remote Switched Port Analyzer (ERSPAN) is a technique to mirror traffic over L3 network. Traffic will be encapsulated at the source end and then decapsulated at the destination end. In this lesson, we will learn to configure ERSPAN in Nexus switches.
I will present a sample configuration based on below diagram. Hope it will be helpful.
Goal:
We will capture traffic from interface e1/2 on NX-01 switch and will send that capture on e2/4 interface (NX-02).
Configuration:
Let’s configure source switch (NX-01), based on Cisco recommendation.
NX-01(config)# monitor session 10 type erspan-source NX-01(config-erspan-src)# erspan-id 20 NX-01(config-erspan-src)# vrf default NX-01(config-erspan-src)# destination ip 2.2.2.2 NX-01(config-erspan-src)# source interface ethernet e1/2 both NX-01(config-erspan-src)# no shut NX-01(config-erspan-src)# exit NX-01(config)# monitor erspan origin ip-address 1.1.1.1 global
++ Erspan-ID must need to be same on the source and destination end.
++ By default “monitor session” is disabled, you need to run “no shutdown” to enable it.
Now, we will configure destination switch (NX-02).
NX-02(config)# monitor session 10 type erspan-destination NX-02(config-erspan-dst)# erspan-id 20 NX-02(config-erspan-dst)# source ip 2.2.2.2 NX-02(config-erspan-dst)# destination interface e2/4 NX-02(config-erspan-dst)# no shut NX-02(config-erspan-dst)# exit
Our configuration is done. Now, we need to connect an analyzer at e2/3 port on the destination switch (NX-02) and we will get the capture data.
This is how to configure ERSPAN in Nexus switches. Let me know if you have any questions.
Reference:
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide.
I love above Switching topics, I am eager to learn more on Security and Data Center environments.