SPAN port over Layer 3

Unanswered Question
Mar 17th, 2009
User Badges:

Anyone has an idea how to configure Layer3 spanning?


We have a small site with access to the Internet but want to use Websense which is currently in a different site. So spanning the traffic that is destined to the Internet to go through Websense is the plan.


Any idea?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Tue, 03/17/2009 - 11:04
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Ron,

you should use the internet access of the small site just to build a GRE tunnel to the main site:

on the main site traffic can be sent to the Websense.

Return traffic if permitted is then sent back to the

The GRE tunnel can be protected with IPsec for privacy.


We do so IPSEC+GRE over internet and the remote sites to go to the internet via the main site.



Hope to help

Giuseppe


ronshuster Wed, 03/18/2009 - 10:10
User Badges:

Yes I understand, but as far as I know there is no need to introduce additional GRE tunnels, but rather SPAN to an IP address (layer3).

Giuseppe Larosa Wed, 03/18/2009 - 10:16
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Ron,

inside an intranet if the switches are 6500 you can take advantage of ERSPAN that builds a GRE tunnel between the two 6500.



see


http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/span.html


not being on the forwarding path the websense can only log web activity.


Hope to help

Giuseppe


Actions

This Discussion