SPAN, RSPAN, uye ERSPANndiwo matekiniki anoshandiswa munetwork kutora uye kutarisa traffic kuti iongororwe. Heino mhedziso pfupi yeumwe neumwe:
SPAN (Switched Port Analyzer)
Chinangwa: Inoshandiswa kuratidzira traffic kubva kune chaiwo madoko kana maVLAN pane switch kune imwe chiteshi chekutarisa.
Shandisa Nyaya: Yakanakira kuongorora traffic yemuno pane imwe switch. Traffic inotaridzwa kune yakasarudzwa chiteshi uko network analyzer inogona kuitora.
RSPAN (Kure SPAN)
Chinangwa: Inowedzera kugona kweSPAN pane akawanda switch mune network.
Shandisa Nyaya: Inobvumira kutariswa kwetraffic kubva kune imwe switch kuenda kune imwe pamusoro pe trunk link. Inobatsira kune zviitiko apo iyo yekutarisa mudziyo uri pane imwe switch.
ERSPAN (Yakavharirwa Kure SPAN)
Chinangwa: Inosanganisa RSPAN neGRE (Generic Routing Encapsulation) kuti ivhare iyo yakatariswa traffic.
Shandisa Nyaya: Inobvumira kuongororwa kwetraffic pamatanho akafambiswa. Izvi zvinobatsira mune yakaoma network architecture uko traffic inoda kutorwa pamusoro pezvikamu zvakasiyana.
Chinja port Analyzer (SPAN)inoshanda, yakakwira kuita traffic monitoring system. Inotungamira kana kuonesa traffic kubva kune sosi chiteshi kana VLAN kuenda kunzvimbo yekuenda. Izvi dzimwe nguva zvinonzi sesesheni monitoring. SPAN inoshandiswa kugadzirisa nyaya dzekubatanidza uye kuverenga mashandisirwo etiweki nekuita, pakati pezvimwe zvakawanda. Kune matatu marudzi eSPANs anotsigirwa pane Cisco zvigadzirwa…
a. SPAN kana SPAN yenzvimbo.
b. Kure SPAN (RSPAN).
c. Yakavharirwa kure SPAN (ERSPAN).
Kuziva: "Mylinking™ Network Packet Broker ine SPAN, RSPAN uye ERSPAN Zvimiro"
SPAN / traffic mirroring / port mirroring inoshandiswa kune zvakawanda zvinangwa, pazasi inosanganisira zvimwe.
-Kuita IDS/IPS mune unzenza modhi.
- VOIP kufona kurekodha mhinduro.
- Chengetedzo yekuteerera zvikonzero zvekutarisa uye kuongorora traffic.
-Kugadzirisa nyaya dzekubatanidza, kutarisa traffic.
Pasinei nerudzi rweSPAN runomhanya, SPAN sosi inogona kuve chero mhando yechiteshi kureva chiteshi chinofambiswa, chekuchinja chemuviri, nzvimbo yekupinda, trunk, VLAN (ese anoshanda madoko anotariswa switch), EtherChannel (chingave chiteshi kana chiteshi chose. -channel interfaces) nezvimwewo. Ziva kuti chiteshi chakagadzirirwa nzvimbo yeSPAN HAHAIKWI kuva chikamu che SPAN source VLAN.
Zvirongwa zveSPAN zvinotsigira kutariswa kweiyo ingress traffic (ingress SPAN), egress traffic (egress SPAN), kana traffic inoyerera nemativi ese.
- Ingress SPAN (RX) inoteedzera traffic inogamuchirwa neiyo sosi zviteshi uye maVLAN kuenda kunzvimbo yekuenda. SPAN inokopa traffic isati yagadziriswa (semuenzaniso pamberi peVACL kana ACL sefa, QoS kana ingress kana egress mapurisa).
- Egress SPAN (TX) inoteedzera traffic inofambiswa kubva kune sosi zviteshi uye maVLAN kuenda kunzvimbo yekuenda. Zvese zvakakodzera kusefa kana kugadziridzwa neVACL kana ACL sefa, QoS kana ingress kana egress zviito zvemapurisa zvinotorwa shanduko isati yaendesa mberi traffic kune SPAN yekuenda chiteshi.
- Kana iwo maviri akakosha izwi rashandiswa, SPAN inokopa iyo network traffic yakagamuchirwa uye inofambiswa neiyo sosi zviteshi uye VLANs kunzvimbo yekuenda.
- SPAN/RSPAN kazhinji inofuratira CDP, STP BPDU, VTP, DTP uye PAgP mafuremu. Nekudaro idzi traffic mhando dzinogona kuendeswa mberi kana iyo encapsulation replicate command yakagadziriswa.
SPAN kana Local SPAN
SPAN magirazi etraffic kubva kune imwe kana anopfuura interface pane switch kune imwe kana anopfuura mainterface pane imwechete switch; saka SPAN inonyanya kunzi LOCAL SPAN.
Nhungamiro kana zvirambidzo kune SPAN yenzvimbo:
- Ose maviri Layer 2 akachinja madoko uye Layer 3 madoko anogona kugadzirwa sosi kana nzvimbo yekuenda.
-Iyo sosi inogona kuve imwe kana akawanda madoko kana VLAN, asi kwete musanganiswa weizvi.
- Trunk ports ndeyechokwadi sosi zviteshi zvakasanganiswa neasiri-trunk source ports.
-Kusvika makumi matanhatu nenhanhatu SPAN yekuenda zviteshi inogona kugadzirwa pane switch.
- Kana isu tikagadzirisa nzvimbo yekuenda, iyo yekutanga kumisikidzwa inonyorwa pamusoro. Kana iyo SPAN gadziriso ikabviswa, iyo yekutanga gadziriso pachiteshi ichi inodzoreredzwa.
- Paunenge uchigadzirisa nzvimbo yekuenda, chiteshi chinobviswa kubva kune chero EtherChannel bundle kana yaive chikamu cheimwe. Dai yanga iri chiteshi chinofambiswa, iyo SPAN nzvimbo yekumisikidza inodarika iyo yakafambiswa chiteshi gadziriso.
-Kuenda kumachiteshi haatsigire kuchengetedzwa kwechiteshi, 802.1x kuvimbiswa, kana maVLAN akavanzika.
- Chiteshi chinogona kuita sechiteshi chekuenda kune imwe chete SPAN chikamu.
- Chiteshi hachigone kugadziridzwa sechiteshi chekuenda kana chiri chiteshi chechikamu chenguva kana chikamu cheVLAN.
-Port chiteshi chinopindirana (EtherChannel) inogona kugadzirwa sechitubu madoko asi kwete nzvimbo yekuenda yeSPAN.
-Kutungamira kweTraffic "zvese" nekusarudzika kune SPAN masosi.
-Kuenda madoko haatombotora chikamu mune inotenderera-muti muenzaniso. Haikwanise kutsigira DTP, CDP nezvimwewo. Local SPAN inosanganisira BPDUs mumotokari inotariswa, saka chero maBPDU anoonekwa pachiteshi chengarava anokopwa kubva pachiteshi. Saka usambobatanidza switch kune iyi mhando yeSPAN sezvo ichigona kukonzera network loop.
- Kana VLAN ikagadziridzwa seSPAN sosi (inonyanya kunzi VSPAN) ine zvese zviri zviviri ingress uye egress sarudzo dzakagadziridzwa, kuendesa mberi mapaketi akadhindwa kubva pachiteshi chengarava chete kana mapaketi akachinjirwa muVLAN imwechete. Imwe kopi yepakiti inobva kune ingress traffic pane ingress port, uye imwe kopi yepakiti inobva kune egress traffic pane egress port.
- VSPAN inotarisisa traffic inosiya kana kupinda muLayer 2 ports muVLAN.
SPAN, RSPAN, neERSPAN matekiniki anoshandiswa munetwork kutora nekutarisa traffic kuti iongororwe. Heino mhedziso pfupi yeumwe neumwe:
SPAN (Switched Port Analyzer)
- Chinangwa: Inoshandiswa kutaridza traffic kubva kune chaiwo madoko kana maVLAN pane switch kune imwe chiteshi chekutarisa.
- Shandisa Nyaya: Yakanakira kuongorora traffic yemuno pane imwe switch. Traffic inotaridzwa kune yakasarudzwa chiteshi uko network analyzer inogona kuitora.
RSPAN (Kure SPAN)
- Chinangwa: Inowedzera kugona kweSPAN pane akawanda switch mune network.
- Shandisa Nyaya: Inobvumira kutariswa kwetraffic kubva kune imwe switch kuenda kune imwe pamusoro pe trunk link. Inobatsira kune zviitiko apo iyo yekutarisa mudziyo uri pane imwe switch.
ERSPAN (Yakavharirwa Kure SPAN)
- Chinangwa: Inosanganisa RSPAN neGRE (Generic Routing Encapsulation) kuti ivhare iyo yakatariswa traffic.
- Shandisa Nyaya: Inobvumira kuongororwa kwetraffic pamatanho akafambiswa. Izvi zvinobatsira mune yakaoma network architecture uko traffic inoda kutorwa pamusoro pezvikamu zvakasiyana.
SPAN iri kure (RSPAN)
Remote SPAN (RSPAN) yakafanana neSPAN, asi inotsigira sosi zviteshi, sosi maVLAN, uye nzvimbo dzekuenda kune dzakasiyana switch, iyo inopa kure kure yekutarisa traffic kubva kusource ports yakagoverwa pamusoro peakawanda switch uye inobvumira kwekuenda centralize network yekutora michina. Chikamu chega chega cheRSPAN chinotakura traffic yeSPAN pamusoro pemushandisi-yakatsanangurwa yakatsaurirwa RSPAN VLAN mune ese ari kutora chikamu switch. Iyi VLAN inozoiswa kune dzimwe switch, ichibvumira iyo RSPAN chikamu traffic kuti itakurwe nepakati pema switch akawanda uye ichiendeswa kunzvimbo yekutora chiteshi. RSPAN ine RSPAN sosi chikamu, RSPAN VLAN, uye RSPAN yekuenda kumusangano.
Nhungamiro kana zvirambidzo kuRSPAN:
-Iyo chaiyo VLAN inofanirwa kugadzirwa yeSPAN kwainoenda iyo inoyambuka nepakati pepakati switch kuburikidza ne trunk link kuenda kuchiteshi.
- Inogona kugadzira yakafanana sosi mhando - ingangoita chiteshi chimwe chete kana imwe chete VLAN asi haigone kuve musanganiswa.
-Nzvimbo yekuenda kumusangano ndeye RSPAN VLAN kwete chiteshi chimwe chete mukuchinja, saka madoko ese muRSPAN VLAN anogashira traffic yakatariswa.
-Gadzirisa chero VLAN seRSPAN VLAN sekureba ese ari kutora chikamu network zvishandiso zvinotsigira kumisikidzwa kweRSPAN VLAN, uye shandisa imwecheteyo RSPAN VLAN kune yega yega RSPAN chikamu.
- VTP inogona kuparadzira kumisikidzwa kweVLAN yakaverengerwa 1 kusvika 1024 seRSPAN VLANs, inofanirwa kugadzirisa nemaoko maVLAN akaverengerwa kupfuura 1024 seRSPAN VLAN pane ese masource, epakati, uye ekuenda network network.
- MAC kero yekudzidza yakadzimwa muRSPAN VLAN.
Yakavharirwa kure SPAN (ERSPAN)
Yakavharirwa kure SPAN (ERSPAN) inounza generic routing encapsulation (GRE) kune ese akabatwa traffic uye inobvumira kuti iwedzerwe muLayer 3 domains.
ERSPAN ariCisco proprietarychimiro uye inowanikwa chete kuCatalyst 6500, 7600, Nexus, uye ASR 1000 mapuratifomu kusvika parizvino. Iyo ASR 1000 inotsigira ERSPAN sosi (kutarisa) chete paFast Ethernet, Gigabit Ethernet, uye port-channel interfaces.
Nhungamiro kana zvirambidzo kune ERSPAN:
- ERSPAN sosi masesisheni haakope ERSPAN GRE-yakavharirwa traffic kubva kusource ports. Imwe neimwe ERSPAN sosi chikamu inogona kuve nemadoko kana maVLAN semanyuko, asi kwete ese ari maviri.
-Kunyangwe chero saizi yeMTU yakagadziriswa, ERSPAN inogadzira Layer 3 mapaketi anogona kureba se9,202 bytes. ERSPAN traffic inogona kudonhedzwa nechero interface munetiweki inomanikidza saizi yeMTU idiki pane 9,202 bytes.
- ERSPAN haitsigire kupatsanurwa kwepakeji. Iyo "usamedura" bit yakaiswa muIP musoro weERSPAN mapaketi. ERSPAN nzvimbo dzekuenda hadzikwanise kuunganidza zvakare dzakakamurwa ERSPAN mapakeji.
- Iyo ERSPAN ID inosiyanisa traffic yeERSPAN inosvika panzvimbo imwe chete yeIP kero kubva kwakasiyana siyana ERSPAN masosi masesheni; yakamisikidzwa ERSPAN ID inofanirwa kuenderana pane kwainobva uye kwekuenda zvishandiso.
-Kune chiteshi chengarava kana sosi VLAN, iyo ERSPAN inogona kutarisa ingress, egress, kana zvese zviri zviviri ingress uye egress traffic. Nekusagadzikana, ERSPAN inotarisisa traffic yese, kusanganisira multicast uye Bridge Protocol Data Unit (BPDU) mafuremu.
- Tunnel interface inotsigirwa sesosi zviteshi zveERSPAN sosi chikamu iGRE, IPinIP, SVTI, IPv6, IPv6 pamusoro peIP tunnel, Multipoint GRE (mGRE) uye Chengetedza Virtual Tunnel Interfaces (SVTI).
-Iyo sefa VLAN sarudzo haishande muERSPAN yekutarisisa chikamu pane WAN nzvimbo.
- ERSPAN paCisco ASR 1000 Series Routers inotsigira chete Layer 3 interfaces. Ethernet interfaces haitsigirwe paERSPAN kana yakagadziriswa seLayer 2 interfaces.
- Kana chikamu chikagadziriswa kuburikidza neERSPAN yekumisikidza CLI, iyo chikamu ID uye rudzi rweseshini haigone kuchinjwa. Kuti uvashandure, unofanira kutanga washandisa iyo isina fomu yemirairo yekumisikidza kubvisa chikamu uye wozogadzirisa zvakare chikamu.
- Cisco IOS XE Kuburitsa 3.4S : - Kutariswa kweasiri-IPsec-akachengetedzwa tunnel mapaketi anotsigirwa paIPv6 uye IPv6 pamusoro peIP tunnel interfaces chete kune ERSPAN sosi masesesheni, kwete kune ERSPAN nzvimbo dzekuenda.
- Cisco IOS XE Kuburitsa 3.5S, rutsigiro rwakawedzerwa kune anotevera marudzi eWAN interfaces sesosi zviteshi zvechikamu chechikamu: Serial (T1/E1, T3/E3, DS0) , Packet pamusoro peSONET (POS) (OC3, OC12) uye Multilink PPP (multilink, pos, uye serial keywords akawedzerwa kune iyo source interface command).
Kushandisa ERSPAN seNharaunda SPAN:
Kuti tishandise ERSPAN kutarisa traffic kuburikidza nechiteshi chimwe chete kana kupfuura kana maVLAN mumudziyo mumwe chete, tinofanira kugadzira ERSPAN sosi uye ERSPAN nzvimbo dzekuenda mumudziyo mumwe chete, kuyerera kwedata kunoitika mukati me router, iyo yakafanana neyemuno SPAN.
Zvinhu zvinotevera zvinoshanda paunenge uchishandisa ERSPAN seSPAN yenzvimbo:
- Yese masesheni ane yakafanana ERSPAN ID.
- Masesheni ese ari maviri ane yakafanana IP kero. Iyi IP kero ndiyo ma routers ega IP kero; ndiko kuti, iyo loopback IP kero kana iyo IP kero yakagadziridzwa pane chero chiteshi.
| (config)# tarisa chikamu 10 mhando ersspan-source |
| (config-mon-ersspan-src)# source interface Gig0/0/0 |
| (config-mon-ersspan-src)# nzvimbo |
| (config-mon-ersspan-src-dst)# ip kero 10.10.10.1 |
| (config-mon-ersspan-src-dst)# mavambo ip kero 10.10.10.1 |
| (config-mon-ersspan-src-dst)# ersspan-id 100 |
Nguva yekutumira: Aug-28-2024
