详谈DHCP SNOOP等多方面的安全设置(1)(4)
RSPAN配置:
第一步:在所有交换机上将一个指定的VLAN提供给远程SPAN使用
- Switch(config)# vlan 901
- Switch(config-vlan)# remote span
- Switch(config-vlan)# end
第二步,配置源交换机
- Switch(config)# monitor session 1 source interface fastethernet0/10 tx
- Switch(config)# monitor session 1 source interface fastethernet0/2 rx
- Switch(config)# monitor session 1 source interface fastethernet0/3 rx
- Switch(config)# monitor session 1 source interface port-channel 102 rx
- Switch(config)# monitor session 1 destination remote vlan 901 reflector-port
- fastethernet0/1
- Switch(config)# end
第三步,目标交换机配置
- Switch(config)# monitor session 1 source remote vlan 901
- Switch(config)# monitor session 1 destination interface fastethernet0/5
- Switch(config)# end
- This example shows how to disable received traffic monitoring on port 1, which was configured for
- bidirectional monitoring:
- Switch(config)# no monitor session 1 source interface fastEthernet0/1 rx
- The monitoring of traffic received on port 1 is disabled, but traffic sent from this port continues to be
- monitored.
远程VLAN的监控
- Switch(config)# no monitor session 2
- Switch(config)# monitor session 2 source vlan 1 - 3 rx
- Switch(config)# monitor session 2 destination remote vlan 902 reflector-port
- gigabitethernet0/7
- Switch(config)# monitor session 2 source vlan 10 rx
- Switch(config)# end
- Switch(config)# no monitor session 2
- Switch(config)# monitor session 2 source interface gigabitethernet0/4 rx
- Switch(config)# monitor session 2 filter vlan 1 - 5 , 9
- Switch(config)# monitor session 2 destination remote vlan 902 reflector-port
- gigabitethernet0/8
- Switch(config)# end
评论暂时关闭