Scribd
Upload
48 views

Configure Rspan Vmware

RSPAN enables monitoring traffic on one switch through a device on another switch. To configure RSPAN with VMware for an ExtraHop sensor, you must: 1. Create a virtual distributed switch (VDS) and add port groups and hosts to the VDS. 2. Add uplink ports to the VDS. 3. Configure an RSPAN port mirror on the VDS to monitor traffic and send it to the ExtraHop sensor destination port.

Uploaded by

armando.poyaoan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
48 views

Configure Rspan Vmware

RSPAN enables monitoring traffic on one switch through a device on another switch. To configure RSPAN with VMware for an ExtraHop sensor, you must: 1. Create a virtual distributed switch (VDS) and add port groups and hosts to the VDS. 2. Add uplink ports to the VDS. 3. Configure an RSPAN port mirror on the VDS to monitor traffic and send it to the ExtraHop sensor destination port.

Uploaded by

armando.poyaoan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

Configure RSPAN with VMware

Published: 2024-02-20

The Remote Switched Port Analyzer (RSPAN) enables you to monitor traffic on one switch through a device
on another switch and then send the monitored traffic to one or more destinations.
Before you begin
RSPAN requires that you configure an RSPAN VLAN on your physical switches. If you cannot configure an
RSPAN VLAN, consider configuring ERSPAN as an alternative. For more information, see How Mirroring
Works .
• You must have experience with basic VMware ESX and ESXi administration through the VMware
vSphere Web Client.
• You must have an uplink port (HW NIC) attached to the switch (preferably one that is not designated
for general network traffic).
• Direct access to the iDRAC console is preferred.
For information about configuring the VMware vSphere server, see the Working with Port Mirroring section
in the ESXi and vCenter documentation for your version of VMware.
For information about configuring VMware with an ExtraHop sensor, see Deploy the ExtraHop sensor with
VMware .
The following steps outline the key procedures that are required to configure RSPAN with VMware for an
ExtraHop sensor. Note that procedures in these steps might vary between versions of VMware.
Note: While these steps are required for RSPAN configuration, most deployments have completed
the first four steps prior to installing the sensor. If you have an existing Virtual Distributed
Switch, start with step 5.
1. Create a virtual distributed switch (VDS)
2. Add port groups to the VDS
3. Add a host to the VDS
4. Add uplink ports to the VDS
5. Configure an RSPAN port mirror on the VDS

Create a virtual distributed switch


Complete the following steps to create a virtual distributed switch (VDS). The VDS carries traffic from your
virtual machines (VM) to your physical network and to other VMs.
1. Log in to the vSphere Web Client.
2. Click vCenter Inventory Lists.

©
2024ExtraHop Networks, Inc. All rights reserved.
3. In the left panel, click Distributed Switches.

4. Above the list of switches, click the Create a new distributed switch icon.

Configure RSPAN with VMware 2


5. In the New Distributed Switch window, type a name for the switch, select the destination data center
or network folder, and then click Next.

6. Select the distributed switch version and click Next.

7. Edit the following settings:

a) Set the Number of uplinks to two or more if your SPAN traffic is on a dedicated NIC
(recommended). Otherwise, set this value to 1.
b) Click the Network I/O Control drop-down list and select one of the following options.
Disabled
If your SPAN traffic on a dedicated NIC. (Recommended)

Configure RSPAN with VMware 3


Enabled
If your SPAN traffic is on the same NIC as your monitored traffic.

Add port groups to the VDS


Complete the following steps to add port groups when you deploy a new virtual machine or add a new ESX
host into your VDS environment. Port groups enable you to properly associate the new machine or host to
the port group that is being monitored immediately.
1. Click on Networking.

2. Right-click the VDS and then select New Distributed Port Group.

3. In the New Distributed Port Group window, type a name for the port group and click Next.

4. Configure the following settings:

Configure RSPAN with VMware 4


a) Click the Port binding drop-down list and select Static binding.
b) Click the Port allocation drop-down list and select Fixed.
c) In the Number of ports field, type the number of ports you want to connect.
d) Leave the default settings for the remaining items.
e) Click Next.
5. Verify your settings and click Finish.
The new port group appears on the Manage tab.

6. Repeat these steps for any additional port groups.

Add a host to the VDS


Complete the following steps to add a host to the VDS. Skip this procedure if all hosts have already been
added to the cluster. We recommend that you dedicate one uplink for management and one uplink for
spanning.
1. Click Networking.

Configure RSPAN with VMware 5


2. Right-click the VDS and then select Add and Manage Hosts.
3. In the Add and Manage Hosts dialog box, click the Add Hosts radio button and click Next.

4. Click the plus icon to add a host.

5. In the list of available hosts, select the checkbox next to the host and click OK.

Configure RSPAN with VMware 6


6. Select the host from the list and click Next.
7. Select the checkboxes next to the network adapters you want to add to the host and click Next.
8. Assign one of the NICs to the management port group.
a) Select the network adapter from the list and click the Assign Port Group icon.
b) In the Select Network pop-up window, select the port group to assign to the network adapter for
management.
c) Assign one NIC to the monitoring port group.
9. Select the network adapter from the list and click the Assign Port Group icon.
10. In the Select Network pop-up window, select the port group to assign to the network adapter for
monitoring.

11. After you have assigned each adapter to a Destination Port Group (in the far right column), click Next.

12. On the Validate Changes screen, verify that the status has passed and click Next.

Configure RSPAN with VMware 7


13. Select the Migrate Virtual Machine Networking checkbox.

14. Click the Assign Port Group icon and assign a network adapter for management and a network adapter
for monitoring, and click Next.
15. Verify your settings and click Finish.

16. View the progress bar in the right panel and wait for the system to add the host.
The following figure shows an example configuration.

Configure RSPAN with VMware 8


Add uplink ports to the VDS
Complete the following steps to add an uplink port to the VDS. You must assign one uplink port to the VDS
for each associated host.
1. Browse to a host in the vSphere Web Client.
2. Click the Manage tab, and then select Networking > Virtual Switches.

3. From the list, select the distributed switch you want to add an uplink port to.
4. Click Manage the physical network adapters .
5. Click Add .
6. From the list, select a network adapter and then select the uplink port from the drop-down menu that
you want to assign to the network adapter.
7. Click OK.

Configure RSPAN with VMware 9


Configure an RSPAN port mirror
Complete the following steps to configure an RSPAN port mirror to view traffic on the VDS, to configure
the local switch to view external traffic, and to configure the virtual Discover appliance to do a combination
of both. The virtual Discover appliance can be deployed in environments with multiple ESX servers
connected with a virtual distributed switch (VDS).
Complete the following steps to configure a virtual Discover appliance as the destination for one or more
RSPAN mirror sessions. The RPSAN mirror sessions can originate from either a virtual distributed switch
(VDS) that mirrors local VM traffic or from a physical switch that mirrors external traffic.
The following steps are for a Discover appliance deployed on an ESX host that is managed by vCenter with
a configured VDS. You must connect a local switch to an uplink port that is configured as a VLAN trunk
port and that carries the RSPAN VLAN traffic. The RSPAN VLAN will carry the mirrored traffic and can span
multiple switches to reach the virtual Discover appliance.
The following figure illustrates the port mirror setup.

1. Click on Networking.
2. Select your VDS and ensure that the Settings tab is selected.
3. Click Port mirroring.

Configure RSPAN with VMware 10


4. Click New....
5. In the Add Port Mirroring Session wizard, select Remote Mirroring Destination, and then click Next.

6. In the Name field, type a name to identify the port mirroring session.
7. From the Status drop-down, select Enabled.
8. Click Next.

9. Click the plus icon to add the source VLAN IDs that you want to monitor, and then click Next.
10. Specify the destination port where you want to send mirrored traffic. This port is the virtual port on the
VDS that corresponds to the monitoring interface on your virtual Discover appliance.
11. Verify the summary information and then click Finish to add the port mirror.

Configure RSPAN with VMware 11

You might also like