I-SPAN, i-RSPAN, kanye ne-ERSPAN yizindlela ezisetshenziswa ekuxhumaneni ukuze kubanjwe futhi kuqashwe ithrafikhi ukuze ihlaziywe. Nasi isifinyezo esifushane salokho ngakunye:
I-SPAN (I-Switched Port Analyzer)
Inhloso: Isetshenziselwa ukulingisa ithrafikhi evela kumachweba athile noma ama-VLAN kuswishi eya kwenye ichweba yokuqapha.
Icala Lokusetshenziswa: Kuhle kakhulu ekuhlaziyweni kwethrafikhi yendawo kuswishi eyodwa. Ithrafikhi iboniswa echwebeni eliqokiwe lapho umhlaziyi wenethiwekhi angayibamba khona.
I-RSPAN (I-SPAN Ekude)
Inhloso: Yandisa amakhono e-SPAN kuzo zonke izinkinobho eziningi kunethiwekhi.
Icala Lokusebenzisa: Ivumela ukuqapha ithrafikhi kusuka kuswishi eyodwa kuya kwenye ngesixhumanisi se-trunk. Iwusizo ezimweni lapho idivayisi yokuqapha itholakala kuswishi ehlukile.
I-ERSPAN (I-SPAN Ekude Ehlanganisiwe)
Inhloso: Ihlanganisa i-RSPAN ne-GRE (i-Generic Routing Encapsulation) ukuze ihlanganise ithrafikhi ebonisiwe.
Icala Lokusebenzisa: Ivumela ukuqapha ithrafikhi kuwo wonke amanethiwekhi aqondiswe kuwo. Lokhu kuwusizo ekwakhiweni kwenethiwekhi okuyinkimbinkimbi lapho ithrafikhi idinga ukuthwetshulwa ngezigaba ezahlukene.
I-Switch port Analyzer (SPAN) iyisistimu yokuqapha ithrafikhi esebenza kahle futhi esebenza kahle. Iqondisa noma ibonise ithrafikhi kusuka ku-port yomthombo noma i-VLAN kuya ku-port oya kuyo. Lokhu ngezinye izikhathi kubizwa ngokuthi ukuqapha kweseshini. I-SPAN isetshenziselwa ukuxazulula izinkinga zokuxhumeka nokubala ukusetshenziswa kwenethiwekhi nokusebenza, phakathi kwezinye eziningi. Kunezinhlobo ezintathu ze-SPAN ezisekelwayo kumikhiqizo ye-Cisco …
a. I-SPAN noma i-SPAN yendawo.
b. I-Remote SPAN (RSPAN).
c. I-SPAN ekude ehlanganisiwe (i-ERSPAN).
Ukuze ukwazi: "Umthengisi Wephakethe Lenethiwekhi ye-Mylinking™ onezici ze-SPAN, RSPAN kanye ne-ERSPAN"
Ukulingisa i-SPAN / ithrafikhi / ukulingisa imbobo kusetshenziselwa izinjongo eziningi, ngezansi kuhlanganisa ezinye.
- Ukusebenzisa i-IDS/IPS ngendlela yokuziphatha kabi.
- Izixazululo zokuqopha izingcingo ze-VOIP.
- Izizathu zokuthobela imithetho yezokuphepha zokuqapha nokuhlaziya ithrafikhi.
- Ukuxazulula izinkinga zokuxhumeka, ukuqapha ithrafikhi.
Kungakhathaliseki ukuthi uhlobo lwe-SPAN lusebenza kanjani, umthombo we-SPAN ungaba yinoma yiluphi uhlobo lwe-port okungukuthi i-routed port, i-physical switch port, i-access port, i-trunk, i-VLAN (zonke izimbobo ezisebenzayo ziqashwe yi-switch), i-EtherChannel (kungaba i-port noma i-port-channel interfaces yonke) njll. Qaphela ukuthi i-port elungiselelwe indawo ye-SPAN AKUKWAZI ukuba yingxenye ye-SPAN source VLAN.
Amaseshini e-SPAN asekela ukuqapha ithrafikhi yokungena (i-ingress SPAN), ithrafikhi yokuphuma (i-egress SPAN), noma ithrafikhi ehamba kuzo zombili izinhlangothi.
- I-Ingress SPAN (RX) ikopisha ithrafikhi etholwe yizimbobo zomthombo nama-VLAN echwebeni lokuya kulo. I-SPAN ikopisha ithrafikhi ngaphambi kwanoma yikuphi ukuguqulwa (isibonelo ngaphambi kwanoma yisiphi isihlungi se-VACL noma i-ACL, i-QoS noma ukuqapha kokungena noma ukuphuma).
- I-Egress SPAN (TX) ikopisha ithrafikhi edluliselwe kusuka kumachweba omthombo nama-VLAN iye echwebeni lokuya. Konke ukuhlunga noma ukuguqulwa okufanele ngesihlungi se-VACL noma se-ACL, i-QoS noma izinyathelo zokuqapha zokungena noma ukuphuma ziyathathwa ngaphambi kokuba iswishi idlulisele ithrafikhi echwebeni lokuya le-SPAN.
- Uma kusetshenziswa igama elingukhiye lomabili, i-SPAN ikopisha ithrafikhi yenethiwekhi etholwe futhi idluliselwe yizimbobo zomthombo nama-VLAN echwebeni lokuya kulo.
- I-SPAN/RSPAN ivame ukunganaki ozimele be-CDP, STP BPDU, VTP, DTP kanye ne-PAgP. Kodwa-ke lezi zinhlobo zethrafikhi zingadluliselwa uma umyalo wokuphindaphinda we-encapsulation ulungiselelwe.
I-SPAN noma i-SPAN Yendawo
I-SPAN ikhombisa ithrafikhi kusuka kusixhumi esisodwa noma ngaphezulu esishintshini kuya kusixhumi esisodwa noma ngaphezulu esishintshini esifanayo; ngakho-ke i-SPAN ibizwa kakhulu ngokuthi i-LOCAL SPAN.
Iziqondiso noma imikhawulo ku-SPAN yendawo:
- Zombili izimbobo ezishintshiwe ze-Layer 2 kanye nezimbobo ze-Layer 3 zingalungiswa njengezimbobo zomthombo noma zendawo okuya kuyo.
- Umthombo ungaba yichweba elilodwa noma ngaphezulu noma i-VLAN, kodwa hhayi ingxube yalezi.
- Ama-Trunk ports ayi-source ports asebenzayo axutshwe nama-non-trunk source ports.
- Kungalungiswa amachweba okufika ku-SPAN angu-64 kuswishi.
- Uma silungiselela imbobo yokuya kuyo, ukucushwa kwayo kokuqala kuyasuswa. Uma ukucushwa kwe-SPAN kususwa, ukucushwa kokuqala kuleyo mbobo kuyabuyiselwa.
- Uma ulungiselela imbobo yokuya, imbobo iyasuswa kunoma yiliphi i-EtherChannel bundle uma iyingxenye yayo. Uma bekuyimbobo eqondiswe kumzila, ukucushwa kwendawo ye-SPAN kudlula ukucushwa kwembobo eqondiswe kumzila.
- Amachweba okuya kuwo awasekeli ukuphepha kwamachweba, ukuqinisekiswa okungu-802.1x, noma ama-VLAN ayimfihlo.
- Ichweba lingasebenza njengechweba lokuya kulo isikhathi esisodwa se-SPAN kuphela.
- I-port ayikwazi ukulungiselelwa njenge-port yendawo okuyo kuyo uma iyi-port yomthombo weseshini ye-span noma ingxenye ye-VLAN yomthombo.
- Izixhumi zesiteshi se-Port (i-EtherChannel) zingalungiswa njengezimbobo zomthombo kodwa hhayi izimbobo zendawo ye-SPAN.
- Isiqondiso sethrafikhi “sobabili” ngokuzenzakalelayo emithonjeni ye-SPAN.
- Amachweba okuya endaweni awalokothi ahlanganyele esibonelweni sesihlahla esibanzi. Ayikwazi ukusekela i-DTP, i-CDP njll. I-Local SPAN ifaka ama-BPDU kuthrafikhi eqashwe, ngakho-ke noma yimaphi ama-BPDU abonwa kutheku lokuya endaweni akopishwa kusukela kutheku lomthombo. Ngakho-ke ungalokothi uxhume iswishi kulolu hlobo lwe-SPAN ngoba ingabangela iluphu yenethiwekhi. Amathuluzi e-AI azothuthukisa ukusebenza kahle komsebenzi, futhii-AI engatholakaliisevisi ingathuthukisa ikhwalithi yamathuluzi e-AI.
- Uma i-VLAN ilungiselelwe njengomthombo we-SPAN (okubizwa kakhulu ngokuthi i-VSPAN) ngezinketho zokungena nokuphuma ezilungiselelwe, dlulisela amaphakethe aphindaphindiwe kusuka echwebeni lomthombo kuphela uma amaphakethe eshintshaniswa ku-VLAN efanayo. Ikhophi eyodwa yephakethe ivela kuthrafikhi yokungena echwebeni lokungena, kanti enye ikhophi yephakethe ivela kuthrafikhi yokungena echwebeni lokungena.
- I-VSPAN iqapha kuphela ithrafikhi ephuma noma engena emachwebeni e-Layer 2 ku-VLAN.
I-Remote SPAN (RSPAN)
I-Remote SPAN (RSPAN) ifana ne-SPAN, kodwa isekela amachweba omthombo, ama-VLAN omthombo, kanye namachweba okuya ezindaweni ezahlukene, ahlinzeka ngethrafikhi yokuqapha ekude evela ezindaweni zomthombo ezisatshalaliswe phezu kwamaswishi amaningi futhi ivumela indawo okuya kuyo ukuthi ihlanganise amadivayisi okuthwebula inethiwekhi. Iseshini ngayinye ye-RSPAN ithwala ithrafikhi ye-SPAN phezu kwe-RSPAN VLAN enikezelwe ngumsebenzisi kuzo zonke izishintshi ezihlanganyelayo. Le VLAN ibe isixhunywa kwezinye izishintshi, okuvumela ithrafikhi yeseshini ye-RSPAN ukuthi ithuthwe ngokusebenzisa izishintshi eziningi futhi ithunyelwe esiteshini sokuthwebula indawo. I-RSPAN iqukethe iseshini yomthombo we-RSPAN, i-RSPAN VLAN, kanye neseshini yokuya endaweni ye-RSPAN.
Iziqondiso noma imikhawulo ku-RSPAN:
- I-VLAN ethile kumele ilungiselelwe indawo ye-SPAN ezonqamula phakathi kwamaswishi aphakathi ngezixhumanisi ze-trunk ziye echwebeni lendawo.
- Ingadala uhlobo olufanayo lomthombo - okungenani imbobo eyodwa noma okungenani i-VLAN eyodwa kodwa ayikwazi ukuba yingxube.
- Indawo okuzoyiwa kuyo iseshini yi-RSPAN VLAN kune-single port in switch, ngakho-ke wonke ama-port ku-RSPAN VLAN azothola ithrafikhi ebonisiwe.
- Lungiselela noma iyiphi i-VLAN njenge-RSPAN VLAN uma nje wonke amadivayisi enethiwekhi abambe iqhaza esekela ukucushwa kwama-RSPAN VLAN, futhi asebenzise i-RSPAN VLAN efanayo kuseshini ngayinye ye-RSPAN
- I-VTP ingasakaza ukucushwa kwama-VLAN anenombolo 1 kuya ku-1024 njenge-RSPAN VLANs, kumele ilungiselele ngesandla ama-VLAN anenombolo ephakeme kune-1024 njenge-RSPAN VLANs kuwo wonke amadivayisi enethiwekhi yomthombo, ephakathi nendawo, kanye nendawo.
- Ukufunda ikheli le-MAC kukhutshaziwe ku-RSPAN VLAN.
I-SPAN ekude ehlanganisiwe (i-ERSPAN)
I-Encapsulated remote SPAN (ERSPAN) iletha i-general routing encapsulation (GRE) yazo zonke ithrafikhi ezithwetshuliwe futhi ivumela ukuthi inwetshwe kuzo zonke izizinda ze-Layer 3.
I-ERSPAN iyi-Ubunikazi beCiscoI-ASR 1000 isekela umthombo we-ERSPAN (ukuqapha) kuphela ku-Fast Ethernet, Gigabit Ethernet, kanye nezixhumi ze-port-channel.
Iziqondiso noma imikhawulo ku-ERSPAN:
- Amaseshini omthombo we-ERSPAN awakopishi ithrafikhi ye-ERSPAN GRE-encapsulated evela kuma-port omthombo. Iseshini ngayinye yomthombo we-ERSPAN ingaba nama-port noma ama-VLAN njengemithombo, kodwa hhayi kokubili.
- Kungakhathaliseki ukuthi usayizi we-MTU ungakanani ohleliwe, i-ERSPAN idala amaphakethe e-Layer 3 angaba amabhayithi angu-9,202 ubude. Ithrafikhi ye-ERSPAN ingase yehliswe yinoma yisiphi isikhombimsebenzisi kunethiwekhi esiqinisekisa usayizi we-MTU ongaphansi kwamabhayithi angu-9,202.
- I-ERSPAN ayisekeli ukuqhekeka kwephakethe. I-bit ethi "ungaqhekeki" isethwe kusihloko se-IP samaphakethe e-ERSPAN. Amaseshini okuya endaweni ye-ERSPAN awakwazi ukuhlanganisa kabusha amaphakethe e-ERSPAN aqhekekile.
- I-ID ye-ERSPAN ihlukanisa ithrafikhi ye-ERSPAN efika ekhelini le-IP elifanayo lendawo evela kumaseshini ahlukahlukene omthombo we-ERSPAN; i-ID ye-ERSPAN elungiselelwe kumele ifane kumadivayisi omthombo kanye nendawo.
- Ngechweba lomthombo noma i-VLAN yomthombo, i-ERSPAN ingaqapha ukungena, ukuphuma, noma kokubili ithrafikhi yokungena nokuphuma. Ngokuzenzakalelayo, i-ERSPAN iqapha yonke ithrafikhi, kufaka phakathi ozimele be-multicast kanye ne-Bridge Protocol Data Unit (BPDU).
- Isixhumi esibonakalayo se-Tunnel esisekelwa njengezimbobo zomthombo weseshini yomthombo we-ERSPAN yi-GRE, i-IPinIP, i-SVTI, i-IPv6, i-IPv6 over IP tunnel, i-Multipoint GRE (mGRE) kanye ne-Secure Virtual Tunnel Interfaces (SVTI).
- Inketho ye-VLAN yesihlungi ayisebenzi kuseshini yokuqapha ye-ERSPAN kuma-interface e-WAN.
- I-ERSPAN ku-Cisco ASR 1000 Series Routers isekela kuphela izixhumi ze-Layer 3. Izixhumi ze-Ethernet azisekelwa ku-ERSPAN uma zilungiselelwe njengezixhumi ze-Layer 2.
- Uma iseshini ihlelwe nge-ERSPAN configuration CLI, i-session ID kanye nohlobo lweseshini azikwazi ukushintshwa. Ukuze uzishintshe, kumele uqale usebenzise uhlobo lomyalo wokucushwa oluthi cha ukuze ususe iseshini bese uphinda ulungiselele iseshini.
- I-Cisco IOS XE Release 3.4S:- Ukuqapha amaphakethe e-tunnel angavikelwe yi-IPsec kusekelwa ku-IPv6 kanye ne-IPv6 ngaphezulu kwe-IP tunnel interfaces kuphela kumaseshini omthombo we-ERSPAN, hhayi kumaseshini okuya e-ERSPAN.
- I-Cisco IOS XE Release 3.5S, ukwesekwa kwengezwe kulezi zinhlobo ezilandelayo ze-WAN interfaces njengezindawo zomthombo weseshini yomthombo: I-Serial (T1/E1, T3/E3, DS0), Iphakethe phezu kwe-SONET (POS) (OC3, OC12) kanye ne-Multilink PPP (amagama angukhiye e-multilink, pos, kanye ne-serial angeziwe kumyalo we-source interface).
Ukusebenzisa i-ERSPAN njenge-Local SPAN:
Ukuze sisebenzise i-ERSPAN ukuqapha ithrafikhi ngechweba elilodwa noma ngaphezulu noma ama-VLAN kudivayisi efanayo, kumele sidale umthombo we-ERSPAN kanye nezikhathi zendawo ye-ERSPAN kudivayisi efanayo, ukugeleza kwedatha kwenzeka ngaphakathi kwe-router, okufana nalokho okuse-SPAN yendawo.
Izici ezilandelayo ziyasebenza uma usebenzisa i-ERSPAN njenge-SPAN yendawo:
- Zombili izikhathi zine-ERSPAN ID efanayo.
- Zombili izikhathi zinekheli le-IP elifanayo. Leli kheli le-IP liyikheli le-IP lama-router; okungukuthi, ikheli le-IP elibuyela emuva noma ikheli le-IP elilungiselelwe kunoma iyiphi i-port.
| (config)# monitor session 10 uhlobo lwe-erspan-source |
| (config-mon-erspan-src)# isikhombikubona somthombo Gig0/0/0 |
| (config-mon-erspan-src)# indawo oya kuyo |
| (config-mon-erspan-src-dst)# ikheli le-ip 10.10.10.1 |
| (config-mon-erspan-src-dst)# ikheli le-ip lomsuka 10.10.10.1 |
| (config-mon-erspan-src-dst)# erspan-id 100 |
Isikhathi sokuthunyelwe: Agasti-28-2024
