NetFort Advertising

How to Setup SPAN Ports on Cisco Nexus Switches

etting up SPAN ports on Cisco Nexus switches

Setting up SPAN ports on Cisco Nexus switches

SPAN ports are commonly used for network traffic analysis applications. SPAN ports work by sending a copy of the traffic destined to one or more ports or VLANs to another port on the switch that has been connected to a network traffic analysis or security device. SPAN mirrors receive or send (or both) traffic on one or more source ports to a destination port for analysis.

The new generation of Cisco switches based on the Nexus platform have a slightly more complicated SPAN setup when compared to other Cisco switch platforms. In summary, you must set the mode or the destination port to monitor before you set it as a destination for the SPAN traffic.

In this blog post, we are going to look at two common network traffic monitoring scenarios and how to configure a SPAN port on a Cisco Nexus switch. For more a detailed configuration, check out this guide from the Cisco Nexus manual which looks at all SPAN options.

Monitoring a single switch port using a SPAN session

In this example, we are going to setup a SPAN port to monitor traffic going to and from the firewall. A copy of the traffic to be sent to the network traffic analyzer via its sensor port is shown as the red connection. For this  purposes, we are going to set the SPAN port as ethernet 2/10 and the firewall port as ethernet 1/1

Single-Port-SPAN

Configuration Example

switch# configure terminal
switch(config)# interface ethernet 2/10
switch(config-if)# switchport monitor
switch(config-if)# exit
switch(config)# monitor session 2
switch(config-monitor)# destination interface ethernet 2/10
switch(config-monitor)# source interface ethernet 1/1 both

Monitoring a VLAN using a SPAN session

If you want to monitor multiple servers or devices on you network, you can monitor VLANs with a SPAN session. In the next example, we are going to setup a SPAN port to monitor traffic going to and from our server VLAN. For the purposes of this example, we are going to set the SPAN port as ethernet 2/10 and we will use it to monitor VLAN 100

Monitoring a VLAN with SPAN

Configuration Example

switch# configure terminal
switch(config)# interface ethernet 2/10
switch(config-if)# switchport monitor
switch(config-if)# exit
switch(config)# monitor session 2
switch(config-monitor)# destination interface ethernet 2/10
switch(config-monitor)# source vlan 1 both

About NetFort

NetFort provides network traffic and security monitoring software for virtual and physical networks. NetFort’s flagship product, LANGuardian, is unique in the marketplace thanks to its powerful deep-packet inspection technology that can be downloaded and deployed on standard physical or virtual hardware to provide comprehensive visibility in minutes. Organizations worldwide depend on LANGuardian solutions from monitoring user activity to file activity monitoring, web activity monitoring, network security monitoring, bandwidth troubleshooting, wire data analytics, network forensics to packet capture.

To see LANGuardian in action – try our interactive demo today!