Ok so I plan on utilizing erspan in vyos starting monday, but there is not a lot of documentation on it. So I want to make sure my plan will work.
[DEVICE 1]
eth0 - network access
eth1 - SPAN port
tun0 - ERSPAN port
[config]
mirror eth1 to tun0
setup tun0 as erspan with destination DEVICE 2
[DEVICE 2]
eth0 - network access
eth1- SPAN port
tun0 - ERSPAN port
[config]
mirror tun0 to eth1
setup tun0 as erspan receiving DEVICE 1 traffic
Thanks,
Steve
I don’t see a way to turn a port into a SPAN or monitor port. to be clear, I am not mirroring incoming port I am connecting eth1 to an actual SPAN/ monitor port. so the interface needs to be in promiscous mode
can anyone help with that?
I can’t seem to get it working bi-directionally (only ingress), so you’d probably need to mirror the other interface for transit traffic.
If you’re piping SPAN traffic into VyOS, and using it to send to a ERSPAN receiver somewhere else, then it should work fine since you’re only expecting ingress.
set interfaces ethernet eth0 address '10.1.2.1/24'
set interfaces ethernet eth1 mirror ingress 'tun0'
set interfaces tunnel tun0 encapsulation 'erspan'
set interfaces tunnel tun0 parameters erspan direction 'ingress'
set interfaces tunnel tun0 parameters erspan version '2'
set interfaces tunnel tun0 parameters ip key '100'
set interfaces tunnel tun0 remote '10.1.2.2'
set interfaces tunnel tun0 source-interface 'eth0'
And I get this at the remote IP:
