Cisco SPAN

From HackerNet
Jump to: navigation, search

Det finns olika varianter.

  • SPAN
  • RSPAN
  • ERSPAN

IOS 

monitor session 1 source interface fa0/2 rx
monitor session 1 destination interface fa0/3

NX-OS

SPAN

Destination 

interface Ethernet1/1
 description MONITOR-SESSION-1
 switchport
 switchport monitor
 no shutdown

Monitor session 

monitor session 1
 description SPAN-to-SERVER
 source vlan 10-20 both
 rate-limit auto
 destination interface Ethernet1/1
 no shut

Show 

show monitor

ERSPAN 

monitor session 1 type erspan-source
description ERSPAN direct to Sniffer PC
erspan-id 32                              # required, # between 1-1023
vrf default                               # required
destination ip 10.1.2.3                   # IP address of Sniffer PC
source interface port-channel1 both       # Port(s) to be sniffed
filter vlan 3900                          # limit VLAN(s) (optional)
no shut                                   # enable
monitor erspan origin ip-address 10.1.2.1 global
Retrieved from "https://hackernet.se/index.php?title=Cisco_SPAN&oldid=1208"