一、前言
SPAN技术主要是用来监控交换机上的数据流,大体分为两种类型,本地SPAN和远程SPAN. ----Local Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN),实现方法上稍有不同。 利用SPAN技术我们可以把交换机上某些想要被监控端口(以下简称受控端口)的数据流COPY或MIRROR一份,发送给连接在监控端口上的流量分析仪,比如CISCO的IDS或是装了SNIFFER工具的PC. 受控端口和监控端口可以在同一台交换机上(本地SPAN),也可以在不同的交换机上(远程SPAN)。
二、环境
设备:
SW1、SW2和SW3 quidwayS2000系列LS-2403H-HI
A和B 防火墙H3C F100-C
地址规划:
A eth0/0 192.168.10.1/24
B eth0/0 192.168.10.2/24
所需软件:
wireshark
三、配置
SW1
<Quidway>system-view System View: return to User View with Ctrl+Z. [Quidway]sysname SW1 [SW1]vlan 10 [SW1-vlan10]remote-probe vlan enable [SW1-vlan10]int e1/0/1 [SW1-Ethernet1/0/1]port link-type trunk [SW1-Ethernet1/0/1]port trunk permit vlan 10 Please wait... Done. [SW1-Ethernet1/0/1]quit [SW1]mirroring-group 1 remote-destination [SW1]mirroring-group 1 monitor-port e1/0/24 [SW1]mirroring-group 1 remote-probe vlan 10 [SW1]dis mirroring-group 1 mirroring-group 1: type: remote-destination status: active monitor port: Ethernet1/0/24 remote-probe vlan: 10
SW2
<Quidway>system-view System View: return to User View with Ctrl+Z. [Quidway]sysname SW2 [SW2]vlan 10 [SW2-vlan10]remote-probe vlan enable [SW2-vlan10]int e1/0/1 [SW2-Ethernet1/0/1]port link-type trunk [SW2-Ethernet1/0/1]port trunk permit vlan 10 Please wait... Done. [SW2-Ethernet1/0/1]int e1/0/2 [SW2-Ethernet1/0/2]port link-type trunk [SW2-Ethernet1/0/2]port trunk permit vlan 10 Please wait... Done.
SW3
<Quidway>system-view System View: return to User View with Ctrl+Z. [Quidway]sysname SW3 [SW3]vlan 10 [SW3-vlan10]remote-probe vlan enable //EI交换机 [SW3-vlan10]int e1/0/2 [SW3-Ethernet1/0/2]port link-type trunk [SW3-Ethernet1/0/2]port trunk permit vlan 10 Please wait... Done. [SW3-Ethernet1/0/2]quit [SW3]mirroring-group 1 remote-source [SW3]mirroring-group 1 mirroring-port e1/0/1 inbound [SW3]mirroring-group 1 mirroring-port e1/0/10 outbound [SW3]mirroring-group 1 reflector-port e1/0/5 [SW3]mirroring-group 1 remote-probe vlan 10 [SW3]dis mirroring-group 1 mirroring-group 1: type: remote-source status: active mirroring port: Ethernet1/0/1 inbound Ethernet1/0/10 outbound reflector port: Ethernet1/0/5 remote-probe vlan: 10
A
<H3C>system-view System View: return to User View with Ctrl+Z. [H3C]sysname A [A]int eth0/0 [A-Ethernet0/0]ip add 192.168.10.1 24
B
<H3C>system-view System View: return to User View with Ctrl+Z. [H3C]sysname B [B]int eth0/0 [B-Ethernet0/0]ip add 192.168.10.2 24
转载于:https://blog.51cto.com/hatech/1358967