SPAN(Switch Port Analyzer) 설정해보기

by 파시스트 posted May 20, 2017
?

단축키

Prev이전 문서

Next다음 문서

ESC닫기

크게 작게 위로 아래로 댓글로 가기 인쇄

SPAN monitoring


SPAN은 Switch Port Analyzer로써 스위치의 특정 포트로 다른 포트의 트래픽을 복사해 주는 기술로,

포트 미러링(Port mirroring)이라고도 한다. 특정포트를 통해 입출력되는 트래픽을 다른 포트로 복사하면

관리자는 해당 포트에 연결된 분석장비를 통해 관리 포트에 대한 트래픽을 분석할 수 있다.

SPAN은 네트워크 관리에 더해서 침입방지시스템 (IDS)를 위해서 설정하기도 한다.


분석 대상이 되는 포트 – span source port / span monitored port

분석 장비가 연결된 포트 – span destination port / span monitoring port




■ CASE 1 – Local SPAN (Access Port)




 

■ Outside Router 기본 설정

-----------------------------------------------------------

Router 이름 변경

Router(config)# hostname Outside 

-----------------------------------------------------------

스위치와 연결된 포트를 Trunk 설정


Outside(config)# interface Fastethernet 0/15

Outside(config-if)# switchport trunk encapsulation dot1q

Outside(config-if)# switchport mode trunk

Outside(config-if)# no shutdown

Outside(config-if)# exit

-----------------------------------------------------------

VTP Server 설정


Outside# vlan database

Outside(vlan)# vtp domain hoony

Outside(vlan)# vtp server

Outside(vlan)# vtp password 1234

-----------------------------------------------------------

VLAN 설정


Outside(vlan)# vlan 10 name Target

Outside(vlan)# vlan 20 name Moniter

Outside(vlan)# vlan 30 name Source

Outside(vlan)# exit 

-----------------------------------------------------------

직접 연결된 VLAN30에 access port 할당


Outside(config)# interface Fastethernet 0/1

Outside(config-if)# switchport mode access

Outside(config-if)# switchport access vlan 30

Outside(config-if)# no shutdown

Outside(config-if)# exit

-----------------------------------------------------------

서로 다른 VLAN의 통신을 위한 SVI 설정


Outside(config)# ip routing

Outside(config)# interface vlan 10

Outside(config-if)# ip address 192.168.10.1 255.255.255.0

Outside(config-if)# exit

Outside(config)# interface vlan 20

Outside(config-if)# ip address 192.168.20.1 255.255.255.0

Outside(config-if)# exit

Outside(config)# interface vlan 30

Outside(config-if)# ip address 192.168.30.1 255.255.255.0

Outside(config-if)# exit

-----------------------------------------------------------

VTP 상태 확인


Outside# show vtp status

VTP Version                     : 2

Configuration Revision          : 1

Maximum VLANs supported locally : 256

Number of existing VLANs        : 8

VTP Operating Mode              : Server

VTP Domain Name                 : hoony

...생략

-----------------------------------------------------------

VLAN 설정 확인


Outside# show vlan-switch brief

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Fa0/0, Fa0/2, Fa0/3, Fa0/4

                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8

                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12

                                                Fa0/13, Fa0/14

10   Target                           active   

20   Moniter                          active   

30   Source                           active    Fa0/1

...생략

   



■ L2_Switch 기본 설정

-----------------------------------------------------------

스위치 이름 변경

Router(config)# hostname L2_Switch 

-----------------------------------------------------------

라우터에 연결된 포트를 trunk 지정


L2_Switch(config)# interface Fastethernet 0/15

L2_Switch(config-if)# switchport trunk encapsulation dot1q

L2_Switch(config-if)# switchport mode trunk

L2_Switch(config-if)# no shutdown

L2_Switch(config-if)# exit

-----------------------------------------------------------

VTP Client 설정


L2_Switch# vlan database

L2_Switch(vlan)# vtp domain hoony

L2_Switch(vlan)# vtp client

L2_Switch(vlan)# vtp password 1234 

-----------------------------------------------------------

연결된 VLAN에 access port 할당


L2_Switch# configure terminal

L2_Switch(config)# interface Fastethernet 0/5

L2_Switch(config-if)# switchport mode access

L2_Switch(config-if)# switchport access vlan 10

L2_Switch(config-if)# no shutdown

L2_Switch(config-if)# exit

L2_Switch(config)# interface Fastethernet 0/10

L2_Switch(config-if)# switchport mode access

L2_Switch(config-if)# switchport access vlan 20

L2_Switch(config-if)# no shutdown

L2_Switch(config-if)# exit

-----------------------------------------------------------

VTP 상태 확인


L2_Switch# show vtp status

VTP Version                     : 2

Configuration Revision          : 1

Maximum VLANs supported locally : 256

Number of existing VLANs        : 8

VTP Operating Mode              : Server

VTP Domain Name                 : hoony

...생략

-----------------------------------------------------------

VLAN 정보 확인


L2_Switch# show vlan-switch brief

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Fa0/0, Fa0/1, Fa0/2, Fa0/3

                                                Fa0/4, Fa0/6, Fa0/7, Fa0/8

                                                Fa0/9, Fa0/11, Fa0/12, Fa0/13

                                                Fa0/14

10   Target                           active    Fa0/5

20   Moniter                          active    Fa0/10

30   Source                           active

...생략   

  

■ SPAN – access port 설정


L2_Switch(config)# monitor session 1 source interface fastEthernet 0/5

L2_Switch(config)# monitor session 1 destination interface fastEthernet 0/10

 

■ ICMP 트래픽 발생 


■ ICMP 트래픽 -  모니터링


​ 

■ CASE 2 – Local SPAN (Trunk Port)



스위치의 FastEthernet 0/15 트렁크 포트로 송수신되는 트래픽을 FastEthernet 0/11 포트로 미러링 하는 구성


■ Outside Router 기본 설정

-----------------------------------------------------------

스위치에 연결된 포트를 Trunk 설정


Router(config)# hostname Outside

Outside(config)# interface fastethernet 0/15

Outside(config-if)# switchport trunk encapsulation dot1q

Outside(config-if)# switchport mode trunk

Outside(config-if)# no shutdown

Outside(config-if)# exit

-----------------------------------------------------------

VTP 서버 및 VLAN 설정


Outside# vlan database

Outside(vlan)# vtp domain Hoony

Outside(vlan)# vtp server

Outside(vlan)# vtp password cisco

Outside(vlan)# vlan 10 name Source

Outside(vlan)# vlan 20 name Target

Outside(vlan)# vlan 40 name Monitor

-----------------------------------------------------------

VLAN 통신을 위한 SVI 설정


Outside(config)# ip routing

Outside(config)# interface vlan 10

Outside(config-if)# ip address 192.168.10.1 255.255.255.0

Outside(config-if)# exit

Outside(config)# interface vlan 20

Outside(config-if)# ip address 192.168.20.1 255.255.255.0

Outside(config-if)# exit

Outside(config)# interface vlan 40

Outside(config-if)# ip address 192.168.40.1 255.255.255.0

Outside(config-if)# exit

-----------------------------------------------------------

VTP 및 VLAN 정보 확인


Router(config)# hostname Outside

Outside# show vtp status

VTP Version                     : 2

Configuration Revision          : 1

Maximum VLANs supported locally : 256

Number of existing VLANs        : 8

VTP Operating Mode              : Server

VTP Domain Name                 : Hoony

...중략


Outside# show vlan-switch brief

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Fa0/0, Fa0/1, Fa0/2, Fa0/3

                                                Fa0/4, Fa0/5, Fa0/6, Fa0/7

                                                Fa0/8, Fa0/9, Fa0/10, Fa0/11

                                                Fa0/12, Fa0/13, Fa0/14

10   Source                           active   

20   Target                           active   

40   Monitor                          active

... 중략   



■ L2_Switch 기본 설정

-----------------------------------------------------------

라우터에 연결된 포트를 Trunk 설정


Router(config)# hostname L2_Switch

L2_Switch(config)# interface fastethernet 0/15

L2_Switch(config-if)# switchport trunk encapsulation dot1q

L2_Switch(config-if)# switchport mode trunk

L2_Switch(config-if)# no shutdown

L2_Switch(config-if)# exit 

-----------------------------------------------------------

VTP 클라이언트 설정


L2_Switch# vlan database

L2_Switch(vlan)# vtp domain Hoony

L2_Switch(vlan)# vtp client

L2_Switch(vlan)# vtp password cisco

L2_Switch(vlan)# exit

-----------------------------------------------------------

스위치에 연결된 VLAN에 access port 할당


L2_Switch(config)# interface fastethernet 0/1

L2_Switch(config-if)# switchport mode access

L2_Switch(config-if)# switchport access vlan 10

L2_Switch(config-if)# no shutdown

L2_Switch(config-if)# exit

L2_Switch(config)# interface fastethernet 0/6

L2_Switch(config-if)# switchport mode access

L2_Switch(config-if)# switchport access vlan 20

L2_Switch(config-if)# no shutdown

L2_Switch(config-if)# exit

L2_Switch(config)# interface fastethernet 0/11

L2_Switch(config-if)# switchport mode access

L2_Switch(config-if)# switchport access vlan 40

L2_Switch(config-if)# no shutdown

L2_Switch(config-if)# exit

L2_Switch(config)# exit

-----------------------------------------------------------

VTP 및 VLAN 설정 확인


L2_Switch# show vtp status

VTP Version                     : 2

Configuration Revision          : 1

Maximum VLANs supported locally : 256

Number of existing VLANs        : 8

VTP Operating Mode              : Client

VTP Domain Name                 : Hoony

...생략


L2_Switch# show vlan-switch brief


VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Fa0/0, Fa0/2, Fa0/3, Fa0/4

                                                Fa0/5, Fa0/7, Fa0/8, Fa0/9

                                                Fa0/10, Fa0/12, Fa0/13, Fa0/14

10   Source                           active    Fa0/1

20   Target                           active    Fa0/6

40   Monitor                          active    Fa0/11

... 생략



■ SPAN – trunk port 설정


L2_Switch(config)# monitor session 1 source interface fastEthernet 0/15

L2_Switch(config)# monitor session 1 destination interface fastEthernet 0/11




■ CASE 3 – VLANl SPAN



스위치의 VLAN 10, 20에서 송수신되는 트래픽을 FastEthernet 0/11 포트로 미러링



■ Multi_1 Switch 기본 설정

-----------------------------------------------------------

Multi_2 스위치와 연결된 포트를 Trunk 설정


Router(config)# hostname Multi_1

Multi_1(config)# interface fastethernet 0/15

Multi_1(config-if)# switchport trunk encapsulation dot1q

Multi_1(config-if)# switchport mode trunk

Multi_1(config-if)# no shutdown

Multi_1(config-if)# exit

-----------------------------------------------------------

VTP 서버 및 VLAN 설정


Multi_1# vlan database

Multi_1(vlan)# vtp domain Hoony

Multi_1(vlan)# vtp server

Multi_1(vlan)# vtp password cisco

Multi_1(vlan)# vlan 10 name Client

Multi_1(vlan)# vlan 20 name Server

Multi_1(vlan)# vlan 30 name Monitor

Multi_1(vlan)# exit

-----------------------------------------------------------

Multi_1 스위치에 연결된 VLAN에 Access port 할당


Multi_1# configure terminal

Multi_1(config)# interface fastethernet 0/1

Multi_1(config-if)# switchport mode access

Multi_1(config-if)# switchport access vlan 10

Multi_1(config-if)# no shutdown

Multi_1(config-if)# exit

Multi_1(config)# interface fastethernet 0/6

Multi_1(config-if)# switchport mode access

Multi_1(config-if)# switchport access vlan 20

Multi_1(config-if)# no shutdown

Multi_1(config-if)# exit

Multi_1(config)# interface fastethernet 0/11

Multi_1(config-if)# switchport mode access

Multi_1(config-if)# switchport access vlan 30

Multi_1(config-if)# no shutdown

Multi_1(config-if)# exit



-----------------------------------------------------------

서로 다른 VLAN 사이의 통신을 위한 SVI 설정


Multi_1(config)# ip routing

Multi_1(config)# interface vlan 10

Multi_1(config-if)# ip address 192.168.10.1 255.255.255.0

Multi_1(config-if)# exit

Multi_1(config)# interface vlan 20

Multi_1(config-if)# ip address 192.168.20.1 255.255.255.0

Multi_1(config-if)# exit

Multi_1(config)# interface vlan 30

Multi_1(config-if)# ip address 192.168.30.1 255.255.255.0

Multi_1(config-if)# exit

-----------------------------------------------------------

VTP 정보 및 VLAN 설정 확인


Multi_1# show vtp status

VTP Version                     : 2

Configuration Revision          : 1

Maximum VLANs supported locally : 256

Number of existing VLANs        : 8

VTP Operating Mode              : Server

VTP Domain Name                 : Hoony

...생략


Multi_1# show vlan-switch brief

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Fa0/0, Fa0/2, Fa0/3, Fa0/4

                                                Fa0/5, Fa0/7, Fa0/8, Fa0/9

                                                Fa0/10, Fa0/12, Fa0/13, Fa0/14

10   Client                           active    Fa0/1

20   Server                           active    Fa0/6

30   Monitor                          active    Fa0/11

...생략



■ Multi_2 Switch 기본 설정

-----------------------------------------------------------

Multi_1 스위치와 연결된 포트를 Trunk 설정


Router(config)# hostname Multi_2

Multi_2(config)# interface fastethernet 0/15

Multi_2(config-if)# switchport trunk encapsulation dot1q

Multi_2(config-if)# switchport mode trunk

Multi_2(config-if)# no shutdown

Multi_2(config-if)# exit

Multi_2(config)# exit

-----------------------------------------------------------

VTP 클라이언트 설정


Multi_2# vlan database

Multi_2(vlan)# vtp domain Hoony

Multi_2(vlan)# vtp client

Multi_2(vlan)# vtp password cisco

Multi_2(vlan)# exit

-----------------------------------------------------------

Multi_2 스위치에 연결된 VLAN에 Access port 할당


Multi_2(config)# interface fastethernet 0/1

Multi_2(config-if)# switchport mode access

Multi_2(config-if)# switchport access vlan 10

Multi_2(config-if)# no shutdown

Multi_2(config-if)# exit

Multi_2(config)# interface fastethernet 0/6

Multi_2(config-if)# switchport mode access

Multi_2(config-if)# switchport access vlan 20

Multi_2(config-if)# no shutdown

Multi_2(config-if)# exit

-----------------------------------------------------------

VTP 정보 및 VLAN 설정 확인


Multi_2# show vtp status

VTP Version                     : 2

Configuration Revision          : 1

Maximum VLANs supported locally : 256

Number of existing VLANs        : 8

VTP Operating Mode              : Client

VTP Domain Name                 : Hoony

...생략


Multi_2# show vlan-switch brief

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Fa0/0, Fa0/2, Fa0/3, Fa0/4

                                                Fa0/5, Fa0/7, Fa0/8, Fa0/9

                                                Fa0/10, Fa0/11, Fa0/12, Fa0/13

                                                Fa0/14

10   Client                           active    Fa0/1

20   Server                           active    Fa0/6

30   Monitor                          active   

...생략


■ SPAN – VLAN 설정


Multi_1(config)#  monitor session 1 source vlan 10

Multi_1(config)#  monitor session 1 source vlan 20

Multi_1(config)#  monitor session 1 destination interface fastethernet 0/11


■ ICMP / DNS 조회 / HTTP 접속 / FTP 접속의 트래픽을 발생시키고 SPAN을 통한 트래픽 확인


 

[출처] SPAN(Switch Port Analyzer)|작성자 HOONY

위로 아래로 댓글로 가기 인쇄



애플, 80달러 짜리 무선이어폰 '비츠 솔로 버즈' 발표 예정 [1]
라자루스·안다리엘·김수키까지 北 해커조직 총동원... 국내 방산업체 83곳 공격해 10여곳 해킹 [1]
[All Around AI 1편] AI의 시작과 발전 과정, 미래 전망 [1]
국내 최대 온라인 미디어 "김어준", 하이브vs민희진 이슈 분석 및 정리 [5]
글로벌 포스, SEVENTEEN (세븐틴) 'MAESTRO' Official MV [4]
[스브스픽] 민희진, 이사회 소집 거부…하이브, 법원 통해 교체 수순 [2]
사이버 보안이 사회 전체의 문제라는 걸 받아들인다면 [1]
'3N' 1분기 실적 '힘든 게임'... 카겜·네오위즈만 '꿀잼' [1]
인텔, 6월 서울서 'AI 서밋' 개최…팻 겔싱어 CEO 참석 [1]
“종말이 오는 줄”…中 광저우 휩쓴 토네이도 영상 보니 [1]
셀트리온 "美 3대 PBM `ESI`와 짐펜트라 등재계약 체결" [1]
“아이폰에 챗GPT 탑재?…애플, 오픈AI와 논의 재개” [1]
지코X제니 조합 적중했다···‘스폿’ 국내외 음원차트 1위 휩쓸어 [1]


Articles

6 7 8 9 10 11 12 13 14 15