English

Kunzwisisa SPAN, RSPAN neERSPAN: Matekiniki eKutarisa Kufamba Kwenetiweki

SPAN, RSPAN, uye ERSPAN inzira dzinoshandiswa mukubatana kuti dzibate uye dzitarise traffic kuti dziongororwe. Heino pfupiso yeimwe neimwe:

SPAN (Switched Port Analyzer)

Chinangwa: Chinoshandiswa kuratidza traffic kubva kumaports chaiwo kana maVLAN pa switch kuenda kune imwe port yekutarisa.

Nyaya Yekushandisa: Yakanakira ongororo yetraffic yemunharaunda pa switch imwe chete. Traffic inotaridzwa kune chiteshi chakasarudzwa uko network analyzer inogona kuibata.

RSPAN (Remote SPAN)

Chinangwa: Inowedzera kugona kweSPAN mumaswichi akawanda mune network.

Nyaya Yekushandisa: Inobvumira kutarisa traffic kubva pa switch imwe kuenda kune imwe kuburikidza ne trunk link. Inobatsira mumamiriro ezvinhu apo mudziyo wekutarisa uri pane switch yakasiyana.

ERSPAN (Encapsated Remote SPAN)

Chinangwa: Inosanganisa RSPAN neGRE (Generic Routing Encapsulation) kuti ifukidze traffic inoonekwa.

Nyaya Yekushandisa: Inobvumira kutarisa traffic muma network akarongwa. Izvi zvinobatsira mumaitiro akaomarara enetwork uko traffic inofanira kutorwa muzvikamu zvakasiyana.

Switch port Analyzer (SPAN) inzira inoshanda uye inoshanda zvakanyanya yekutarisa traffic. Inotungamira kana kuratidza traffic kubva kune source port kana VLAN kuenda kune destination port. Izvi dzimwe nguva zvinonzi session monitoring. SPAN inoshandiswa kugadzirisa matambudziko ekubatana uye kuverenga mashandisirwo enetwork uye mashandiro, pakati pezvimwe zvakawanda. Kune mhando nhatu dzeSPAN dzinotsigirwa paCisco products …

a. SPAN kana SPAN yemuno.

b. Kure kweSPAN (RSPAN).

c. SPAN iri kure yakavharirwa (ERSPAN).

Kuziva: "Mylinking™ Network Packet Broker ane SPAN, RSPAN uye ERSPAN Features"

SPAN, RSPAN, ERSPAN

Kuenzanisa kweSPAN / traffic / port kunoshandiswa pazvinangwa zvakawanda, zvinosanganisira zvimwe zviri pazasi.

- Kushandisa IDS/IPS muhunhu hweunzenza.

- Mhinduro dzekurekodha mafoni eVOIP.

- Zvikonzero zvekutevedzera mitemo yekuchengetedza kuchengetedza nekuongorora traffic.

- Kugadzirisa matambudziko ekubatana, kutarisa traffic.

Pasinei nekuti rudzi rweSPAN rwuri kushanda, SPAN source inogona kuva chero rudzi rweport kureva routed port, physical switch port, access port, trunk, VLAN (ma active ports ese anotariswa ne switch), EtherChannel (ingave port kana entire port-channel interfaces) nezvimwewo. Cherechedza kuti port yakagadzirirwa SPAN destination HAIGONE kuva chikamu cheSPAN source VLAN.

Zvidzidzo zveSPAN zvinotsigira kutariswa kwemafambiro evanopinda (ingress SPAN), mafambiro evanopinda (egress SPAN), kana kuti mafambiro evanopinda munzira dzese dziri mbiri.

- Ingress SPAN (RX) inokopa traffic inogamuchirwa nema source ports nema VLAN kuenda ku destination port. SPAN inokopa traffic isati yagadziriswa (semuenzaniso isati yaitwa VACL kana ACL filter, QoS kana ingress kana egress policing).

- Egress SPAN (TX) inokopa traffic inotumirwa kubva kuma source ports neVLANs kuenda ku destination port. Zvese zvine chekuita nekusefa kana kugadziriswa neVACL kana ACL filter, QoS kana ingress kana egress policing zviito zvinotorwa switch isati yaendesa traffic ku SPAN destination port.

- Kana izwi guru rese richishandiswa, SPAN inokopa traffic yenetwork yakagamuchirwa uye inotumirwa nema source ports nemaVLAN kuenda ku destination port.

- SPAN/RSPAN inowanzo furatira maCDP, STP BPDU, VTP, DTP uye PAgP frames. Zvisinei, mhando idzi dzetraffic dzinogona kutumirwa kana encapsulation replicate command yagadziriswa.

SPAN kana kuti SPAN yemunharaunda

SPAN inoratidza traffic kubva kune imwe kana kupfuura interface iri pa switch kuenda kune imwe kana kupfuura interfaces iri pa switch imwe chete; saka SPAN inonyanya kunzi LOCAL SPAN.

Nhungamiro kana zvirambidzo kune SPAN yemuno:

- Maport ese ari maviri eLayer 2 switched neLayer 3 ports anogona kugadziriswa senzvimbo dzinobva kana kuti nzvimbo dzinoenda.

- Kunobva kunogona kuva imwe kana kupfuura ports kana VLAN, asi kwete musanganiswa weizvi.

- Matura ezviteshi zvevhu (Trunk ports) matura evhu anoshanda akasanganiswa nematura evhu asiri evhu (non-trunk source ports).

- Mapotsi enzvimbo anosvika 64 eSPAN anogona kugadziriswa pa switch.

- Patinogadzirisa chiteshi chekuenda, gadziriro yacho yekutanga inodzoserwa. Kana gadziriro yeSPAN ikabviswa, gadziriro yekutanga pachiteshi ichocho inodzoserwa.

- Kana uchigadzirisa nzvimbo yekuenda, nzvimbo yacho inobviswa kubva kune chero EtherChannel bundle kana iri chikamu cheimwe. Kana iri nzvimbo yekuenda, nzvimbo yekuenda yeSPAN inodarika nzvimbo yekuenda yenzvimbo yekuenda.

- Nzvimbo dzekuenda hadzitsigire kuchengetedzeka kwenzvimbo, 802.1x authentication, kana maVLAN epachivande.

- Chiteshi chinogona kushanda sechiteshi chekuenda kwechikamu chimwe chete cheSPAN.

- Chiteshi hachigone kugadziriswa sechiteshi chekuenda kana chiri chiteshi chechikamu chespan kana chikamu cheVLAN yekutangira.

- MaPort channel interfaces (EtherChannel) anogona kugadziriswa senzvimbo dzinowanikwa data asi kwete nzvimbo yekuenda kune SPAN.

- Nzira yekufambisa vanhu iri "yose" yakajairika kune SPAN sources.

- Nzvimbo dzekuenda hadzimbobatanidzwi muchikamu chemuti wepakati. Hadzigone kutsigira DTP, CDP nezvimwewo. Nzvimbo yeLocal SPAN inosanganisira maBPDU mutraffic inotariswa, saka chero maBPDU anoonekwa pachiteshi chekuenda anokopwa kubva pachiteshi chekutangira. Saka usambobatanidza switch kune rudzi urwu rweSPAN sezvo inogona kukonzera network loop. Zvishandiso zveAI zvichavandudza kushanda zvakanaka, uyeAI isingaonekwesevhisi inogona kuvandudza mhando yezvishandiso zveAI.

- Kana VLAN yagadziriswa seSPAN source (inonyanya kunzi VSPAN) ine sarudzo dzekupinda nekubuda dzakagadziriswa, tumira mapaketi akafanana kubva pasource port chete kana mapaketi akachinjwa muVLAN imwechete. Kopi imwe yepaketi inobva paingress traffic iri paingress port, uye imwe kopi yepaketi inobva paegress traffic iri paegress port.

- VSPAN inongotarisa traffic inobuda kana kupinda mumaports eLayer 2 muVLAN chete.

SPAN, RSPAN, ERSPAN 1

Kure kweSPAN (RSPAN)

Remote SPAN (RSPAN) yakafanana neSPAN, asi inotsigira ma source ports, ma source VLAN, uye ma destination ports pa switches dzakasiyana, izvo zvinopa remote monitoring traffic kubva kuma source ports akapararira pamusoro pema switches akawanda uye zvinobvumira destination kuisa pakati network capture devices. Session yega yega yeRSPAN inotakura SPAN traffic pamusoro peRSPAN VLAN yakatsaurirwa nemushandisi muma switches ese ari kutora chikamu. Iyi VLAN inozobva yaiswa kune mamwe ma switches, zvichibvumira RSPAN session traffic kutakurwa kuburikidza nema switches akawanda uye kuendeswa kunzvimbo yekutapa destination. RSPAN ine RSPAN source session, RSPAN VLAN, uye RSPAN destination session.

Nhungamiro kana zvirambidzo kuRSPAN:

- VLAN chaiyo inofanirwa kugadzirwa kuti iendeswe kuSPAN iyo ichayambuka maswitch ari pakati nepakati kuburikidza nema trunk links kuenda kuchiteshi chekuenda.

- Inogona kugadzira mhando imwe chete yesource - kanenge chiteshi chimwe chete kana kanenge VLAN imwe chete asi haigone kuva musanganiswa.

- Nzvimbo yekuenda kumusangano ndeye RSPAN VLAN kwete single port in switch, saka maport ese ari muRSPAN VLAN achagamuchira traffic yakafanana.

- Gadzirisa chero VLAN seRSPAN VLAN chero bedzi zvishandiso zvese zve network zvichitsigira magadzirirwo eRSPAN VLAN, uye shandisa RSPAN VLAN imwecheteyo pachikamu chega chega cheRSPAN

- VTP inogona kuparadzira magadzirirwo eVLAN ane nhamba kubva 1 kusvika 1024 seRSPAN VLANs, inofanira kugadzirisa nemaoko maVLAN ane nhamba iri pamusoro pe1024 seRSPAN VLANs pamidziyo yese yenetwork yesource, yepakati, uye yedestination.

- Kudzidza kero dzeMAC kwakadzimwa muRSPAN VLAN.

SPAN, RSPAN, ERSPAN 2

SPAN iri kure yakavharirwa (ERSPAN)

Encapsulated remote SPAN (ERSPAN) inounza generic routing encapsulation (GRE) kune ese ma traffic akatorwa uye inobvumira kuti iwedzere muLayer 3 domains.

ERSPAN iCisco ine pfumauye inowanikwa chete kumapuratifomu eCatalyst 6500, 7600, Nexus, uye ASR 1000 kusvika pari zvino. ASR 1000 inotsigira ERSPAN source (monitoring) chete paFast Ethernet, Gigabit Ethernet, uye port-channel interfaces.

Nhungamiro kana zvirambidzo kuERSPAN:

- Masesheni ekushandisa ERSPAN haakope traffic yeERSPAN GRE-encapsulated kubva kuma source ports. Session yega yega yekushandisa ERSPAN inogona kuva nema ports kana ma VLAN sema sources, asi kwete ese ari maviri.

- Pasinei nehukuru hweMTU hwakagadziriswa, ERSPAN inogadzira mapaketi eLayer 3 anogona kureba kusvika 9,202 bytes. ERSPAN traffic inogona kuderedzwa nechero interface iri mu network inosimbisa saizi yeMTU iri pasi pe9,202 bytes.

- ERSPAN haitsigire kupatsanurwa kwemapaketi. Chikamu chekuti "usapatsanure" chakaiswa mumusoro weIP wemapaketi eERSPAN. ERSPAN destination sessions haigone kubatanidzazve mapaketi eERSPAN akapatsanurwa.

- ERSPAN ID inosiyanisa traffic yeERSPAN inosvika panzvimbo imwe chete yeIP kero kubva kumasesheni akasiyana-siyana eERSPAN source; ERSPAN ID yakagadzirirwa inofanira kuenderana pamidziyo inobva uye yainosvikira.

- Kune chiteshi chekutsvaga kana VLAN yekubva, ERSPAN inogona kutarisa kupinda, kubuda, kana zvese traffic yekupinda nekubva. Nekugadzika, ERSPAN inotarisa traffic yese, kusanganisira multicast uye Bridge Protocol Data Unit (BPDU) frames.

- Tunnel interface inotsigirwa senzvimbo dzekuburitsa ruzivo rweERSPAN source session ndeiyi GRE, IPinIP, SVTI, IPv6, IPv6 over IP tunnel, Multipoint GRE (mGRE) uye Secure Virtual Tunnel Interfaces (SVTI).

- Sarudzo yeVLAN yekusefa haishande muchikamu chekutarisa cheERSPAN pamaWAN interfaces.

- ERSPAN paCisco ASR 1000 Series Routers inotsigira mainterface eLayer 3 chete. Mainterface eEthernet haatsigirwi paERSPAN kana akagadzirwa seLayer 2 interfaces.

- Kana chikamu chagadziriswa kuburikidza neERSPAN configuration CLI, session ID uye rudzi rwechikamu hazvigone kuchinjwa. Kuti uchinje, unofanira kutanga washandisa chimiro chemurairo wekugadzirisa chinonzi no form kuti ubvise chikamu wozogadzirisazve chikamu.

- Cisco IOS XE Release 3.4S:- Kuongororwa kwemapaketi etunnel asina IPsec anotsigirwa paIPv6 neIPv6 pamusoro peIP tunnel interfaces chete kumasesheni eERSPAN source, kwete kumasesheni ekuenda kuERSPAN.

- Cisco IOS XE Release 3.5S, rutsigiro rwakawedzerwa kune anotevera marudzi eWAN interfaces se source ports ye source session: Serial (T1/E1, T3/E3, DS0), Packet over SONET (POS) (OC3, OC12) uye Multilink PPP (multilink, pos, uye serial keywords zvakawedzerwa ku source interface command).

SPAN, RSPAN, ERSPAN 3

Kushandisa ERSPAN seLocal SPAN:

Kuti tishandise ERSPAN kutarisa traffic kuburikidza neport imwe chete kana kupfuura kana maVLAN mumudziyo mumwe chete, tinofanira kugadzira ERSPAN source uye ERSPAN destination sessions mumudziyo mumwe chete, kufamba kwedata kunoitika mukati me router, izvo zvakafanana nezviri muSPAN yemuno.

Zvinhu zvinotevera zvinoshanda pakushandisa ERSPAN seSPAN yemuno:

- Zvidzidzo zvose zviri zviviri zvine ERSPAN ID yakafanana.

- Masesheni ese ari maviri ane kero yeIP yakafanana. Kero iyi yeIP ikero yeIP yerouters; kureva, kero yeIP yakavhurika kana kero yeIP yakagadzirirwa pane chero port.

(config)# monitor session 10 type erspan-source
(config-mon-erspan-src)# source interface Gig0/0/0
(config-mon-erspan-src)# kwaunoenda
(config-mon-erspan-src-dst)# ip address 10.10.10.1
(config-mon-erspan-src-dst)# kero ye ip yekutanga 10.10.10.1
(config-mon-erspan-src-dst)# erspan-id 100

SPAN, RSPAN, ERSPAN 4

Nguva yekutumira: Nyamavhuvhu-28-2024
Dzvanya enter kuti utsvage kana kuti ESC kuti uvhare