Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SPAN port over Layer 3

Anyone has an idea how to configure Layer3 spanning?

We have a small site with access to the Internet but want to use Websense which is currently in a different site. So spanning the traffic that is destined to the Internet to go through Websense is the plan.

Any idea?

3 REPLIES
Hall of Fame Super Silver

Re: SPAN port over Layer 3

Hello Ron,

you should use the internet access of the small site just to build a GRE tunnel to the main site:

on the main site traffic can be sent to the Websense.

Return traffic if permitted is then sent back to the

The GRE tunnel can be protected with IPsec for privacy.

We do so IPSEC+GRE over internet and the remote sites to go to the internet via the main site.

Hope to help

Giuseppe

New Member

Re: SPAN port over Layer 3

Yes I understand, but as far as I know there is no need to introduce additional GRE tunnels, but rather SPAN to an IP address (layer3).

Hall of Fame Super Silver

Re: SPAN port over Layer 3

Hello Ron,

inside an intranet if the switches are 6500 you can take advantage of ERSPAN that builds a GRE tunnel between the two 6500.

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/span.html

not being on the forwarding path the websense can only log web activity.

Hope to help

Giuseppe

1079
Views
0
Helpful
3
Replies