Port traffic monitoring Rspan of network security

In this article, small knitting and readers to talk about Rspan technology, this technology small series like Ah, for a network management personnel, in order to ensure intranet server security, you can not keep a bunch of servers every day, Rspan technology plus related monitoring software can help you to dynamically monitor intranet server, Here small weave uses Huawei's equipment to realize.

The switch that implements the Rspan function is divided into three kinds:

1. SOURCE switch: The switch where the monitored port is located, responsible for two-layer forwarding of the traffic that needs to be mirrored on the Remote-probe VLAN, forwarded to the intermediate switch or the destination switch.

2. Intermediate switch: The switch between the source switch and the destination switch in the network, which transmits the mirrored traffic to the next intermediate switch or destination switch via the Remote-probe VLAN. If the source switch is directly connected to the destination switch, there is no intermediate switch.

3. Purpose switch: The switch where the remote mirror destination port is located, forwards the mirrored traffic received from the Remote-probe VLAN to the monitoring device via the mirror destination port.

The ports participating in mirroring on each switch are shown in the following illustration

In order to realize the remote port mirroring function, we need to define a special VLAN, called the Remote-probe VLAN. All mirrored packets are passed through the VLAN from the source switch to the mirror port of the destination switch, realizing the function of monitoring the message of the remote port of the source switch on the destination switch. The Remote-probe VLAN has the following characteristics:

1. To configure the device interconnect ports in the VLAN as trunk ports;

2. Able to set the default VLAN, Management VLAN into Remote-probe VLAN;

3. Need to be configured to ensure that the Remote-probe VLAN from the source switch to the destination switch two layer interoperability;

4. Bidirectional (both) mirroring cannot be supported when the switch is used as an intermediary device or as a target device.

Configuration Preparation

1. Fixed the source switch, intermediate switch, destination switch

2. Identified the mirrored source port, reflection port, mirror destination port, Remote-probe VLAN

3. Through configuration to ensure that the Remote-probe VLAN from the source switch to the destination switch two-tier interoperability

4. Determine the direction of the monitored message

5. Intermediate switches, destination switches support the ability to not learn Mac by VLAN, and after configuring a VLAN to Remote-probe VLAN, the system will disable MAC address learning under this VLAN

6. If you are configuring a remote mirror based on a Mac, you need to determine that the configured MAC address must be a static MAC address that exists in the MAC Address table entry

7. If you are configuring a VLAN based remote mirror, you need to determine the appropriate VLAN ID

The configuration process on the source switch