Source can either be an interface or VLAN from which you want to pull the capture.Įrspan-id is the ID of the GRE tunnel and can be anything between 1-64. Type erspan-source signifies that this will be an encapsulated SPAN session. The session number is simply the monitor session and can be any available session.
On the device where you want to run the capture enter global config mode and enter the following: Here’s how it’s done: How to Setup the ERSPAN Tunnel interfaces by default use GRE and simply require a source and destination address to start encapsulation.Īny destination IP address can be used with ERSPAN, so what happens if the destination address is where Wireshark is running on a computer? Wireshark sees the live capture! The packets are encapsulated in GRE, but Wireshark displays the information of the encapsulated traffic, so it’s not a problem. It’s often paired up with IPSEC and used in VPN scenarios. GRE (generic routing encapsulation) is a common way to tunnel traffic across networks. This week I learned a trick that allows much more flexibility!ĮRSPAN is like RSPAN in that you can send mirrored traffic to other devices, but that “E” (which stands for encapsulated) makes a world of difference! ERSPAN encapsulates SPAN into GRE. Typically when I need to do a packet capture on a remote Cisco IOS/IOS-XE device, I use RSPAN to mirror that traffic someplace where a VM can receive the capture.
0 kommentar(er)
