Cisco ACI SPAN Explained and Configuration

Cisco ACI SPAN Explained and Configuration

Cisco ACI SPAN Categories

In the ACI Fabric, the SPAN feature can be defined in three categories:
Access: for monitoring traffic originating from access ports in leaf nodes
Fabric: for monitoring traffic from fabric ports in leaf or spine nodes (on ports between Leafs and Spines)
Tenant: for monitoring traffic from endpoint groups (EPGs) within a tenant


ACI SPAN session Type

For each category, there are specific SPAN sessions types you can perform, the SPAN sessions are detailed in the following table:

Session Type

Sources

Filters

Destination

Access Local

Access Ports, Port-channels local to one  leaf

EPG

Port local to same leaf as sources

Access ERSPAN

Access Ports, Port-channels, VPCs among one or more leaf nodes

EPG

EPG anywhere in the fabric

Fabric ERSPAN

Fabric ports in one or mode leaf or spine nodes

BD or VRF

EPG anywhere in the fabric

Tenant ERSPAN

EPG anywhere in the fabric

EPG anywhere in the fabric


Cisco SPAN Configuration

A Cisco ACI SPAN session configuration consists of configuring 2 main policies:

  • SPAN Source groups
  • SPAN Destination groups


According to the following topology, we will SPAN traffic from the VPC connected to Leaf-101 and Leaf-102 to a destination EPG (CLD-EPG).

So, in this case: the source is vPC and the Destination is EPG, then the session type is Access ERSPAN.



SPAN Destination Group Configuration:

Navigate to: Fabric -> Access Policies -> Policies -> Troubleshooting -> SPAN -> SPAN Source Groups



Right-click on SPAN Destination Group and chose “Create SPAN Destination Group”

Destination type: Can be Access Interface or EPG.

Destination IP: IP address of your sniffer monitor. In my example: 172.29.20.20.

Source IP/Prefix: Source IP of ERSPAN packets, in my case, it can be to bridge domain IP of the destination monitor device EPG 172.29.20.1.


SPAN Source Group Configuration:

Navigate to: Fabric -> Access Policies -> Policies -> Troubleshooting -> SPAN -> SPAN Source Groups

Right-Click and Create SPAN Source Group:


Create SPAN Source Group dialog box will pop up, fill in the policy name, the Admin State, and chose the Destination group created previously.

Admin State: SPAN source state. If set to Disabled then no data is sent to the configured monitor destination.


We can specify a filter group to get only the needed traffic, for example:

Now let’s specify the SPAN sources, click on the (+) sign:


The final step is to Add the Path of the source group:

That’s it, hope that was helpful.

Note

When using Wireshark, You have Enforce to decode fake ERSPAN frame” under Edit -> Preference -> Protocols -> ERSPAN.





https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/cli/nx/cfg/b_APIC_NXOS_CLI_User_Guide/b_APIC_NXOS_CLI_User_Guide_chapter_010000.pdf

Bilel Ameur

Enthusiastic Network Engineer specializing in Cisco ACI, passionate about solving challenges. A lifelong learner who loves gaining and sharing knowledge. Profile: https://www.linkedin.com/in/bilel-ameur-71116b2b5
5 1 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x