Cisco Nexus 5600 Series Configuration Manual page 220

Guidelines and Limitations for ERSPAN
• The maximum number of VLANs per session is 32.
• You can have source ports, source VLANs, and source VSANs in one ERSPAN session.
• ERSPAN can monitor ingress, egress, or both ingress and egress traffic on a source port and only ingress
traffic on source VLANs or source VSANs as long as the VLAN is not mapped to a VSAN. ERSPAN
cannot monitor egress traffic on source VLANs and VSANs.
• To bring up an ERSPAN monitor session, you must first configure a global origin address using the
monitor erspan origin ip-address ip-address global command.
• Source ports and source VLANs can be in the same ERSPAN session.
• ERSPAN traffic can exit the switch through a Layer 2 interface, Layer 3 interface, port channel, or
FabricPath core port.
• A destination IP address of a remote switch cannot be reached through a virtual Ethernet port or FEX
port. This functionality is not supported.
• Configuring a FEX interface as a destination port for ERSPAN is not supported.
• ERSPAN traffic is not load balanced if the reachability to a destination IP address is a Layer 3 ECMP
or a port channel. In the case of ECMP, the ERSPAN traffic is sent to only one next-hop router or one
member of the port channel.
• ERSPAN supports Fast Ethernet, Gigabit Ethernet, TenGigabit Ethernet, and port channel interfaces as
source ports for a source session.
• When a session is configured through the ERSPAN configuration commands, the session ID and the
session type cannot be changed. In order to change them, you must first use the no version of the
configuration command to remove the session and then reconfigure the session.
• ERSPAN traffic might compete with regular data traffic.
• ERSPAN traffic is assigned to the QoS class-default system class (qos-group 0).
• To ensure that data traffic is prioritized over ERSPAN traffic, you can create a QoS system class with
prioritization above the class-default system class on the ERSPAN destination port.
On Layer 3 networks, ERSPAN traffic can be marked with a the desired Differentiated Services Code
Point (DSCP) value using the ip dscp command. By default, ERSPAN traffic is marked with a DSCP
value of 0.
• The rate limit command is not supported.
• ERSPAN is not supported on a management interface.
The following limitations apply to ERSPAN source sessions Access Control Lists (ACL) configurations:
• The SPAN session ignores any permit or deny actions specified in the access-list, and spans only the
packets that match the access-list filter criteria.
• ACLs are supported on ERSPAN source sessions only. ACLs are not supported on ERSPAN destination
sessions.
• Due to system limitations, the extent to which an ACL associated to ERSPAN session can scale depends
on the how the SPAN source is configured. The following table shows different scenarios and the
corresponding maximum ACL size supported.
Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x
198
Configuring ERSPAN
OL-31641-01