I-SPAN, i-RSPAN, kunye ne-ERSPAN ziindlela ezisetyenziswa kuthungelwano ukuze kubanjwe kwaye kujongwe ithrafikhi ukuze kuhlalutywe. Nantsi ingcaciso emfutshane yento nganye:
I-SPAN (i-Switched Port Analyzer)
Injongo: Isetyenziselwa ukubonisa ithrafikhi evela kwiiports ezithile okanye iiVLAN kwiswitshi ukuya kwenye iport yokubeka esweni.
Ityala Lokusetyenziswa: Ilungele uhlalutyo lwetrafikhi yendawo kwiswitshi enye. Itrafikhi ijongwa kwizibuko elimiselweyo apho i-network analyzer inokulibamba khona.
I-RSPAN (i-SPAN ekude)
Injongo: Yandisa amandla e-SPAN kwiiswitshi ezininzi kwinethiwekhi.
Ityala Lokusetyenziswa: Ivumela ukujongwa kwethrafikhi ukusuka kwiswitshi enye ukuya kwenye ngaphezulu kwekhonkco lesiqu. Iluncedo kwiimeko apho isixhobo sokujongwa sikwiswitshi eyahlukileyo.
I-ERSPAN (I-SPAN Ekude Ehlanganisiweyo)
Injongo: Idibanisa i-RSPAN ne-GRE (i-Generic Routing Encapsulation) ukuze ihlanganise ithrafikhi ebonakalayo.
Ityala Lokusetyenziswa: Ivumela ukujongwa kwethrafikhi kwiinethiwekhi ezihanjiswayo. Oku kuluncedo kwiindlela zokwakha inethiwekhi ezintsonkothileyo apho ithrafikhi kufuneka ibanjwe kwiindawo ezahlukeneyo.
I-Switch port Analyzer (SPAN) yinkqubo yokujonga ithrafikhi esebenza kakuhle nesebenza kakuhle. Iqondisa okanye ibonise ithrafikhi ukusuka kwi-source port okanye kwi-VLAN ukuya kwi-destination port. Oku ngamanye amaxesha kubizwa ngokuba yi-session monitoring. I-SPAN isetyenziselwa ukusombulula iingxaki zonxibelelwano kunye nokubala ukusetyenziswa kwenethiwekhi kunye nokusebenza kwayo, phakathi kwezinye ezininzi. Kukho iintlobo ezintathu ze-SPAN ezixhaswayo kwiimveliso zeCisco ...
a. I-SPAN okanye i-SPAN yasekuhlaleni.
b. I-Remote SPAN (RSPAN).
c. I-SPAN ekude efakwe ngaphakathi (i-ERSPAN).
Ukwazi: "Umthengisi weePakethi zeNethiwekhi zeMylinking™ oneempawu zeSPAN, RSPAN kunye ne-ERSPAN"
I-SPAN / i-traffic mirroring / i-port mirroring isetyenziselwa iinjongo ezininzi, ezingezantsi ziquka ezinye.
- Ukusebenzisa i-IDS/IPS kwimo yokuziphatha kakubi.
- Izisombululo zokurekhoda iifowuni zeVOIP.
- Izizathu zokuthobela imithetho yokhuseleko zokubeka esweni nokuhlalutya ithrafikhi.
- Ukulungisa iingxaki zonxibelelwano, ukujonga ithrafikhi.
Nokuba uhlobo lwe-SPAN lusebenza, umthombo we-SPAN unokuba loluphi na uhlobo lwezibuko oko kukuthi izibuko elihanjiswayo, izibuko lokutshintsha ngokwasemzimbeni, izibuko lokufikelela, isiqu, i-VLAN (zonke iizibuko ezisebenzayo zijongwa yiswitshi), i-EtherChannel (nokuba yizibuko okanye i-interfaces ye-port-channel yonke) njl. Qaphela ukuba izibuko elilungiselelwe indawo ye-SPAN ALINAKUBA yinxalenye ye-VLAN yomthombo we-SPAN.
Iiseshoni ze-SPAN zixhasa ukujongwa kwethrafikhi yokungena (i-ingress SPAN), ithrafikhi yokuphuma (i-egress SPAN), okanye ithrafikhi ehamba kuzo zombini iindlela.
- I-Ingress SPAN (RX) ikopisha ithrafikhi efunyenwe zizibuko zomthombo kunye neeVLAN ukuya kwizibuko apho uya khona. I-SPAN ikopisha ithrafikhi ngaphambi kokuba naluphi na utshintsho (umzekelo ngaphambi kwaso nasiphi na isihluzi se-VACL okanye se-ACL, i-QoS okanye i-ingress okanye i-egress policing).
- I-Egress SPAN (TX) ikopisha ithrafikhi ethunyelwa ukusuka kwiichweba zomthombo kunye neeVLAN ukuya kwichweba lokuya. Zonke iindlela ezifanelekileyo zokucoca okanye zokuguqula nge-VACL okanye i-ACL filter, i-QoS okanye amanyathelo okugcina angena okanye aphumayo ayathathwa ngaphambi kokuba iswitshi ithumele ithrafikhi kwichweba lokuya kwi-SPAN.
- Xa kusetyenziswa amagama angundoqo omabini, i-SPAN ikopisha ithrafikhi yenethiwekhi efunyenweyo nedluliselwe zii-source ports kunye nee-VLAN ukuya kwi-destination port.
- I-SPAN/RSPAN idla ngokungazinaki iifreyimu ze-CDP, STP BPDU, VTP, DTP kunye ne-PAgP. Nangona kunjalo, ezi ntlobo zethrafikhi zinokuthunyelwa ukuba umyalelo we-encapsulation replicate ucwangcisiwe.
I-SPAN okanye i-SPAN yasekuhlaleni
I-SPAN ijonga ithrafikhi ukusuka kwi-interface enye okanye ezingaphezulu kwiswitshi ukuya kwi-interface enye okanye ezingaphezulu kwiswitshi enye; yiyo loo nto i-SPAN ibizwa ngokuba yi-LOCAL SPAN.
Izikhokelo okanye imiqathango kwi-SPAN yasekuhlaleni:
- Zombini ii-Layer 2 switched ports kunye nee-Layer 3 ports zingacwangciswa njengee-source okanye ii-destination ports.
- Umthombo unokuba yiport enye okanye ezingaphezulu okanye iVLAN, kodwa kungabi yingxubevange yezi.
- Ii-Trunk ports zii-source ports ezisebenzayo ezixutywe nee-non-trunk source ports.
- Kungalungiselelwa ii-ports ze-SPAN ezifikelela kuma-64 kwiswitshi.
- Xa simisela izibuko apho kuya khona, uqwalaselo lwazo lokuqala luyabhalwa ngaphezulu. Ukuba uqwalaselo lwe-SPAN lususiwe, uqwalaselo lwazo lokuqala kuloo zibuko luyabuyiselwa.
- Xa umisela izibuko eliya kwindawo ethile, izibuko liyasuswa kuyo nayiphi na i-EtherChannel bundle ukuba yayiyinxalenye yenye. Ukuba yayiyizibuko eliya kwindawo ethile, ulungiselelo lwe-SPAN luyayigqitha i-routed port configuration.
- Iiports zokuya apho ziya khona azixhasi ukhuseleko lweeports, uqinisekiso lwe-802.1x, okanye ii-VLAN zabucala.
- Izibuko lingasebenza njengezibuko lendawo ekuyiwa kuyo kwiseshoni enye ye-SPAN kuphela.
- Izibuko alinakulungiswa njengezibuko eliya kwindawo ekuyiwa kuyo ukuba lizibuko elivela kwimvelaphi yeseshoni yespan okanye liyinxalenye ye-VLAN ephuma kwimvelaphi.
- Ii-interfaces ze-Port channel (i-EtherChannel) zinokucwangciswa njengee-source ports kodwa kungekhona i-destination port ye-SPAN.
- Icala lendlela "lizo zombini" ngokuzenzekelayo kwimithombo ye-SPAN.
- Iiports zokuya azinakuthatha inxaxheba kwi-span-tree instance. Ayikwazi ukuxhasa i-DTP, i-CDP njl. I-Local SPAN ibandakanya ii-BPDU kwitrafikhi ejongiweyo, ngoko ke naziphi na ii-BPDU ezibonwa kwiport yokuya zikopishwa kwi-source port. Ngenxa yoko ungaze uqhagamshele iswitshi kolu hlobo lwe-SPAN kuba inokubangela i-network loop. Izixhobo ze-AI ziya kuphucula ukusebenza kakuhle, kwayei-AI engabonakaliyoinkonzo inokuphucula umgangatho wezixhobo ze-AI.
- Xa i-VLAN icwangciswe njengomthombo we-SPAN (obizwa ngokuba yi-VSPAN) kunye neendlela zokungena kunye nokuphuma ezicwangcisiweyo, thumela iipakethi eziphindwe kabini ukusuka kwi-source port kuphela ukuba iipakethi zitshintshiwe kwi-VLAN efanayo. Ikopi enye yepakethi ivela kwi-ingress traffic kwi-ingress port, kwaye enye ikopi yepakethi ivela kwi-egress traffic kwi-egress port.
- I-VSPAN ijonga kuphela ithrafikhi ephuma okanye engena kwiichweba zeLayer 2 kwi-VLAN.
I-SPAN Ekude (RSPAN)
I-Remote SPAN (RSPAN) ifana ne-SPAN, kodwa ixhasa ii-source ports, ii-source VLANs, kunye nee-destination ports kwiiswitshi ezahlukeneyo, ezibonelela ngokujonga ithrafikhi ukusuka kwii-source ports ezisasazwe kwiiswitshi ezininzi kwaye zivumela indawo ekuyiwa kuyo ukuba idibanise izixhobo zokubamba inethiwekhi. Iseshoni nganye ye-RSPAN ithwala i-SPAN traffic ngaphezulu kwe-RSPAN VLAN enikezelwe ngumsebenzisi kuzo zonke iiswitshi ezithatha inxaxheba. Le VLAN emva koko ithungelwa kwezinye iiswitshi, ivumela i-RSPAN session traffic ukuba ithuthwe kwiiswitshi ezininzi kwaye ihanjiswe kwisikhululo sokubamba indawo ekuyiwa kuyo. I-RSPAN ineseshoni yomthombo we-RSPAN, i-RSPAN VLAN, kunye neseshoni yendawo ekuyiwa kuyo ye-RSPAN.
Izikhokelo okanye imiqathango kwi-RSPAN:
- Kufuneka kulungiselelwe i-VLAN ethile ukuze ifikelele kwindawo ye-SPAN eya kudlula kwiiswitshi eziphakathi ngokusebenzisa ii-trunk links ukuya kwindawo ekuyiwa kuyo.
- Ingadala uhlobo olufanayo lomthombo - ubuncinane izibuko elinye okanye ubuncinane i-VLAN enye kodwa ayinakuba yingxubevange.
- Indawo ekuya kuyo iseshoni yi-RSPAN VLAN endaweni ye-single port in switch, ngoko ke zonke ii-ports kwi-RSPAN VLAN ziya kufumana i-mirrored traffic.
- Lungiselela nayiphi na i-VLAN njenge-RSPAN VLAN okoko nje zonke izixhobo zenethiwekhi ezithatha inxaxheba zixhasa uqwalaselo lwee-RSPAN VLAN, kwaye zisebenzise i-RSPAN VLAN efanayo kwiseshoni nganye ye-RSPAN
- I-VTP inokusasaza uqwalaselo lwee-VLAN ezinombolo 1 ukuya kwi-1024 njenge-RSPAN VLANs, kufuneka icwangcise ngesandla ii-VLAN ezinombolo 1024 njenge-RSPAN VLANs kuzo zonke izixhobo zenethiwekhi yomthombo, ephakathi, kunye neendawo ekufikelelwa kuzo.
- Ukufunda idilesi ye-MAC kukhutshaziwe kwi-RSPAN VLAN.
I-SPAN ekude evalekileyo (i-ERSPAN)
I-Encapsulated remote SPAN (ERSPAN) izisa i-generic routing encapsulation (GRE) kuzo zonke iitrafikhi ezibanjiweyo kwaye ivumela ukuba yandiswe kuzo zonke iidomeni zeLayer 3.
I-ERSPAN yiUmnini weCiscokwaye ifumaneka kuphela kwiiplatifomu zeCatalyst 6500, 7600, Nexus, kunye ne-ASR 1000 ukuza kuthi ga ngoku. I-ASR 1000 ixhasa umthombo we-ERSPAN (ukubeka esweni) kuphela kwi-Fast Ethernet, i-Gigabit Ethernet, kunye ne-port-channel interfaces.
Izikhokelo okanye imiqathango kwi-ERSPAN:
- Iiseshoni zomthombo we-ERSPAN azikopi i-ERSPAN GRE-encapsulated traffic evela kwiizibuko zomthombo. Iseshoni nganye yomthombo we-ERSPAN inokuba neezibuko okanye ii-VLAN njengemithombo, kodwa hayi zombini.
- Nokuba yeyiphi na i-MTU ecwangcisiweyo, i-ERSPAN idala iipakethi zeLayer 3 ezinobude obuzii-bytes ezingama-9,202. I-traffic ye-ERSPAN inokususwa yiyo nayiphi na i-interface kwinethiwekhi enyanzelisa ubungakanani be-MTU obungaphantsi kwee-bytes ezingama-9,202.
- I-ERSPAN ayixhasi ukuqhekeka kwepakethi. I-bit ethi "do not fragment" isetiwe kwi-IP header yeepakethi ze-ERSPAN. Iiseshoni zendawo ye-ERSPAN azinakuhlanganisa kwakhona iipakethi ze-ERSPAN eziqhekekileyo.
- I-ERSPAN ID yahlula i-ERSPAN traffic efika kwidilesi ye-IP yendawo efanayo ukusuka kwiiseshoni ezahlukeneyo ze-ERSPAN source; i-ERSPAN ID ecwangcisiweyo kufuneka ifane nezixhobo zemithombo kunye neendawo ekuyiwa kuzo.
- Kwi-port yomthombo okanye i-VLAN yomthombo, i-ERSPAN inokujonga ukungena, ukuphuma, okanye zombini i-traffic yokungena kunye nokuphuma. Ngokuzenzekelayo, i-ERSPAN ijonga zonke ii-traffic, kuquka ii-multicast kunye neefreyimu zeBridge Protocol Data Unit (BPDU).
- Ujongano lweTunnel oluxhaswa njengezibuko zomthombo kwiseshoni yomthombo we-ERSPAN yiGRE, IPinIP, SVTI, IPv6, IPv6 over IP tunnel, Multipoint GRE (mGRE) kunye neSecure Virtual Tunnel Interfaces (SVTI).
- Ukhetho lwe-VLAN yesihluzo alusebenzi kwiseshoni yokubeka iliso ye-ERSPAN kwii-interfaces ze-WAN.
- I-ERSPAN kwiCisco ASR 1000 Series Routers ixhasa kuphela ii-interfaces zeLayer 3. Ii-interfaces ze-Ethernet azixhaswa kwi-ERSPAN xa zicwangciswe njengee-interfaces zeLayer 2.
- Xa iseshoni icwangcisiwe nge-ERSPAN configuration CLI, i-session ID kunye nohlobo lweseshoni azinakutshintshwa. Ukuze uzitshintshe, kufuneka uqale usebenzise uhlobo lomyalelo woqwalaselo oluthi "no" ukususa iseshoni uze uyicwangcise kwakhona iseshoni.
- I-Cisco IOS XE Release 3.4S:- Ukubeka esweni iipakethi ze-tunnel ezingakhuselekanga kwi-IPv6 kunye ne-IPv6 ngaphezulu kwe-IP tunnel interfaces kuphela kwiiseshoni zomthombo we-ERSPAN, kungekhona kwiiseshoni zendawo ye-ERSPAN.
- Inkxaso yeCisco IOS XE Release 3.5S yongezwe kwezi ntlobo zilandelayo ze-WAN interfaces njengee-source ports zeseshoni yomthombo: I-Serial (T1/E1, T3/E3, DS0), I-Packet over SONET (POS) (OC3, OC12) kunye ne-Multilink PPP (amagama angundoqo e-multilink, pos, kunye ne-serial ongezelelweyo kumyalelo we-source interface).
Ukusebenzisa i-ERSPAN njenge-Local SPAN:
Ukuze sisebenzise i-ERSPAN ukujonga ithrafikhi ngezibuko elinye okanye ngaphezulu okanye ii-VLAN kwisixhobo esinye, kufuneka senze umthombo we-ERSPAN kunye neeseshoni zendawo ye-ERSPAN kwisixhobo esinye, ukuhamba kwedatha kwenzeka ngaphakathi kwi-router, okufana noko kwi-SPAN yendawo.
Ezi zinto zilandelayo ziyasebenza xa kusetyenziswa i-ERSPAN njenge-SPAN yasekuhlaleni:
- Zombini iiseshoni zine-ERSPAN ID efanayo.
- Zombini iiseshoni zinedilesi ye-IP efanayo. Le dilesi ye-IP yidilesi ye-IP yee-routers; oko kukuthi, idilesi ye-IP ye-loopback okanye idilesi ye-IP elungiselelwe kuyo nayiphi na i-port.
| (uqwalaselo)# iseshoni yokujonga i-10 uhlobo lwe-erspan-source |
| (config-mon-erspan-src)# ujongano lomthombo Gig0/0/0 |
| (config-mon-erspan-src)# indawo oya kuyo |
| (config-mon-erspan-src-dst)# idilesi ye-ip 10.10.10.1 |
| (config-mon-erspan-src-dst)# idilesi ye-ip yemvelaphi 10.10.10.1 |
| (config-mon-erspan-src-dst)# erspan-id 100 |
Ixesha lokuthumela: Agasti-28-2024
