For the OS I used Raspbian which is Debian for the Pi. I’ll be the first to admit my Linux skills are far from what some IT professionals may call excellent, so I’ll welcome a better way to do this part if you have any suggestions.
You might want to prune down the vlans that are allowed through so that the only thing leaving the port to the Pi are the native and the RSPAN vlan, but I’ll leave that up to you. Monitor session 2 destination remote vlan 4000įinally you setup the port the Pi is plugged into. Monitor session 2 source interface Gi0/1 – 2 Monitor session 2 source interface Fa0/1, Fa0/3 – 24 So, make sure you know where this vlan is going. One gotcha with this is that with an RSPAN you can capture a port where your RSPAN vlan trunked down–creating an infinite loop that will have a significant negative impact on your switch and on your day. The Cisco config is easy all we have to do is set up the RSPAN vlan (4000 in this example), a monitor session, and an interface to capture on. What I am doing on the Cisco side is setting up an RSPAN monitor session and a trunk port on the Linux side I just enable 802.1q, capture on the RSPAN vlan, and manage on the native vlan. It’s a very easy to set up for very little money, but I haven’t seen this idea anywhere so thought I would share it. Recently I came up with a solution in the form of a Raspberry Pi using only the built-in NIC.
For some time I have had issues while doing captures such as finding the elusive “spare laptop” you can use, multiple trips out to the site to pick up the captures, or finding another NIC to put in there so you can connect remotely and copy the captures over the network, taking up 2 switch ports.
0 kommentar(er)
