OcNOS DC : Key Features : Improved Management : Support VLAN Range in SPAN
Support VLAN Range in SPAN
Overview
The Switch Port Analyzer (SPAN) monitors the traffic on source port and sends a copy of the traffic to a destination port. The network analyzer, which is attached to the destination port, analyzes the received traffic. The source port can either be a single port or multiple ports. A replication of the packets is sent to the destination port for analysis.
The SPAN is also referred to as port mirroring or port monitoring. It is installed in Layer 2 Access Control List (ACL) group by default. It is used for monitoring Ingress MAC ACL or VLAN group. Any packet received can be monitored based on source port including Physical or MAC or VLAN port.
This is an existing VLAN monitor session feature in the OcNOS DC, enhanced in current release to support VLAN ranges.
The following two CLIs are updated to support the VLAN ranges:
filter
Feature Characteristics
The VLAN range is supported only for ingress traffic.
LIMITATIONS
The ingress port mirroring is not supported for sub-interface and Switched Virtual Interface (SVI) interface.
Benefits
Users can apply port monitoring rules for multiple source ports, multiple VLANs, and a combination of port and VLAN ranges.
Configuration
To configure an ingress VLAN monitor session using VLAN ranges, perform the following configurations:
Topology
SPAN Topology
VTEP1
 
VTEP1#configure terminal
Enter configure mode.
VTEP1(config)#hardware-profile filter ingress-mirror enable
Enable hardware profile igress mirror.
VTEP1(config)#nvo vxlan enable
Enable vxlan.
VTEP1(config)#evpn esi hold-time 60
Configure esi hold timer.
VTEP1(config)#evpn vxlan multihoming enable
Enable VxLAN multihoming.
VTEP1(config)#mac vrf VRF1
Configure MAC VRF as VRF1.
VTEP1(config-vrf)#rd 1.1.1.1:11
Configure route distinguisher value.
VTEP1(config-vrf)#route-target both 9.9.9.9:100
Configure route-target import and export.
VTEP1(config)#mac vrf VRF2
Configure MAC VRF as VRF2.
VTEP1(config-vrf)#rd 1.1.1.1:21
Configure route distinguisher value.
VTEP1(config-vrf)#route-target both 90.90.90.90:100
Configure route-target import and export.
VTEP1(config)#mac vrf VRF3
Configure MAC VRF as VRF3.
VTEP1(config-vrf)#rd 1.1.1.1:22
Configure route distinguisher value.
VTEP1(config-vrf)#route-target both 90.90.90.90:101
Configure route-target import and export.
VTEP1(config)#mac vrf VRF4
Configure MAC VRF as VRF4.
VTEP1(config-vrf)#rd 1.1.1.1:23
Configure route distinguisher value.
VTEP1(config-vrf)#route-target both 10.10.10.10:100
Configure route-target import and export.
VTEP1(config)#mac vrf VRF5
Configure MAC VRF as VRF5.
VTEP1(config-vrf)#rd 1.1.1.1:24
Configure route distinguisher value.
VTEP1(config-vrf)#route-target both 20.20.20.20:100
Configure route-target import and export.
VTEP1(config)#mac vrf VRF6
Configure MAC VRF as VRF6.
VTEP1(config-vrf)#rd 1.1.1.1:25
Configure route distinguisher value.
VTEP1(config-vrf)#route-target both 30.30.30.30:100
Configure route-target import and export.
VTEP1(config)#mac vrf VRF7
Configure MAC VRF as VRF7.
VTEP1(config-vrf)#rd 1.1.1.1:26
Configure route distinguisher value.
VTEP1(config-vrf)#route-target both 40.40.40.40:100
Configure route-target import and export.
VTEP1(config-vrf)#exit
Exit from VRF mode
VTEP1(config)#mac vrf VRF8
Configure MAC VRF as VRF8
VTEP1(config-vrf)#rd 1.1.1.1:27
Configure route distinguisher value.
VTEP1(config-vrf)#route-target both 50.50.50.50:100
Configure route-target import and export.
VTEP1(config-vrf)#exit
Exit from VRF mode.
VTEP1(config)#mac vrf VRF9
Configure MAC VRF as VRF2.
VTEP1(config-vrf)#rd 1.1.1.1:28
Configure route distinguisher value.
VTEP1(config-vrf)#route-target both 60.60.60.60:100
Configure route-target import and export.
VTEP1(config-vrf)#exit
Exit from VRF mode.
VTEP1(config)#mac vrf VRF10
Configure MAC VRF as VRF2.
VTEP1(config-vrf)#rd 1.1.1.1:29
Configure route distinguisher value.
VTEP1(config-vrf)#route-target both 70.70.70.70:100
Configure route-target import and export.
VTEP1(config-vrf)#exit
Exit from VRF mode.
VTEP1(config)#nvo vxlan vtep-ip-global 1.1.1.1
Enable VxLAN Source VTEP IPp address global configuration.
VTEP1(config)#nvo vxlan id 10 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP1(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF1
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP1(config-nvo)#exit
Exit from the VxLAN mode.
VTEP1(config)#nvo vxlan id 20 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP1(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF2
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP1(config-nvo)#exit
Exit from the VxLAN mode.
VTEP1(config)#nvo vxlan id 21 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP1(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF3
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP1(config-nvo)#exit
Exit from the VxLAN mode.
VTEP1(config)#nvo vxlan id 23 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP1(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF4
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP1(config-nvo)#exit
Exit from the VxLAN mode.
VTEP1(config)#nvo vxlan id 24 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP1(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF5
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP1(config-nvo)#exit
Exit from the VxLAN mode.
VTEP1(config)#nvo vxlan id 25 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP1(config-nvo)#VxLAN host-reachability-protocol evpn-bgp VRF6
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP1(config-nvo)#exit
Exit from the VxLAN mode.
VTEP1(config)#nvo VxLAN id 26 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP1(config-nvo)#VxLAN host-reachability-protocol evpn-bgp VRF7
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP1(config-nvo)#exit
Exit from the VxLAN mode.
VTEP1(config)#nvo VxLAN id 27 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP1(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF8
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP1(config-nvo)#exit
Exit from the VxLAN mode.
VTEP1(config)#nvo vxlan id 28 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP1(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF9
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP1(config-nvo)#exit
Exit from the VxLAN mode.
VTEP1(config)#nvo vxlan id 29 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP1(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF10
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP1(config-nvo)#exit
Exit from the VxLAN mode.
VTEP1(config)#qos enable
Enable QoS.
VTEP1(config)#hostname VTEP1
Configure system's network name as VTEP1
VTEP1(config)#interface lo
Enter loopback interface mode.
VTEP1(config-if)#ip address 1.1.1.1/32 secondary
Configure the secondary IP address of the- loopback interface
VTEP1(config)#interface xe48
Enter interface mode.
VTEP1(config-if)#load-interval 30
Configure load interval.
VTEP1(config-if)#ip address 10.10.10.1/24
Configure the IP address of the interface.
VTEP1(config-if)#exit
Exit from interface mode.
VTEP1(config)#interface xe49
Enter interface mode.
VTEP1(config-if)#switchport
Enter the switchport mode.
VTEP1(config-if)#load-interval 30
Configure load interval.
VTEP1(config-if)#exit
Exit from interface mode.
VTEP1(config)#interface xe54
Enter interface mode.
VTEP1(config-if)#switchport
Enter the switchport mode.
VTEP1(config-if)#load-interval 30
Configure load interval.
VTEP1(config-if)#exit
Exit from interface mode.
VTEP1(config)#router ospf 100
Configure router ospf process ID.
VTEP1(config-router)#ospf router-id 1.1.1.1
Configure OSPF router id
VTEP1(config-router)#bfd all-interfaces
Enable BFD all interfaces
VTEP1(config-router)#network 1.1.1.1/32 area 0.0.0.0
Configure network and area as 0
VTEP1(config-router)#network 10.10.10.0/24 area 0.0.0.0
Configure network and area as 0
VTEP1(config-router)#exit
Exit from router ospf mode
VTEP1(config)#router bgp 500
Configure router bgp AS number
VTEP1(config-router)#bgp router-id 1.1.1.1
Configure BGP router ID.
VTEP1(config-router)#neighbor 2.2.2.2 remote-as 500
Configure a neighbor router and Peer AS Specify AS number of BGP neighbor.
VTEP1(config-router)#neighbor 2.2.2.2 update-source lo
Configure a neighbor router and Source of routing updates as loopbacl
VTEP1(config-router)#neighbor 2.2.2.2 advertisement-interval 0
Configure a neighbor router and minimum interval between sending BGP routing updates
VTEP1(config-router)#address-family ipv4 unicast
Enter Address Family command mode
VTEP1(config-router-af)#network 1.1.1.1/32
Configure a network to announce via BGP
VTEP1(config-router-af)#neighbor 2.2.2.2 activate
Activate the neighbor
VTEP1(config-router-af)#exit-address-family
Exit from address family mode
VTEP1(config-router)#address-family l2vpn evpn
Enter Address Family with l2vpn evpn Identifier
VTEP1(config-router-af)#neighbor 2.2.2.2 activate
Activate the neighbor
VTEP1(config-router-af)#exit-address-family
Exit from address family mode
VTEP1(config-router)#exit
Exit from router bgp mode
VTEP1(config)#monitor session 1
Configure Ethernet SPAN session with preferences
VTEP1(config-monitor)#source interface xe49 rx
Configure source interface as Ingress
VTEP1(config-monitor)#destination interface xe54
Configure destination interface.
VTEP1(config-monitor)#10 filter vlan 2-6
Configure sequence number with filter option and specify the vlan ranges.
VTEP1(config-monitor)#no shut
Unshut a monitor session.
VTEP1(config-monitor)#exit
Exit from monitor session.
VTEP1(config)#nvo vxlan max-cache-disable 2500
Configure vxlan Max number of ARP/ND cache disable allowed for port-vlan
VTEP1(config)#nvo vxlan access-if port-vlan xe49 2
Configure VxLAN access-if single tagged interface name with VLAN id
VTEP1(config-nvo-acc-if)#map vnid 22
Map access port attribute with VxLAN Identifier.
VTEP1(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP1(config)#nvo vxlan access-if port-vlan xe49 3
Configure VxLAN access-if single tagged interface name with VLAN id
VTEP1(config-nvo-acc-if)#map vnid 23
Map access port attribute with VxLAN Identifier.
VTEP1(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP1(config)#nvo vxlan access-if port-vlan xe49 4
Configure VxLAN access-if single tagged interface name with VLAN id
VTEP1(config-nvo-acc-if)#map vnid 24
Map access port attribute with VxLAN Identifier.
VTEP1(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP1(config)#nvo vxlan access-if port-vlan xe49 5
Configure VxLAN access-if single tagged interface name with VLAN id
VTEP1(config-nvo-acc-if)#map vnid 25
Map access port attribute with VxLAN Identifier.
VTEP1(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP1(config)#nvo vxlan access-if port-vlan xe49 6
Configure VxLAN access-if single tagged interface name with VLAN id
VTEP1(config-nvo-acc-if)#map vnid 26
Map access port attribute with VxLAN Identifier.
VTEP1(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP1(config)#nvo vxlan access-if port-vlan xe49 7
Configure VxLAN access-if single tagged interface name with VLAN id
VTEP1(config-nvo-acc-if)#map vnid 27
Map access port attribute with VxLAN Identifier.
VTEP1(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP1(config)#nvo vxlan access-if port-vlan xe49 8
Configure VxLAN access-if single tagged interface name with VLAN id
VTEP1(config-nvo-acc-if)#map vnid 28
Map access port attribute with VxLAN Identifier.
VTEP1(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP1(config)#nvo vxlan access-if port-vlan xe49 9
Configure VxLAN access-if single tagged interface name with VLAN id
VTEP1(config-nvo-acc-if)#map vnid 29
Map access port attribute with VxLAN Identifier.
VTEP1(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP1(config)#nvo vxlan access-if port-vlan xe49 10
Configure VxLAN access-if single tagged interface name with VLAN id.
VTEP1(config-nvo-acc-if)#map vnid 10
Map access port attribute with VxLAN Identifier.
VTEP1(config)#nvo vxlan access-if port-vlan xe49 11
Configure VxLAN access-if single tagged interface name with VLAN id.
VTEP1(config-nvo-acc-if)#map vnid 21
Map access port attribute with VxLAN Identifier.
VTEP1(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP1(config)#nvo vxlan access-if port-vlan xe49 12
Configure VxLAN access-if single tagged interface name with VLAN id.
VTEP1(config-nvo-acc-if)#map vnid 20
Map access port attribute with VxLAN Identifier.
VTEP1(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP1(config)#commit
Commit the candidate configuration to the running configuration.
 
VTEP2
VTEP2#configure terminal
Enter configure mode.
VTEP2(config)#hardware-profile filter ingress-mirror enable
Enable hardware profile igress mirror
VTEP2(config)#nvo vxlan enable
Enable vxlan
VTEP2(config)#evpn esi hold-time 60
Config esi hold timer
VTEP2(config)#evpn vxlan multihoming enable
Enable vxlan multihoming
VTEP2(config)#mac vrf VRF1
Configure mac vrf as VRF1
VTEP2(config-vrf)#rd 2.2.2.2:11
Configure route distinguisher value.
VTEP2(config-vrf)#route-target both 9.9.9.9:100
Configure route-target import and export
VTEP2(config-vrf)#exit
Exit from vrf mode
VTEP2(config)#mac vrf VRF2
Configure mac vrf as VRF2
VTEP2(config-vrf)#rd 2.2.2.2:21
Configure route distinguisher value.
VTEP2(config-vrf)#route-target both 90.90.90.90:100
Configure route-target import and export
VTEP2(config-vrf)#exit
Exit from vrf mode
VTEP2(config)#mac vrf VRF3
Configure mac vrf as VRF3
VTEP2(config-vrf)#rd 2.2.2.2:22
Configure route distinguisher value.
VTEP2(config-vrf)#route-target both 90.90.90.90:101
Configure route-target import and export
VTEP2(config-vrf)#exit
Exit from vrf mode
VTEP2(config)#mac vrf VRF4
Configure mac vrf as VRF4
VTEP2(config-vrf)#rd 2.2.2.2:23
Configure route distinguisher value.
VTEP2(config-vrf)#route-target both 10.10.10.10:100
Configure route-target import and export
VTEP2(config-vrf)#exit
Exit from vrf mode
VTEP2(config)#mac vrf VRF5
Configure mac vrf as VRF5
VTEP2(config-vrf)#rd 2.2.2.2:24
Configure route distinguisher value.
VTEP2(config-vrf)#route-target both 20.20.20.20:100
Configure route-target import and export
VTEP2(config-vrf)#exit
Exit from vrf mode
VTEP2(config)#mac vrf VRF6
Configure mac vrf as VRF6
VTEP2(config-vrf)#rd 2.2.2.2:25
Configure route distinguisher value.
VTEP2(config-vrf)#route-target both 30.30.30.30:100
Configure route-target import and export
VTEP2(config-vrf)#exit
Exit from vrf mode
VTEP2(config)#mac vrf VRF7
Configure mac vrf as VRF7
VTEP2(config-vrf)#rd 2.2.2.2:26
Configure route distinguisher value.
VTEP2(config-vrf)#route-target both 40.40.40.40:100
Configure route-target import and export
VTEP2(config-vrf)#exit
Exit from vrf mode
VTEP2(config)#mac vrf VRF8
Configure mac vrf as VRF8
VTEP2(config-vrf)#rd 2.2.2.2:27
Configure route distinguisher value.
VTEP2(config-vrf)#route-target both 50.50.50.50:100
Configure route-target import and export
VTEP2(config-vrf)#exit
Exit from vrf mode
VTEP2(config)#mac vrf VRF9
Configure mac vrf as VRF9
VTEP2(config-vrf)#rd 2.2.2.2:28
Configure route distinguisher value.
VTEP2(config-vrf)#route-target both 60.60.60.60:100
Configure route-target import and export
VTEP2(config-vrf)#exit
Exit from vrf mode
VTEP2(config)#mac vrf VRF10
Configure mac vrf as VRF10
VTEP2(config-vrf)#rd 2.2.2.2:29
Configure route distinguisher value.
VTEP2(config-vrf)#route-target both 70.70.70.70:100
Configure route-target import and export
VTEP2(config-vrf)#exit
Exit from vrf mode
VTEP2(config)#nvo vxlan vtep-ip-global 2.2.2.2
Enable vxlan Source Vtep Ip address global configuration
VTEP2(config)#nvo vxlan id 10 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP2(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF1
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP2(config-nvo)#exit
Exit from the VxLAN mode.
VTEP2(config)#nvo vxlan id 20 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP2(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF2
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP2(config-nvo)#exit
Exit from the VxLAN mode.
VTEP2(config)#nvo vxlan id 21 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP2(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF3
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP2(config-nvo)#exit
Exit from the VxLAN mode.
VTEP2(config)#nvo vxlan id 22 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP2(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF3
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP2(config-nvo)#exit
Exit from the VxLAN mode.
VTEP2(config)#nvo vxlan id 23 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP2(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF4
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP2(config-nvo)#exit
Exit from the VxLAN mode.
VTEP2(config)#nvo vxlan id 24 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP2(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF5
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP2(config-nvo)#exit
Exit from the VxLAN mode.
VTEP2(config)#nvo vxlan id 25 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP2(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF6
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP2(config-nvo)#exit
Exit from the VxLAN mode.
VTEP2(config)#nvo vxlan id 26 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP2(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF7
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP2(config-nvo)#exit
Exit from the VxLAN mode.
VTEP2(config)#nvo vxlan id 27 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP2(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF8
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP2(config-nvo)#exit
Exit from the VxLAN mode.
VTEP2(config)#nvo vxlan id 28 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP2(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF9
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP2(config-nvo)#exit
Exit from the VxLAN mode.
VTEP2(config)#nvo vxlan id 29 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP2(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF10
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP2(config-nvo)#exit
Exit from the VxLAN mode.
VTEP2(config)#qos enable
Enable QoS.
VTEP2(config)#hostname VTEP2
Configure system's network name as VTEP2.
VTEP2(config)#interface lo
Enter loopback interface mode.
VTEP2(config-if)#ip address 2.2.2.2/32 secondary
Configure the secondary IP address of the loopback interface.
VTEP2(config-if)#exit
Exit from interface mode.
VTEP2(config)#interface xe47
Enter interface mode.
VTEP2(config-if)#switchport
Enter the switchport mode.
VTEP2(config-if)#load-interval 30
Configure load interval.
VTEP2(config-if)#exit
Exit from interface mode.
VTEP2(config)#interface xe48
Enter interface mode.
VTEP2(config-if)#ip address 30.30.30.1/24
Configure the IP address of the interface.
VTEP2(config-if)#exit
Enter interface mode.
VTEP2(config)#interface xe57
Enter interface mode.
VTEP2(config-if)#switchport
Enter the switchport mode.
VTEP2(config-if)#load-interval 30
Configure load interval.
VTEP2(config-if)#exit
Exit from interface mode.
VTEP2(config)#router ospf 100
Configure router ospf process ID.
VTEP2(config-router)#ospf router-id 2.2.2.2
Configure OSPF router ID.
VTEP2(config-router)#bfd all-interfaces
Enable BFD all interfaces.
VTEP2(config-router)#network 2.2.2.2/32 area 0.0.0.0
Configure network and area as 0.
VTEP2(config-router)#network 30.30.30.0/24 area 0.0.0.0
Configure network and area as 0.
VTEP2(config-router)#exit
Exit from router OSPF mode.
VTEP2(config)#router bgp 500
Configure router BGP AS number.
VTEP2(config-router)#bgp router-id 2.2.2.2
Configure BGP router ID.
VTEP2(config-router)#neighbor 1.1.1.1 remote-as 500
Configure a neighbor router and Peer AS Specify AS number of BGP neighbor.
VTEP2(config-router)#neighbor 1.1.1.1 update-source lo
Configure a neighbor router and Source of routing updates as loopback.
VTEP2(config-router)#neighbor 1.1.1.1 advertisement-interval 0
Configure a neighbor router and minimum interval between sending BGP routing updates.
VTEP2(config-router)#address-family ipv4 unicast
Enter Address Family command mode.
VTEP2(config-router-af)#network 2.2.2.2/32
Configure a network to announce via BGP.
VTEP2(config-router-af)#neighbor 1.1.1.1 activate
Activate the neighbor.
VTEP2(config-router-af)#exit-address-family
Exit from address family mode.
VTEP2(config-router)#address-family l2vpn evpn
Enter Address Family with l2vpn evpn Identifier.
VTEP2(config-router-af)#neighbor 1.1.1.1 activate
Activate the neighbor.
VTEP2(config-router-af)#exit-address-family
Exit from address family mode.
VTEP2(config-router)#exit
Exit from router bgp mode.
VTEP2(config)#nvo vxlan max-cache-disable 2500
Configure vxlan Max number of ARP/ND cache disable allowed for port-vlan.
VTEP2(config)#nvo vxlan access-if port-vlan xe47 2
Configure VxLAN access-if single tagged interface name with VLAN id.
VTEP2(config-nvo-acc-if)#map vnid 22
Map access port attribute with VxLAN Identifier.
VTEP2(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP2(config)#nvo vxlan access-if port-vlan xe47 3
Configure VxLAN access-if single tagged interface name with VLAN id.
VTEP2(config-nvo-acc-if)#map vnid 23
Map access port attribute with VxLAN Identifier.
VTEP2(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP2(config)#nvo vxlan access-if port-vlan xe47 4
Configure VxLAN access-if single tagged interface name with VLAN id.
VTEP2(config-nvo-acc-if)#map vnid 24
Map access port attribute with VxLAN Identifier.
VTEP2(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP2(config)#nvo vxlan access-if port-vlan xe47 5
Configure VxLAN access-if single tagged interface name with VLAN id.
VTEP2(config-nvo-acc-if)#map vnid 25
Map access port attribute with VxLAN Identifier.
VTEP2(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP2(config)#nvo vxlan access-if port-vlan xe47 6
Configure VxLAN access-if single tagged interface name with VLAN id.
VTEP2(config-nvo-acc-if)#map vnid 26
Map access port attribute with VxLAN Identifier.
VTEP2(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP2(config)#nvo vxlan access-if port-vlan xe47 7
Configure VxLAN access-if single tagged interface name with VLAN id.
VTEP2(config-nvo-acc-if)#map vnid 27
Map access port attribute with VxLAN Identifier.
VTEP2(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP2(config)#nvo vxlan access-if port-vlan xe47 8
Configure VxLAN access-if single tagged interface name with VLAN id.
VTEP2(config-nvo-acc-if)#map vnid 28
Map access port attribute with VxLAN Identifier.
VTEP2(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP2(config)#nvo vxlan access-if port-vlan xe47 9
Configure VxLAN access-if single tagged interface name with VLAN id.
VTEP2(config-nvo-acc-if)#map vnid 29
Map access port attribute with VxLAN Identifier.
VTEP2(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP2(config)#nvo vxlan access-if port-vlan xe47 10
Configure VxLAN access-if single tagged interface name with VLAN id.
VTEP2(config-nvo-acc-if)#map vnid 10
Map access port attribute with VxLAN Identifier.
VTEP2(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP2(config)#nvo vxlan access-if port-vlan xe47 11
Configure VxLAN access-if single tagged interface name with VLAN id
VTEP2(config-nvo-acc-if)#map vnid 21
Map access port attribute with VxLAN Identifier.
VTEP2(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP2(config)#nvo vxlan access-if port-vlan xe47 12
Configure VxLAN access-if single tagged interface name with VLAN id
VTEP2(config-nvo-acc-if)#map vnid 20
Map access port attribute with VxLAN Identifier.
VTEP2(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP2(config)#commit
Commit the candidate configuration to the running configuration.
 
Validation
Verify OSPF neighbors
VTEP1#show ip ospf neighbor
 
Total number of full neighbors: 1
OSPF process 100 VRF(default):
Neighbor ID Pri State Dead Time Address Interface Instance ID
11.11.11.11 1 Full/DR 00:00:29 10.10.10.2 xe48 0
VTEP1#
 
Checking the IP Routes
VTEP1#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
 
IP Route Table for VRF "default"
C 1.1.1.1/32 is directly connected, lo, 01:21:26
O 2.2.2.2/32 [110/3] via 10.10.10.2, xe48, 01:15:25
C 10.10.10.0/24 is directly connected, xe48, 01:16:11
O 11.11.11.11/32 [110/2] via 10.10.10.2, xe48, 01:15:25
C 20.20.20.0/24 is directly connected, xe52, 01:20:42
O 30.30.30.0/24 [110/2] via 10.10.10.2, xe48, 01:15:25
C 127.0.0.0/8 is directly connected, lo, 01:21:26
 
Gateway of last resort is not set
VTEP1#
VTEP1#
VTEP1#
 
 
 
 
 
 
Verify the BGP neighbors
VTEP1#show ip bgp neighbors
BGP neighbor is 2.2.2.2, remote AS 500, local AS 500, internal link, peer index: 12
BGP version 4, local router ID 1.1.1.1, remote router ID 2.2.2.2
BGP state = Established, up for 01:15:26
Last read 00:00:18, hold time is 90, keepalive interval is 30 seconds
Neighbor capabilities:
Route refresh: advertised and received (old and new)
Address family IPv4 Unicast: advertised and received
Address family L2VPN EVPN: advertised and received
Received 527 messages, 0 notifications, 0 in queue
Sent 502 messages, 0 notifications, 0 in queue
Route refresh request: received 0, sent 0
Minimum time between advertisement runs is 0 seconds
Update source is lo
 
For address family: IPv4 Unicast BGP table version 2, neighbor version 2
Index 1, Offset 0, Mask 0x2
AIGP is enabled
Community attribute sent to this neighbor (both)
Large Community attribute sent to this neighbor
1 accepted prefixes
1 announced prefixes
 
 
For address family: L2VPN EVPN BGP table version 96, neighbor version 95
Index 1, Offset 0, Mask 0x2
Community attribute sent to this neighbor (both)
 
.skipping 1 line
31 accepted prefixes
Accepted AD:0 MACIP:20 MCAST:11 ESI:0 PREFIX:0
21 announced prefixes
 
Connections established 1; dropped 0
Local host: 1.1.1.1, Local port: 179
Foreign host: 2.2.2.2, Foreign port: 38227
TCP MSS: (0), Advertise TCP MSS: (1460), Send TCP MSS: (1460), Receive TCP MSS: (1460)
Sock FD : (22)
Nexthop: 1.1.1.1
Nexthop global: ::
Nexthop local: ::
BGP connection: non shared network
 
 
 
 
 
 
 
Verify the VxLAN access-if
 
VTEP1#show nvo vxlan access-if brief
 
Inner Admin Link
Interface Vlan vlan Ifindex Vnid status status
-----------------------------------------------------------
xe49 2 --- 0x7a120 22 up up
xe49 3 --- 0x7a121 23 up up
xe49 4 --- 0x7a122 24 up up
xe49 5 --- 0x7a123 25 up up
xe49 6 --- 0x7a124 26 up up
xe49 7 --- 0x7a125 27 up up
xe49 8 --- 0x7a126 28 up up
xe49 9 --- 0x7a127 29 up up
xe49 10 --- 0x7a128 10 up up
xe49 11 --- 0x7a129 21 up up
xe49 12 --- 0x7a12a 20 up up
 
Total number of entries are 11
 
Note: Refer sub-interface config for VLAN information.
 
Verify the VxLAN tunnel
VTEP1#
VTEP1#
VTEP1#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
========================================================================
1.1.1.1 2.2.2.2 Installed 01:15:37 01:15:37
 
Total number of entries are 1
VTEP1#
 
Verify the VxLAN
 
VTEP1#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged
 
VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status Src-Addr Dst-Addr
_______________________________________________________________________________________________________________________________
10 ---- L2 NW ---- ---- ---- ---- 1.1.1.1 2.2.2.2
10 ---- -- AC xe49 --- Single Homed Port --- 10 ---- ---- ----
20 ---- L2 NW ---- ---- ---- ---- 1.1.1.1 2.2.2.2
20 ---- -- AC xe49 --- Single Homed Port --- 12 ---- ---- ----
21 ---- L2 NW ---- ---- ---- ---- 1.1.1.1 2.2.2.2
21 ---- -- AC xe49 --- Single Homed Port --- 11 ---- ---- ----
22 ---- L2 NW ---- ---- ---- ---- 1.1.1.1 2.2.2.2
22 ---- -- AC xe49 --- Single Homed Port --- 2 ---- ---- ----
23 ---- L2 NW ---- ---- ---- ---- 1.1.1.1 2.2.2.2
23 ---- -- AC xe49 --- Single Homed Port --- 3 ---- ---- ----
24 ---- L2 NW ---- ---- ---- ---- 1.1.1.1 2.2.2.2
24 ---- -- AC xe49 --- Single Homed Port --- 4 ---- ---- ----
25 ---- L2 NW ---- ---- ---- ---- 1.1.1.1 2.2.2.2
25 ---- -- AC xe49 --- Single Homed Port --- 5 ---- ---- ----
26 ---- L2 NW ---- ---- ---- ---- 1.1.1.1 2.2.2.2
26 ---- -- AC xe49 --- Single Homed Port --- 6 ---- ---- ----
27 ---- L2 NW ---- ---- ---- ---- 1.1.1.1 2.2.2.2
27 ---- -- AC xe49 --- Single Homed Port --- 7 ---- ---- ----
28 ---- L2 NW ---- ---- ---- ---- 1.1.1.1 2.2.2.2
28 ---- -- AC xe49 --- Single Homed Port --- 8 ---- ---- ----
29 ---- L2 NW ---- ---- ---- ---- 1.1.1.1 2.2.2.2
29 ---- -- AC xe49 --- Single Homed Port --- 9 ---- ---- ----
 
Total number of entries are 22
 
Note: Refer sub-interface config for VLAN information.
 
 
 
 
 
Verify the interface counters
VTEP1#
 
VTEP1#show interface counters rate mbps
+-------------------+--------------+-------------+--------------+-------------+
| Interface | Rx mbps | Rx pps | Tx mbps | Tx pps |
+-------------------+--------------+-------------+--------------+-------------+
xe48 42.73 30012 14.25 10011
xe49 41.60 40625 10.24 10000
xe54 0.00 0 20.80 20312
VTEP1#
 
Validation for Port Mirroring
Verify the monitor
 
VTEP1#show monitor
Session State Reason Description
------- ----------- ---------------------- --------------------------------
1 up The session is up
VTEP1#
 
Verify the monitor session
 
VTEP1#show monitor session 1
session 1
---------------
type : local
state : up
source intf :
tx :
rx : xe49
both :
source VLANs :
rx :
destination ports : xe54
filter count : 1
 
Legend: f = forwarding enabled, l = learning enabled
 
VTEP1#
 
VTEP1#show monitor session 1 brief
session 1
---------------
type : local
state : up
source intf :
tx :
rx : xe49
both :
destination ports : xe54
filter count : 1
 
VTEP1#
 
VTEP1#show monitor session 1 filter
session 1
---------------
filter count : 1
 
---------------
match set 1
---------------
Sequence number : 10 vlan : 2-6
 
VTEP1#
 
END
Revised CLI Commands
hardware-profile filter (XGS)
The existing hardware-profile filter CLI syntax is updated as follows:
hardware-profile filter port-isolation (ingress-ipv4|ingress-ipv6|egress-ipv6|ingress-arp|bfd-group) (enable|disable)
to
hardware-profile filter port-isolation (ingress-mirror|ingress-ipv4|ingress-ipv6|egress-ipv6|ingress-arp|bfd-group) (enable|disable)
Refer to hardware-profile filter (XGS) CLI section for more details.
Use the new filter ingress-mirror profile for port mirroring when monitor session is installed with filters. when the specified filter profile is not enabled, port mirror uses default L2 group.
Command Syntax
hardware-profile filter ingress-mirror (disable | enable)
Parameter Description
enable
Enable the ingress TCAM group for port-mirroring
disable
Disable the ingress TCAM group for port-mirroring
Default Value
N/A
Applicability
This command was introduced in OcNOS Version 6.4.1.
Command Mode
Configure mode
Example
OcNOS#configure terminal
OcNOS(config)#hardware-profile filter ingress-mirror enable
filter
The existing filter CLI syntax is updated as follows:
filter {vlan <2-4094> | cos <0-7> ...
(<1-268435453>/<1-4294967294> |) filter {vlan <2-4094>| cos <0-7> | dest-mac (host XXXX.XXXX.XXXX | XXXX.XXXX.XXXX XXXX.XXXX.XXXX) | src-mac (host XXXX.XXXX.XXXX | XXXX.XXXX.XXXX XXXX.XXXX.XXXX) | frame-type (ETHTYPE | arp (req | resp|) (sender-ip A.B.C.D|) (target-ip A.B.C.D|) | ipv4 (src-ip (A.B.C.D | A.B.C.D/M)|) (dest-ip (A.B.C.D | A.B.C.D/M)|) | ipv6 (src-ip X:X::X:X/M |) (dest-ip X:X::X:X/M |))}
to
(<1-268435453>/<1-4294967294> |) filter {vlan VLAN_RANGE|inner-vlan VLAN_RANGE| cos <0-7> | dest-mac (host XXXX.XXXX.XXXX | XXXX.XXXX.XXXX XXXX.XXXX.XXXX) | src-mac (host XXXX.XXXX.XXXX | XXXX.XXXX.XXXX XXXX.XXXX.XXXX) | frame-type (ETHTYPE | arp (req | resp|) (sender-ip A.B.C.D|) (target-ip A.B.C.D|) | ipv4 (src-ip (A.B.C.D | A.B.C.D/M)|) (dest-ip (A.B.C.D | A.B.C.D/M)|) | ipv6 (src-ip X:X::X:X/M |) (dest-ip X:X::X:X/M |))}
Refer to filter CLI section for more details.
Command Syntax
(<1-268435453>/<1-4294967294> |) filter {vlan VLAN_RANGE| cos <0-7> | dest-mac (host XXXX.XXXX.XXXX | XXXX.XXXX.XXXX XXXX.XXXX.XXXX) | src-mac (host XXXX.XXXX.XXXX | XXXX.XXXX.XXXX XXXX.XXXX.XXXX) | frame-type (ETHTYPE | arp (req | resp|) (sender-ip A.B.C.D|) (target-ip A.B.C.D|) | ipv4 (src-ip (A.B.C.D | A.B.C.D/M)|) (dest-ip (A.B.C.D | A.B.C.D/M)|) | ipv6 (src-ip X:X::X:X/M |) (dest-ip X:X::X:X/M |))}
no (<1-268435453>/<1-4294967294>) filter
Parameters
 
(<1-268435453>/<1-4294967294> |)
 
Sequence identifier for each rule.
Inner-vLAN
Specify Inner VLAN ID or range(s)
VLAN_RANGE
VLAN ID 2-4094 or range(s): 2-5,10 or 2-5,7-19
<0-7>
COS number
XXXX.XXXX.XXXX
MAC address
ETHTYPE
Ethertype
arp
ARP frames
req
Request frames
resp
Response frames
A.B.C.D
Single IP address
A.B.C.D/M
IP addresses with mask
X:X::X:X/M
IPv6 addresses with mask
Default
No default value is specified.
Command Mode
Monitor configure mode
Applicability
This command was introduced before OcNOS version 1.3. The VLAN_RANGE option is available from OcNOS version 6.4.0.
Example
#configure terminal
(config)#monitor session 3
(config-monitor)#35 filter vlan 10-20,50
Abbreviations
Acronym
Expantion
ACL
Access Control List
MAC
Media Access Control
SPAN
Switch Port Analyzer
VLAN
Virtual LAN
VxLAN
Virtual eXtensible Local Area Network