RSPAN

一、前言

  SPAN技术主要是用来监控交换机上的数据流&＃xff0c;大体分为两种类型&＃xff0c;本地SPAN和远程SPAN. ----Local Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN)&＃xff0c;实现方法上稍有不同。 利用SPAN技术我们可以把交换机上某些想要被监控端口&＃xff08;以下简称受控端口&＃xff09;的数据流COPY或MIRROR一份&＃xff0c;发送给连接在监控端口上的流量分析仪&＃xff0c;比如CISCO的IDS或是装了SNIFFER工具的PC. 受控端口和监控端口可以在同一台交换机上&＃xff08;本地SPAN&＃xff09;&＃xff0c;也可以在不同的交换机上&＃xff08;远程SPAN&＃xff09;。

二、环境

设备&＃xff1a;

SW1、SW2和SW3    quidwayS2000系列LS-2403H-HI

A和B             防火墙H3C F100-C

地址规划&＃xff1a;

A eth0/0  192.168.10.1/24

B eth0/0  192.168.10.2/24

所需软件&＃xff1a;

wireshark

三、配置

SW1

system-view
System View: return to User View with Ctrl&＃43;Z.
[Quidway]sysname SW1
[SW1]vlan 10
[SW1-vlan10]remote-probe vlan enable
[SW1-vlan10]int e1/0/1
[SW1-Ethernet1/0/1]port link-type trunk
[SW1-Ethernet1/0/1]port trunk permit vlan 10Please wait... Done.
[SW1-Ethernet1/0/1]quit
[SW1]mirroring-group 1 remote-destination
[SW1]mirroring-group 1 monitor-port e1/0/24
[SW1]mirroring-group 1 remote-probe vlan 10
[SW1]dis mirroring-group 1
mirroring-group 1:type: remote-destinationstatus: activemonitor port: Ethernet1/0/24remote-probe vlan: 10

SW2

system-view
System View: return to User View with Ctrl&＃43;Z.
[Quidway]sysname SW2
[SW2]vlan 10
[SW2-vlan10]remote-probe vlan enable
[SW2-vlan10]int e1/0/1
[SW2-Ethernet1/0/1]port link-type trunk
[SW2-Ethernet1/0/1]port trunk permit vlan 10Please wait... Done.
[SW2-Ethernet1/0/1]int e1/0/2
[SW2-Ethernet1/0/2]port link-type trunk
[SW2-Ethernet1/0/2]port trunk permit vlan 10Please wait... Done.

SW3

system-view
System View: return to User View with Ctrl&＃43;Z.
[Quidway]sysname SW3
[SW3]vlan 10
[SW3-vlan10]remote-probe vlan enable //EI交换机
[SW3-vlan10]int e1/0/2
[SW3-Ethernet1/0/2]port link-type trunk
[SW3-Ethernet1/0/2]port trunk permit vlan 10Please wait... Done.
[SW3-Ethernet1/0/2]quit
[SW3]mirroring-group 1 remote-source
[SW3]mirroring-group 1 mirroring-port e1/0/1 inbound
[SW3]mirroring-group 1 mirroring-port e1/0/10 outbound
[SW3]mirroring-group 1 reflector-port e1/0/5
[SW3]mirroring-group 1 remote-probe vlan 10
[SW3]dis mirroring-group 1
mirroring-group 1:type: remote-sourcestatus: activemirroring port:Ethernet1/0/1 inboundEthernet1/0/10 outboundreflector port: Ethernet1/0/5remote-probe vlan: 10

A

system-view
System View: return to User View with Ctrl&＃43;Z.
[H3C]sysname A
[A]int eth0/0
[A-Ethernet0/0]ip add 192.168.10.1 24

B

system-view
System View: return to User View with Ctrl&＃43;Z.
[H3C]sysname B
[B]int eth0/0
[B-Ethernet0/0]ip add 192.168.10.2 24