SPAN monitoring
SPAN은 Switch Port Analyzer로써 스위치의 특정 포트로 다른 포트의 트래픽을 복사해 주는 기술로,
포트 미러링(Port mirroring)이라고도 한다. 특정포트를 통해 입출력되는 트래픽을 다른 포트로 복사하면
관리자는 해당 포트에 연결된 분석장비를 통해 관리 포트에 대한 트래픽을 분석할 수 있다.
SPAN은 네트워크 관리에 더해서 침입방지시스템 (IDS)를 위해서 설정하기도 한다.
분석 대상이 되는 포트 – span source port / span monitored port
분석 장비가 연결된 포트 – span destination port / span monitoring port
■ CASE 1 – Local SPAN (Access Port)
■ Outside Router 기본 설정
-----------------------------------------------------------
Router 이름 변경
Router(config)# hostname Outside
-----------------------------------------------------------
스위치와 연결된 포트를 Trunk 설정
Outside(config)# interface Fastethernet 0/15
Outside(config-if)# switchport trunk encapsulation dot1q
Outside(config-if)# switchport mode trunk
Outside(config-if)# no shutdown
Outside(config-if)# exit
-----------------------------------------------------------
VTP Server 설정
Outside# vlan database
Outside(vlan)# vtp domain hoony
Outside(vlan)# vtp server
Outside(vlan)# vtp password 1234
-----------------------------------------------------------
VLAN 설정
Outside(vlan)# vlan 10 name Target
Outside(vlan)# vlan 20 name Moniter
Outside(vlan)# vlan 30 name Source
Outside(vlan)# exit
-----------------------------------------------------------
직접 연결된 VLAN30에 access port 할당
Outside(config)# interface Fastethernet 0/1
Outside(config-if)# switchport mode access
Outside(config-if)# switchport access vlan 30
Outside(config-if)# no shutdown
Outside(config-if)# exit
-----------------------------------------------------------
서로 다른 VLAN의 통신을 위한 SVI 설정
Outside(config)# ip routing
Outside(config)# interface vlan 10
Outside(config-if)# ip address 192.168.10.1 255.255.255.0
Outside(config-if)# exit
Outside(config)# interface vlan 20
Outside(config-if)# ip address 192.168.20.1 255.255.255.0
Outside(config-if)# exit
Outside(config)# interface vlan 30
Outside(config-if)# ip address 192.168.30.1 255.255.255.0
Outside(config-if)# exit
-----------------------------------------------------------
VTP 상태 확인
Outside# show vtp status
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 256
Number of existing VLANs : 8
VTP Operating Mode : Server
VTP Domain Name : hoony
...생략
-----------------------------------------------------------
VLAN 설정 확인
Outside# show vlan-switch brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/0, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14
10 Target active
20 Moniter active
30 Source active Fa0/1
...생략
■ L2_Switch 기본 설정
-----------------------------------------------------------
스위치 이름 변경
Router(config)# hostname L2_Switch
-----------------------------------------------------------
라우터에 연결된 포트를 trunk 지정
L2_Switch(config)# interface Fastethernet 0/15
L2_Switch(config-if)# switchport trunk encapsulation dot1q
L2_Switch(config-if)# switchport mode trunk
L2_Switch(config-if)# no shutdown
L2_Switch(config-if)# exit
-----------------------------------------------------------
VTP Client 설정
L2_Switch# vlan database
L2_Switch(vlan)# vtp domain hoony
L2_Switch(vlan)# vtp client
L2_Switch(vlan)# vtp password 1234
-----------------------------------------------------------
연결된 VLAN에 access port 할당
L2_Switch# configure terminal
L2_Switch(config)# interface Fastethernet 0/5
L2_Switch(config-if)# switchport mode access
L2_Switch(config-if)# switchport access vlan 10
L2_Switch(config-if)# no shutdown
L2_Switch(config-if)# exit
L2_Switch(config)# interface Fastethernet 0/10
L2_Switch(config-if)# switchport mode access
L2_Switch(config-if)# switchport access vlan 20
L2_Switch(config-if)# no shutdown
L2_Switch(config-if)# exit
-----------------------------------------------------------
VTP 상태 확인
L2_Switch# show vtp status
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 256
Number of existing VLANs : 8
VTP Operating Mode : Server
VTP Domain Name : hoony
...생략
-----------------------------------------------------------
VLAN 정보 확인
L2_Switch# show vlan-switch brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/0, Fa0/1, Fa0/2, Fa0/3
Fa0/4, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/11, Fa0/12, Fa0/13
Fa0/14
10 Target active Fa0/5
20 Moniter active Fa0/10
30 Source active
...생략
■ SPAN – access port 설정
L2_Switch(config)# monitor session 1 source interface fastEthernet 0/5
L2_Switch(config)# monitor session 1 destination interface fastEthernet 0/10
■ ICMP 트래픽 발생
■ ICMP 트래픽 - 모니터링
■ CASE 2 – Local SPAN (Trunk Port)
스위치의 FastEthernet 0/15 트렁크 포트로 송수신되는 트래픽을 FastEthernet 0/11 포트로 미러링 하는 구성
■ Outside Router 기본 설정
-----------------------------------------------------------
스위치에 연결된 포트를 Trunk 설정
Router(config)# hostname Outside
Outside(config)# interface fastethernet 0/15
Outside(config-if)# switchport trunk encapsulation dot1q
Outside(config-if)# switchport mode trunk
Outside(config-if)# no shutdown
Outside(config-if)# exit
-----------------------------------------------------------
VTP 서버 및 VLAN 설정
Outside# vlan database
Outside(vlan)# vtp domain Hoony
Outside(vlan)# vtp server
Outside(vlan)# vtp password cisco
Outside(vlan)# vlan 10 name Source
Outside(vlan)# vlan 20 name Target
Outside(vlan)# vlan 40 name Monitor
-----------------------------------------------------------
VLAN 통신을 위한 SVI 설정
Outside(config)# ip routing
Outside(config)# interface vlan 10
Outside(config-if)# ip address 192.168.10.1 255.255.255.0
Outside(config-if)# exit
Outside(config)# interface vlan 20
Outside(config-if)# ip address 192.168.20.1 255.255.255.0
Outside(config-if)# exit
Outside(config)# interface vlan 40
Outside(config-if)# ip address 192.168.40.1 255.255.255.0
Outside(config-if)# exit
-----------------------------------------------------------
VTP 및 VLAN 정보 확인
Router(config)# hostname Outside
Outside# show vtp status
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 256
Number of existing VLANs : 8
VTP Operating Mode : Server
VTP Domain Name : Hoony
...중략
Outside# show vlan-switch brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/0, Fa0/1, Fa0/2, Fa0/3
Fa0/4, Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14
10 Source active
20 Target active
40 Monitor active
... 중략
■ L2_Switch 기본 설정
-----------------------------------------------------------
라우터에 연결된 포트를 Trunk 설정
Router(config)# hostname L2_Switch
L2_Switch(config)# interface fastethernet 0/15
L2_Switch(config-if)# switchport trunk encapsulation dot1q
L2_Switch(config-if)# switchport mode trunk
L2_Switch(config-if)# no shutdown
L2_Switch(config-if)# exit
-----------------------------------------------------------
VTP 클라이언트 설정
L2_Switch# vlan database
L2_Switch(vlan)# vtp domain Hoony
L2_Switch(vlan)# vtp client
L2_Switch(vlan)# vtp password cisco
L2_Switch(vlan)# exit
-----------------------------------------------------------
스위치에 연결된 VLAN에 access port 할당
L2_Switch(config)# interface fastethernet 0/1
L2_Switch(config-if)# switchport mode access
L2_Switch(config-if)# switchport access vlan 10
L2_Switch(config-if)# no shutdown
L2_Switch(config-if)# exit
L2_Switch(config)# interface fastethernet 0/6
L2_Switch(config-if)# switchport mode access
L2_Switch(config-if)# switchport access vlan 20
L2_Switch(config-if)# no shutdown
L2_Switch(config-if)# exit
L2_Switch(config)# interface fastethernet 0/11
L2_Switch(config-if)# switchport mode access
L2_Switch(config-if)# switchport access vlan 40
L2_Switch(config-if)# no shutdown
L2_Switch(config-if)# exit
L2_Switch(config)# exit
-----------------------------------------------------------
VTP 및 VLAN 설정 확인
L2_Switch# show vtp status
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 256
Number of existing VLANs : 8
VTP Operating Mode : Client
VTP Domain Name : Hoony
...생략
L2_Switch# show vlan-switch brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/0, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/12, Fa0/13, Fa0/14
10 Source active Fa0/1
20 Target active Fa0/6
40 Monitor active Fa0/11
... 생략
■ SPAN – trunk port 설정
L2_Switch(config)# monitor session 1 source interface fastEthernet 0/15
L2_Switch(config)# monitor session 1 destination interface fastEthernet 0/11
■ CASE 3 – VLANl SPAN
스위치의 VLAN 10, 20에서 송수신되는 트래픽을 FastEthernet 0/11 포트로 미러링
■ Multi_1 Switch 기본 설정
-----------------------------------------------------------
Multi_2 스위치와 연결된 포트를 Trunk 설정
Router(config)# hostname Multi_1
Multi_1(config)# interface fastethernet 0/15
Multi_1(config-if)# switchport trunk encapsulation dot1q
Multi_1(config-if)# switchport mode trunk
Multi_1(config-if)# no shutdown
Multi_1(config-if)# exit
-----------------------------------------------------------
VTP 서버 및 VLAN 설정
Multi_1# vlan database
Multi_1(vlan)# vtp domain Hoony
Multi_1(vlan)# vtp server
Multi_1(vlan)# vtp password cisco
Multi_1(vlan)# vlan 10 name Client
Multi_1(vlan)# vlan 20 name Server
Multi_1(vlan)# vlan 30 name Monitor
Multi_1(vlan)# exit
-----------------------------------------------------------
Multi_1 스위치에 연결된 VLAN에 Access port 할당
Multi_1# configure terminal
Multi_1(config)# interface fastethernet 0/1
Multi_1(config-if)# switchport mode access
Multi_1(config-if)# switchport access vlan 10
Multi_1(config-if)# no shutdown
Multi_1(config-if)# exit
Multi_1(config)# interface fastethernet 0/6
Multi_1(config-if)# switchport mode access
Multi_1(config-if)# switchport access vlan 20
Multi_1(config-if)# no shutdown
Multi_1(config-if)# exit
Multi_1(config)# interface fastethernet 0/11
Multi_1(config-if)# switchport mode access
Multi_1(config-if)# switchport access vlan 30
Multi_1(config-if)# no shutdown
Multi_1(config-if)# exit
-----------------------------------------------------------
서로 다른 VLAN 사이의 통신을 위한 SVI 설정
Multi_1(config)# ip routing
Multi_1(config)# interface vlan 10
Multi_1(config-if)# ip address 192.168.10.1 255.255.255.0
Multi_1(config-if)# exit
Multi_1(config)# interface vlan 20
Multi_1(config-if)# ip address 192.168.20.1 255.255.255.0
Multi_1(config-if)# exit
Multi_1(config)# interface vlan 30
Multi_1(config-if)# ip address 192.168.30.1 255.255.255.0
Multi_1(config-if)# exit
-----------------------------------------------------------
VTP 정보 및 VLAN 설정 확인
Multi_1# show vtp status
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 256
Number of existing VLANs : 8
VTP Operating Mode : Server
VTP Domain Name : Hoony
...생략
Multi_1# show vlan-switch brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/0, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/12, Fa0/13, Fa0/14
10 Client active Fa0/1
20 Server active Fa0/6
30 Monitor active Fa0/11
...생략
■ Multi_2 Switch 기본 설정
-----------------------------------------------------------
Multi_1 스위치와 연결된 포트를 Trunk 설정
Router(config)# hostname Multi_2
Multi_2(config)# interface fastethernet 0/15
Multi_2(config-if)# switchport trunk encapsulation dot1q
Multi_2(config-if)# switchport mode trunk
Multi_2(config-if)# no shutdown
Multi_2(config-if)# exit
Multi_2(config)# exit
-----------------------------------------------------------
VTP 클라이언트 설정
Multi_2# vlan database
Multi_2(vlan)# vtp domain Hoony
Multi_2(vlan)# vtp client
Multi_2(vlan)# vtp password cisco
Multi_2(vlan)# exit
-----------------------------------------------------------
Multi_2 스위치에 연결된 VLAN에 Access port 할당
Multi_2(config)# interface fastethernet 0/1
Multi_2(config-if)# switchport mode access
Multi_2(config-if)# switchport access vlan 10
Multi_2(config-if)# no shutdown
Multi_2(config-if)# exit
Multi_2(config)# interface fastethernet 0/6
Multi_2(config-if)# switchport mode access
Multi_2(config-if)# switchport access vlan 20
Multi_2(config-if)# no shutdown
Multi_2(config-if)# exit
-----------------------------------------------------------
VTP 정보 및 VLAN 설정 확인
Multi_2# show vtp status
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 256
Number of existing VLANs : 8
VTP Operating Mode : Client
VTP Domain Name : Hoony
...생략
Multi_2# show vlan-switch brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/0, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14
10 Client active Fa0/1
20 Server active Fa0/6
30 Monitor active
...생략
■ SPAN – VLAN 설정
Multi_1(config)# monitor session 1 source vlan 10
Multi_1(config)# monitor session 1 source vlan 20
Multi_1(config)# monitor session 1 destination interface fastethernet 0/11
■ ICMP / DNS 조회 / HTTP 접속 / FTP 접속의 트래픽을 발생시키고 SPAN을 통한 트래픽 확인
[출처] SPAN(Switch Port Analyzer)|작성자 HOONY