I-SPAN, i-RSPAN, ne-ERSPAN izindlela ezisetshenziswa kunethiwekhi ukuze kuthathwe futhi kuqashwe ithrafikhi ukuze ihlaziywe. Nakhu okufingqiwe ngakunye:
I-SPAN (I-Port Analyzer Eshintshiwe)
Injongo: Isetshenziselwa ukubonisa ithrafikhi evela ezimbotsheni ezithile noma ama-VLAN ekushintsheni kokuya kwesinye imbobo ukuze kuqashwe.
Sebenzisa Ikesi: Ilungele ukuhlaziywa kwethrafikhi yendawo kuswishi eyodwa. Ithrafikhi ifaniswe nembobo ekhethiwe lapho umhlaziyi wenethiwekhi engayithwebula.
I-RSPAN (I-SPAN Ekude)
Injongo: Inweba amandla e-SPAN kumaswishi amaningi kunethiwekhi.
Sebenzisa Ikesi: Ivumela ukugadwa kwethrafikhi kusuka kuswishi eyodwa iye kwenye ngesixhumanisi soqobo. Iwusizo ezimweni lapho idivayisi yokuqapha itholakala kuswishi ehlukile.
I-ERSPAN (I-SPAN Efihliwe Ekude)
Injongo: Ihlanganisa i-RSPAN ne-GRE (I-Generic Routing Encapsulation) ukuze ihlanganise ithrafikhi eyizibuko.
Sebenzisa Ikesi: Ivumela ukugadwa kwethrafikhi kuwo wonke amanethiwekhi omzila. Lokhu kuyasiza ekwakhiweni kwenethiwekhi okuyinkimbinkimbi lapho ithrafikhi idinga ukuthwetshulwa ngamasegimenti ahlukene.
I-Switch port Analyzer (SPAN) iwuhlelo olusebenzayo, olusebenza kahle lokuqapha ithrafikhi. Iqondisa noma ibonise ithrafikhi esuka embobeni yomthombo noma i-VLAN iye endaweni okuyiwa kuyo. Lokhu ngezinye izikhathi kubizwa ngokuthi ukuqapha iseshini. I-SPAN isetshenziselwa ukuxazulula izinkinga zokuxhumanisa nokubala ukusetshenziswa kwenethiwekhi nokusebenza, phakathi kwezinye eziningi. Kunezinhlobo ezintathu zama-SPAN asekelwa emikhiqizweni yakwaCisco…
a. I-SPAN noma i-SPAN yendawo.
b. I-SPAN ekude (RSPAN).
c. I-SPAN efihliwe ekude (ERSPAN).
Ukuze ukwazi: "I-Mylinking™ Network Packet Broker ene-SPAN, RSPAN kanye nezici ze-ERSPAN"
I-SPAN / i-traffic mirroring / i-port mirroring isetshenziselwa izinjongo eziningi, ngezansi kuhlanganisa okunye.
- Ukusebenzisa i-IDS/IPS kumodi engcolile.
- VOIP call ukuqoshwa izixazululo.
- Izizathu zokuthobela ukuphepha zokuqapha nokuhlaziya ithrafikhi.
- Ukuxazulula izinkinga zokuxhuma, ukuqapha ithrafikhi.
Kungakhathalekile ukuthi hlobo luni lwe-SPAN olusebenzayo, umthombo we-SPAN ungaba yinoma yiluphi uhlobo lwembobo okungukuthi imbobo ehanjiswayo, imbobo yokushintsha ngokomzimba, imbobo yokufinyelela, isiqu, i-VLAN (zonke izimbobo ezisebenzayo zigadwa iswishi), i-EtherChannel (kungaba imbobo noma imbobo yonke. -izixhumanisi zesiteshi) njll. Qaphela ukuthi imbobo elungiselelwe indawo ye-SPAN AYIKWAZI ukuba yingxenye yomthombo we-VLAN we-SPAN.
Amaseshini e-SPAN asekela ukugadwa kwethrafikhi engenayo (i-ingress SPAN), i-egress traffic (i-egress SPAN), noma ithrafikhi egeleza nhlangothi zombili.
- I-Ingress SPAN (RX) ikopisha ithrafikhi etholwe izimbobo zomthombo kanye nama-VLAN endaweni okuyiwa kuyo. I-SPAN ikopisha ithrafikhi ngaphambi kwanoma yikuphi ukuguqulwa (isibonelo ngaphambi kwanoma yisiphi isihlungi se-VACL noma i-ACL, i-QoS noma i-ingress noma i-egress police).
- I-Egress SPAN (TX) ikopisha ithrafikhi edluliselwa kusuka kumachweba omthombo kanye nama-VLAN kuya echwebeni okuyiwa kulo. Konke ukuhlunga noma ukuguqulwa okufanelekile ngesihlungi se-VACL noma se-ACL, i-QoS noma izenzo zamaphoyisa zokungena noma ze-egress zithathwa ngaphambi kokuba ukushintshwa kudlulisele ithrafikhi echwebeni lendawo ye-SPAN.
- Uma womabili amagama angukhiye asetshenziswa, i-SPAN ikopisha ithrafikhi yenethiwekhi eyamukelwe futhi idluliswa izimbobo zomthombo nama-VLAN embobeni okuyiwa kuyo.
- I-SPAN/RSPAN ivamise ukuziba i-CDP, i-STP BPDU, i-VTP, i-DTP nezinhlaka ze-PAgP. Kodwa-ke lezi zinhlobo zethrafikhi zingadluliselwa uma umyalo wokuphindaphinda we-encapsulation umisiwe.
I-SPAN noma i-SPAN yendawo
I-SPAN ikhombisa ithrafikhi ephuma esibonakalayo esisodwa noma ngaphezulu ekushintsheni kuya endaweni eyodwa noma ngaphezulu kuswishi efanayo; yingakho i-SPAN ibizwa kakhulu ngele-LOCAL SPAN.
Imihlahlandlela noma imikhawulo ku-SPAN yendawo:
- Zombili izimbobo ezishintshayo ze-Layer 2 kanye nezimbobo ze-Layer 3 zingalungiswa njengomthombo noma izindawo okuyiwa kuzo.
- Umthombo ungaba yichweba elilodwa noma ngaphezulu noma i-VLAN, kodwa hhayi ingxube yalokhu.
- Izimbobo ze-trunk ziyizimbobo zomthombo ezivumelekile ezixutshwe nezimbobo ezingezona ze-trunk.
- Kungalungiselelwa izimbobo zendawo eziyi-64 ze-SPAN ekushintsheni.
- Uma silungiselela imbobo okuyiwa kuyo, ukucushwa kwayo kwangempela kubhalwa phezu. Uma ukulungiselelwa kwe-SPAN kususwa, ukucushwa kwangempela kuleyo mbobo kuyabuyiselwa.
- Uma ulungiselela imbobo okuyiwa kuyo, imbobo iyasuswa kunoma iyiphi inqwaba ye-EtherChannel uma bekuyingxenye eyodwa. Uma bekuyimbobo enomzila, ukulungiselelwa kwendawo okuyiwa kuyo ye-SPAN kweqa ukulungiselelwa kwembobo ewumzila.
- Izimbobo zendawo azisekeli ukuphepha kwembobo, ukuqinisekiswa kwe-802.1x, noma ama-VLAN ayimfihlo.
- Ichweba lingasebenza njengechweba okuyiwa kulo isikhathi esisodwa kuphela se-SPAN.
- Imbobo ayikwazi ukulungiselelwa njengembobo okuyiwa kuyo uma iyimbobo yomthombo weseshini ye-span noma ingxenye yomthombo we-VLAN.
- Izixhumi zesiteshi zamachweba (EtherChannel) zingalungiselelwa njengezimbobo zomthombo kodwa hhayi imbobo okuyiwa kuyo ye-SPAN.
- Indlela yethrafikhi “kokubili” ngokuzenzakalelayo emithonjeni ye-SPAN.
- Izimbobo zendawo azilokothi zibambe iqhaza esibonelweni sesihlahla esinqamulayo. Ayikwazi ukusekela i-DTP, i-CDP njll. I-SPAN yendawo ihlanganisa ama-BPDU kuthrafikhi egadiwe, ngakho noma imaphi ama-BPDU abonwa embotsheni yendawo akopishwa embobeni yomthombo. Ngakho ungalokothi uxhume iswishi kulolu hlobo lwe-SPAN njengoba ingabangela iluphu yenethiwekhi. Amathuluzi e-AI azothuthukisa ukusebenza kahle komsebenzi, futhiI-AI engabonakaliisevisi ingathuthukisa ikhwalithi yamathuluzi e-AI.
- Uma i-VLAN ilungiswa njengomthombo we-SPAN (iningi elibizwa ngokuthi i-VSPAN) kukho kokubili izinketho zokungena nokuphuma ezilungisiwe, dlulisela phambili amaphakethe ayimpinda ukusuka kumbobo yomthombo kuphela uma amaphakethe eshintshwa ku-VLAN efanayo. Ikhophi eyodwa yephakethe isuka kuthrafikhi yokungena embobeni yokungena, kanti enye ikhophi yephakethe isuka kuthrafikhi ye-egress ku-egress port.
- I-VSPAN iqapha kuphela ithrafikhi ephuma noma engena ezimbobeni ze-Layer 2 ku-VLAN.
I-SPAN ekude (RSPAN)
I-SPAN Remote (RSPAN) ifana ne-SPAN, kodwa isekela izimbobo zomthombo, ama-VLAN omthombo, nezimbobo zendawo ekushintsheni okuhlukile, ezihlinzeka ngethrafikhi yokuqapha ekude kusuka ezimbobeni zomthombo ezisatshalaliswa ngokushintsha okuningi futhi ivumela indawo okuyiwa kuyo ukuthi ifake phakathi amadivayisi wokuthwebula inethiwekhi. Iseshini ngayinye ye-RSPAN ithwala ithrafikhi ye-SPAN ngaphezu kwe-VLAN ye-RSPAN eshiwo umsebenzisi kuwo wonke amaswishi abamba iqhaza. Le VLAN ibe isixhunywa kwamanye amaswishi, okuvumela ithrafikhi yeseshini ye-RSPAN ukuthi ithuthwe ngokushintshashintsha okuningi futhi ilethwe esiteshini sokuthwebula indawo okuyiwa kuso. I-RSPAN iqukethe iseshini yomthombo we-RSPAN, i-VLAN ye-RSPAN, kanye neseshini yendawo ye-RSPAN.
Imihlahlandlela noma imikhawulo ku-RSPAN:
- I-VLAN ethile kufanele ilungiselelwe indawo okuyiwa kuyo ye-SPAN ezonqamula amaswishi amaphakathi ngezixhumanisi ze-trunk ebheke embotsheni okuyiwa kuyo.
- Ingakha uhlobo olufanayo lomthombo - okungenani imbobo eyodwa noma okungenani i-VLAN eyodwa kodwa ayikwazi ukuba yingxubevange.
- Indawo okuyiwa kuyo iseshini yi-RSPAN VLAN kunembobo eyodwa ekushintsheni, ngakho zonke izimbobo ku-RSPAN VLAN zizothola ithrafikhi eyizibuko.
- Lungiselela noma iyiphi i-VLAN njenge-VLAN ye-RSPAN inqobo nje uma wonke amadivayisi enethiwekhi abamba iqhaza asekela ukumiswa kwama-VLAN e-RSPAN, futhi usebenzise i-RSPAN VLAN efanayo ngesikhathi ngasinye se-RSPAN
- I-VTP ingasabalalisa ukucushwa kwama-VLAN anenombolo 1 kuya ku-1024 njengama-VLAN e-RSPAN , kufanele ilungiselele mathupha ama-VLAN anezinombolo ezingaphezulu kuka-1024 njengama-VLAN e-RSPAN kuwo wonke amadivayisi enethiwekhi omthombo, amaphakathi, nendawo okuyiwa kuyo.
- Ukufunda ikheli le-MAC kukhutshaziwe ku-RSPAN VLAN.
I-SPAN ehlanganisiwe yesilawuli kude (ERSPAN)
I-encapsulated remote SPAN (ERSPAN) iletha i-generic routing encapsulation (GRE) yayo yonke ithrafikhi ethwebuliwe futhi ikuvumela ukuthi inwetshwe ezizindeni ze-Layer 3.
I-ERSPAN iyi-aCisco okuphatheleneisici futhi sitholakala kuphela kuzingxenyekazi ze-Catalyst 6500, 7600, Nexus, kanye ne-ASR 1000 kuze kube manje. I-ASR 1000 isekela umthombo we-ERSPAN (ukuqapha) kuphela ku-Fast Ethernet, i-Gigabit Ethernet, kanye ne-port-channel interfaces.
Imihlahlandlela noma imikhawulo ku-ERSPAN:
- Amaseshini omthombo we-ERSPAN awakopishi ithrafikhi ye-ERSPAN GRE-encapsulated evela ezimbobeni zomthombo. Iseshini ngayinye yomthombo we-ERSPAN ingaba nezimbobo noma ama-VLAN njengemithombo, kodwa hhayi kokubili.
- Kungakhathalekile noma yimuphi usayizi omisiwe we-MTU, i-ERSPAN idala amaphakethe e-Layer 3 angaba amabhayithi angu-9,202 ubude. Ithrafikhi ye-ERSPAN ingase yehliswe inoma isiphi isixhumi esibonakalayo kunethiwekhi esiphoqelela usayizi we-MTU omncane kuno-9,202 bytes.
- I-ERSPAN ayikusekeli ukuhlukaniswa kwephakethe. Ibhithi ethi "ungaqhezu" isethwe kunhlokweni ye-IP yamaphakethe e-ERSPAN. Amaseshini endawo e-ERSPAN awakwazi ukuphinda ahlanganise amaphakethe e-ERSPAN ahlukene.
- I-ID ye-ERSPAN ihlukanisa ithrafikhi ye-ERSPAN efika ekhelini le-IP elifanayo ukusuka kumaseshini omthombo ahlukahlukene we-ERSPAN; I-ID ye-ERSPAN emisiwe kufanele ifane kumthombo namadivayisi okuyiwa kuwo.
- Ngembobo yomthombo noma i-VLAN yomthombo, i-ERSPAN ingaqapha ukungena, ukuphuma, noma kokubili ukungena nokuphuma kwethrafikhi. Ngokuzenzakalela, i-ERSPAN iqapha yonke ithrafikhi, okuhlanganisa ozimele be-multicast kanye ne-Bridge Protocol Data Unit (BPDU).
- Isixhumi esibonakalayo somhubhe esisekelwa njengezimbobo zomthombo zeseshini yomthombo we-ERSPAN yi-GRE, IPinIP, SVTI, IPv6, IPv6 over IP tunnel, Multipoint GRE (mGRE) kanye neSecure Virtual Tunnel Interfaces (SVTI).
- Inketho yesihlungi ye-VLAN ayisebenzi kuseshini yokuqapha ye-ERSPAN kuzixhumi ezibonakalayo ze-WAN.
- I-ERSPAN ku-Cisco ASR 1000 Series Routers isekela kuphela i-Layer 3 interfaces. Izixhumi ezibonakalayo ze-Ethernet azisekelwa ku-ERSPAN uma zilungiswa njengezixhumi ezibonakalayo Zesendlalelo sesi-2.
- Uma iseshini ilungiswa nge-ERSPAN yokumisa i-CLI, i-ID yeseshini nohlobo lweseshini akukwazi ukushintshwa. Ukuze uzishintshe, kufanele uqale usebenzise igama elingekho lomyalo wokumisa ukuze ususe iseshini bese ulungisa kabusha iseshini.
- Ukukhishwa kwe-Cisco IOS XE 3.4S :- Ukuqapha amaphakethe ethaneli angavikelekile e-IPsec kusekelwa ku-IPv6 kanye ne-IPv6 over IP tunnel interfaces kuphela kumaseshini womthombo we-ERSPAN, hhayi kumaseshini wendawo we-ERSPAN.
- I-Cisco IOS XE Ukukhishwa kwe-3.5S, ukusekelwa kwengezwe ezinhlotsheni ezilandelayo ze-WAN interface njengezimbobo zomthombo zeseshini yomthombo: I-Serial (T1/E1, T3/E3, DS0) , Iphakethe nge-SONET (POS) (OC3, OC12) kanye ne-Multilink PPP (i-multilink, i-pos, namagama angukhiye we-serial angeziwe kumyalo wesixhumi esibonakalayo somthombo).
Ukusebenzisa i-ERSPAN njenge-SPAN Yendawo:
Ukuze usebenzise i-ERSPAN ukuqapha ithrafikhi ngembobo eyodwa noma ngaphezulu noma i-VLAN kudivayisi efanayo, kufanele sidale umthombo we-ERSPAN kanye namaseshini wendawo we-ERSPAN kudivayisi efanayo, ukugeleza kwedatha kwenzeka ngaphakathi komzila, okufana nalokho okuku-SPAN yendawo.
Izici ezilandelayo ziyasebenza ngenkathi usebenzisa i-ERSPAN njenge-SPAN yendawo:
- Zombili izikhathi zine-ID ye-ERSPAN efanayo.
- Zombili izikhathi zinekheli le-IP elifanayo. Leli kheli lasesizindeni se-inthanethi ikheli le-IP lamarutha; okungukuthi, ikheli le-IP elingemuva noma ikheli le-IP elilungiselelwe kunoma iyiphi imbobo.
| (config)# qapha iseshini 10 thayipha i-erspa-source |
| (config-mon-ersspan-src)# isixhumi esibonakalayo somthombo Gig0/0/0 |
| (config-mon-ersspan-src)# indawo |
| (config-mon-ersspan-src-dst)# ikheli le-ip 10.10.10.1 |
| (config-mon-ersspan-src-dst)# ikheli lasesizindeni se-inthanethi 10.10.10.1 |
| (config-mon-ersspan-src-dst)# ersspan-id 100 |
Isikhathi sokuthumela: Aug-28-2024
