I-SPAN, RSPAN, ne-Erspan ngamasu asetshenziselwa ukuxhumana ukuze athwebule futhi aqaphe ithrafikhi yokuhlaziywa. Nakhu ukubuka konke okufushane kwalowo nalowo:
Span (switch eshintshiwe port analyzer)
INJONGO: Isetshenziselwa ukubumba ithrafikhi kusuka kumachweba athile noma ama-Vlans ekushintsheni kwelinye itheku lokuqapha.
Sebenzisa icala: Ilungele ukuhlaziywa kwethrafikhi yasendaweni ekushintsheni okukodwa. Ithrafikhi ibunjiwe ethekwini eliqokiwe lapho ukuhlaziya kwenethiwekhi kungayithola khona.
I-RSPAN (span ekude)
Injongo: Kunwebe amakhono weSpan kuwo wonke ama-switch amaningi kunethiwekhi.
Sebenzisa icala: Ivumela ukuqashwa kwethrafikhi kusuka ekushintsheni okukodwa kuya kwesinye isixhumanisi sesiqu. Iwusizo ezimweni lapho idivaysi yokuqapha itholakala khona ku-switch ehlukile.
I-Erspan (i-span eyihlane evunyelwe)
INJONGO: Hlanganisa i-RSPAN nge-GRE (i-generic Routing Encopsetion) ukufaka phakathi ithrafikhi ebonile.
Sebenzisa icala: Ivumela ukuqashwa kwethrafikhi kuwo wonke amanethiwekhi ahambisanayo. Lokhu kuwusizo kwizakhiwo eziyinkimbinkimbi zenethiwekhi lapho kudingeka khona ithrafikhi ngaphezulu kwezigaba ezahlukahlukene.
Shintsha i-Port Analyzer (SPAN) uhlelo olusebenzayo, olusebenzayo lokuhlola ithrafikhi. Iqondisa noma ibuye ithrafikhi kusuka ethekwini lomthombo noma i-vlan kuya echwebeni lapho uya khona. Lokhu kwesinye isikhathi kubizwa ngokuthi ukuqapha kweseshini. I-SPAN isetshenziselwa ukuxazulula inkinga izindaba zokuxhumana nokubala ukusetshenziswa kwenethiwekhi nokusebenza, phakathi kwabanye abaningi. Kunezinhlobo ezintathu ze-spans ezisekelwa emikhiqizweni ye-cisco ...
a. Span noma span yendawo.
b. Span ekude (RSPAN).
c. I-span eyihlane ehlanganisiwe (i-erspan).
Ukwazi: "Broker ye-MyLink ™ Network Packet nge-SPAN, RSPAN kanye nezici ze-ESSPAN"
Izibuko ze-SPAN / TRICKRICT / Port Mirroring zisetshenziselwa izinhloso eziningi, ngezansi kufaka phakathi ezinye.
- Ukuqalisa ama-IDS / IPS kwimodi yokuziphatha okubi.
- Izisombululo zokuqoshwa kwe-VoIP.
- Izizathu zokutholwa kokuphepha ukuqapha nokuhlaziya ithrafikhi.
- Izinkinga zokuxazulula izinkinga, ukuqapha ithrafikhi.
Kungakhathalekile ukuthi uhlobo lwe-span lusebenza khona, umthombo we-span ungaba noma yiluphi uhlobo lwePort ie echwebeni eliqondisiwe, itheku lokushintsha umzimba, i-etherchannel (i-port-channel interface) njll.
Izikhathi ze-Span zisekela ukuqashwa kwe-Ingress Traffic (Ingress Span), iTraffic Traffic (egress span), noma ithrafikhi egeleza kuzo zombili izinkomba.
- I-Ingress Span (Rx) i-Copies Traffic etholwe amachweba omthombo nama-Vlan echwebeni lapho uya khona. I-Span ikopisha ithrafikhi ngaphambi kwanoma yikuphi ukuguqulwa (isibonelo ngaphambi kokuhlunga kwe-VACL noma i-ACL, Qos noma i-Ingress noma i-EGRESS Policing).
- Ithrafikhi ye-Egress Span (TX) idluliselwa kumakhathi womthombo nama-VLANS echwebeni lapho uya khona. Konke ukuhlunga okufanele noma ukuguqulwa kwe-VACL noma isihlungi se-ACL, ama-Qos noma i-Ingress noma i-EGRESS Policing Izenzo zithathwa ngaphambi kokushintshwa kwethrafikhi ku-Span Destination Port.
- Lapho kusetshenziswa i-soni esingukhiye, i-span ikhopha ithrafikhi yenethiwekhi etholakele futhi idluliselwe amachweba omthombo namaVlan echwebeni lapho uya khona.
- SPAN / RSPAN ngokuvamile ayinaki i-CDP, i-STP BPdu, i-VTP, i-DTP nama-Pagp ozimele. Kodwa-ke lezi zinhlobo zethrafikhi zingadluliselwa uma i-encpsolication replate command ilungiselelwe.
Span noma span yendawo
Izibuko ze-Span izibuko ezivela kwesinye isibonisi noma ngaphezulu esibonakalayo ekushintsheni kokunye noma ngaphezulu kwezindawo zokushintshana okufanayo; Ngakho-ke isikhathi sibizwa kakhulu njenge-span yendawo.
Imihlahlandlela noma imikhawulo eya endaweni yendawo:
- Womabili amachweba ashintshiwe ama-under 2 namachweba ama-ungqimba ama-3 angalungiswa njengoMthombo noma amachweba okuya kulo.
- Umthombo ungaba yindawo eyodwa noma ngaphezulu noma i-vlan, kepha hhayi ukuxubana kwalokhu.
- Ama-Trunk Ports amachweba omthombo avumelekile ahlanganiswe namachweba angewona ama-trunk.
- Kufika ku-64 amachweba okuya kwe-span ongalungiswa ku-switch.
- Uma silungiselela indawo okuyiwa kuyo, ukucushwa kwangempela kwangempela kubhalwe phansi. Uma ukucushwa kwe-Span kususwa, ukucushwa kwasekuqaleni kulelo chweba kubuyiselwe.
- Uma ulungiselela indawo oya kuyo, itheku lisuswa kunoma iyiphi inqwaba ye-etherchannel ukube bekuyingxenye yeyodwa. Ukube bekuyi-port eqondisiwe, ukumiswa kwendawo okusesikhathini kugcizelela ukucushwa kwetheku okuholayo.
- Amachweba Ukuyaphi awasekeli ukuphepha kwePort, ubuqiniso be-802.1x, noma amaVlan abazimele.
- Ichweba lingasebenza njenge-port ukuphela lapho iseshini eyodwa ye-span.
- Ichweba alikwazi ukulungiswa njenge-port ukuphela uma kungumthombo weseshini yesikhathi somthombo noma ingxenye yomthombo we-vlan.
- Izikhala ze-Port Channel (i-EtherChannel) zingalungiswa njengamachweba womthombo kodwa hhayi indawo yokuya endaweni ye-span.
- Ukuqondisa kwethrafikhi "kokubili" ngokuzenzakalelayo kwemithombo ye-span.
- Amachweba Ukuya lapho ungazibandakanyi esimweni sesihlahla somuthi. Ayikwazi ukusekela i-DTP, i-CDP njll. I-Local Span ifaka i-BPdus ku-traffic ebhekwe, ngakho-ke noma iyiphi i-BPdus ebonwe ethekwini lapho ikopishwa kusuka echwebeni lomthombo. Ngakho-ke ungalokothi uxhume inkinobho kulolu hlobo lwe-span njengoba kungadala i-loop yenethiwekhi. Amathuluzi e-AI azothuthukisa ukusebenza kahle komsebenzi, futhiAkubonakali i-AIInsizakalo ingathuthukisa ikhwalithi yamathuluzi e-AI.
- Lapho i-Vlan ilungiselelwe njengomthombo we-span (iningi libizwa ngokuthi yi-vspan) nazo zombili izinketho ze-Ingress kanye ne-egress ezilungiselelwe, amaphakethe aphindwe kabili avela ethekwini lomthombo kuphela uma amaphakethe eshintshwa ku-vlan efanayo. Ikhophi elilodwa lephakethe livela ekuthandeni kwe-Ingress ethekwini le-Ingress, kanti elinye ikhophi lephakethe livela kumthamo wethrafikhi ethekwini le-egress.
- I-VSPAN iqapha kuphela ithrafikhi eshiya noma ingena emachwebeni ama-2 e-VLAN.
Span Remote (RSPAN)
I-Remote Span (RSPAN) ifana ne-span, kepha isekela amachweba emithombo, ama-Vlans omthombo, namachweba okuya endaweni okuguqukayo okuvela kumadivayisi wokuhlola okukude asatshalaliswa ngaphezulu kwamadivayisi wokuthwebula okuningi. Iseshini ngayinye ye-RSPAN ithwala ithrafikhi ye-span ngaphezulu kwe-RSPAN VLAN echazwe ngumsebenzisi kuzo zonke izinguquko ezibambe iqhaza. Le vlan isethwenyelwa kwamanye ama-switch, okuvumela ithrafikhi ye-RSPAN yeseshini ukuthi ithuthwe kuwo wonke ama-switches amaningi futhi ilethwe endaweni yokuthwebula indawo. I-RSPAN iqukethe iseshini yomthombo we-RSPAN, i-RSPAN VLAN, kanye neseshini ye-RSPAN ukuphela.
Imihlahlandlela noma imikhawulo ku-RSPAN:
- I-VLAN ethize kufanele ilungiselelwe indawo okuzofika kuyo okuzokweqa ngokushintshwa kokuphakathi okuphakathi ngezixhumanisi ze-trunk maqondana echwebeni lapho uya khona ethekwini.
- Kungadala uhlobo lomthombo olufanayo - okungenani imbobo eyodwa noma okungenani i-vlan eyodwa kepha ayikwazi ukuxubana.
- Indawo lapho iseshini yi-RSPAN VLAN esikhundleni sechweba elilodwa ku-switch, ngakho wonke amachweba eRSPan Vlan uzothola ithrafikhi ebonile.
- Lungiselela noma iyiphi i-VLAN njenge-RSPAN VLAN inqobo nje uma wonke amadivaysi enethiwekhi ahlinzeka ngokusekwa kwe-RSPAN VLANS, bese usebenzisa i-RSPAN VLAN efanayo yeseshini ngayinye ye-RSPAN
- I-VTP ingasabalalisa ukucushwa kwama-VLAN ku-1 kuye ku-1024 njenge-RSPAN VLANS, kufanele ilungiselele ama-VSpan Vlans, kufanele alungiselele ama-VSpan ama-Vlans aphezulu njenge-RSPAN VLANS kuwo wonke umthombo, ophakathi nendawo, kanye namadivayisi wenethiwekhi.
- Ukufundwa kwekheli leMac kukhutshaziwe ku-RSPAN VLAN.
I-span eyihlane evunyelwe (i-erspan)
I-Span (i-Erspan Remote span (i-Erspan) iletha i-generic Routing EamapSOppment (GRE) yazo zonke izimoto ezithunjiwe futhi ivumela ukuthi idluliselwe kuzo zonke izizinda ezi-3.
I-Erspan yi-ICisco ProprietaryIsici futhi sitholakala kuphela ku-Catalyst 6500, 7600, i-Nexus, kanye nama-ASR 1000 amapulatifomu kuze kube manje. I-ASR 1000 isekela umthombo we-erspan (ukuqapha) kuphela ku-Ethernet esheshayo, i-gigabit ethernet, kanye nezindawo ezilandelwayo ze-port-Channel.
Imihlahlandlela noma imikhawulo ku-Erspan:
- Izikhathi zomthombo we-Erspan azikopisha i-Erspan GRE-encrespated traffic kusuka emachwebeni omthombo. Iseshini yomthombo ngamunye we-Erspan ingaba namawashi noma ama-Vlans njengemithombo, kepha hhayi yomibili.
- Kungakhathalekile noma yiluphi usayizi we-MTU olungiselelwe, i-Erspan kwakha amaphakethe we-Laser 3 angaba ngamabhayithi angama-9,202. I-Erspan traffic ingahle yehle nganoma yisiphi isikhombimsebenzisi kunethiwekhi ephoqa usayizi we-MTU omncane kunama-9,202 Bytes.
- I-Erspan ayisekeli ukuhlukaniswa kwephakethe. I- "Musa ukuqhekeka" kancane isethwe kunhlokweni ye-IP yamaphakethe we-Erspan. Amaseshini wokufika we-Erspan awakwazi ukuhlanganisa kabusha amaphakethe we-Erspan ahlukanise.
- I-ID ye-Erspan ihlukanisa i-Erspan traffic efika ekhelini elifanayo le-IP elivela kumaseshini ahlukahlukene e-Erspan ahlukahlukene; I-Erspan i-ID ye-Erspan kumele ihambisane nemithombo kanye namadivayisi aya kuyo.
- Ukuze uthole imbobo yomthombo noma i-vlan yomthombo, i-erspan ingabheka i-Ingress, i-egress, noma zombili i-Ingress ne-egress traffic. Ngokuzenzakalelayo, i-Erspan iqapha yonke ithrafikhi, kufaka phakathi i-multicast kanye ne-bridge protocol protocol iyunithi (BPDU) ozimele.
- Isikhombimsebenzisi se-runcher esisekelwa njengamachweba womthombo wesifundo somthombo we-Erspan GRE, IPINIP, i-SVTI, IPV6, i-IPV6 ngaphezulu komhubhe, i-MGRE) kanye ne-Virtual Tunnel Interface (SVTI).
- Inketho ye-Filter Vlan ayisebenzi eseshini yokuqapha i-Erspan e-Wan interface.
- I-Erspan kuCisco Asr 1000 Ama-Series Routers asekela kuphela izindawo ezi-3 zokuxhumana. Izinhlaka ze-Ethernet azisekelwa ku-Erspan uma zilungiselelwe njengezindawo zokuhlangana ezi-2.
- Uma iseshini ilungiselelwe nge-Erspan Configuration CLI, i-ID yeseshini nohlobo lweseshini ngeke kuguqulwe. Ukuze uwashintshe, kufanele uqale usebenzise ifomu lomyalo wokucushwa ukuze ususe iseshini bese uphinde uphinde uphinde uphinde uphinde uphinde uphinde uhlele isikhathi.
- I-Cisco ios xe Ukukhishwa kwama-3.4s: - Ukuqashwa kwamaphakethe angenamikhawulo evikelekile kusekelwa ku-IPv6 ne-IPv6 ngaphezulu kwe-IP Tourment Personas kuphela kumaseshini omthombo we-Erspan kuphela.
- I-Cisco ios xe Ukukhishwa kwama-3.5s, ukwesekwa kwengezwa ngezinhlobo ezilandelayo zezindawo zokuxhumana zeWan njengamachweba womthombo wesigaba somthombo: Iphakethe (i-POS3, i-PPP) ne-POSTILING COSTERS).
Usebenzisa i-Erspan njenge-span yendawo:
Ukuze usebenzise i-Erspan ukuqapha ithrafikhi ngokusebenzisa amachweba noma ama-Vlans amaningi kudivayisi efanayo, kufanele kufanele sakhe umthombo we-Erspan kanye nama-Erspan ukuphela kwamadivayisi kudivayisi efanayo, ukugeleza kwedatha kwenzeka ngaphakathi kwe-router, okufana nalokho endaweni yendawo.
Izici ezilandelayo zisebenza ngenkathi kusetshenziswa i-Erspan njenge-span yendawo:
- Zombili izikhathi zine-id ye-Erspan efanayo.
- Zombili izikhathi zinekheli elifanayo le-IP. Leli kheli le-IP lingama-routers anekheli le-IP; okungukuthi, ikheli le-IP le-Loopback noma ikheli le-IP elilungiselelwe kunoma yiliphi itheku.
| (Config) # ukuqapha isikhathi 10 Uhlobo lwe-Erspan-Source |
| (Config-Mon-Erspan-SRC) # isikhombimsebenzisi se-GICTORIC / 0/0 |
| (Config-Mon-Erspan-SRC) # Indawo lapho uya khona |
| (Conf-Mon-Erspan-SRC-DST) # Ikheli le-IP 10.10.10.1 |
| (Conf-Mon-Erspan-SRC-DST) # Ikheli le-IP ye-IP 10.10.10.1 |
| (Conf-Mon-Erspan-SRC-DST) # Erspan-ID 100 |
Isikhathi sePosi: Aug-28-2024
