RSPN技术 SPAN技术主要是用来监控 交换机上的数据流，大体分为两种类型，本地SPAN和远程SPAN. ----Local Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN)，实现方法上稍有不同。 利用SPAN技术我们可以把 交换机上某些想要被监控端口（以下简称受控端口）的数据流COPY或MIRROR一 份，发送给连接在监控端口上的流量分析仪，比如CISCO的IDS或是装了SNIFFER工具的PC. 受控端口和 监控端口可以在同一台交换机上（本地SPAN），也可以在不同的交换机上（远程SPAN）。 实验器材：两台华为s2000hi交换机，一台s2000ei交换机，一台路由器，一台pc机，一台虚拟机做ndis服务器 配置sw1： [sw1]vlan 10 [sw1-vlan10]remote-probe vlan enable [sw1-vlan10]inter eth1/0/1 [sw1-Ethernet1/0/1]port link-type trunk [sw1-Ethernet1/0/1]port trunk permit vlan 10 Please wait... Done. [sw1-Ethernet1/0/1]quit [sw1]mirro? mirroring-group [sw1]mirroring-group 1 remote-destination [sw1]mirroring-group 1 monitor-port eth1/0/2 [sw1]mirroring-group 1 remote-probe vlan 10 配置sw2： [sw2]vlan 10 [sw2]inter e0/1 [sw2-Ethernet0/1]port link-type trunk [sw2-Ethernet0/1]port trunk permit vlan 10 Please wait... Done. [sw2-Ethernet0/1]inter e0/2 [sw2-Ethernet0/2]port link-type trunk [sw2-Ethernet0/2]port trunk permit vlan 10 Please wait... Done. 配置sw3： [sw3]vlan 10 [sw3-vlan10]remote-probe vlan enable [sw3-vlan10]inter eth1/0/2 [sw3-Ethernet1/0/2]port link-type trunk [sw3-Ethernet1/0/2]port trunk permit vlan 10 Please wait... Done. [sw3-Ethernet1/0/2]mirroring-group 1 remote-source [sw3]mirroring-group 1 mirroring-port eth1/0/10 ? Ethernet Ethernet interface both Monitor the inbound and outbound packets inbound Monitor the inbound packets outbound Monitor the outbound packets to Range of interfaces [sw3]mirroring-group 1 mirroring-port eth1/0/10 eth1/0/20 both The remote source mirroring group doesn't support mirroring port of both direction! [sw3]mirroring-group 1 mirroring-port eth1/0/10 both The remote source mirroring group doesn't support mirroring port of both direction! [sw3]mirroring-group 1 mirroring-port eth1/0/10 eth1/0/20 inbound [sw3]mirroring-group 1 reflector-port eth1/0/5 [sw3]mirroring-group 1 remote-probe vlan 10 [sw3]dis mirroring-group remote-source mirroring-group 1: type: remote-source status: active mirroring port: Ethernet1/0/10 inbound Ethernet1/0/20 inbound reflector port: Ethernet1/0/5 remote-probe vlan: 10 [sw3] 配置路由器： [r10]inter e0 [r10-Ethernet0]ip address 192.168.1.2 24 [r10-Ethernet0] [r10-Ethernet0] [r10-Ethernet0] [r10-Ethernet0] [r10-Ethernet0] [r10-Ethernet0]quit [r10] [r10] [r10] [r10]local-user user1 password sim 123 ser admin 测试： 用pc2（192.168.1.3）telnetpc1（192.168.1.2） 用sniffer抓包：

 

转载于:https://blog.51cto.com/liufan0321/1080048