Configure ERSPAN with VMware

The Encapsulated Remote Switched Port Analyzer (ERSPAN) allows you to monitor traffic on multiple network interfaces or VLANs and then send the monitored traffic to one or more destinations. This guide explains how to configure ERSPAN on an installed ExtraHop appliance using the vSphere client running on a Windows machine. The guide assumes experience administering VMware ESX and ESXi environments.

To configure ERSPAN on an ExtraHop appliance, complete the following steps.

  1. Log in to the Admin UI (https://<extrahop_ip>/admin).

  2. Go to the Network Settings section and click Connectivity.

  3. Go to the Interface 1 section and click Change.

  4. On the Network Settings for Interface 1 page, click the Interface Mode drop-down list and select Management Port + RPCAP/ERSPAN Target.

  5. Complete the remaining fields and click Save.

  6. Depending on your configuration set or disable the remaining interfaces.

    For more information about setting up the network interfaces, refer to the Connectivity section of the Admin UI Help.
  7. Open vCenter and navigate to the virtual distributed switch (vDS) from which you want to monitor traffic.

  8. Click the Manage tab, click Settings, and click Port Mirroring.

  9. Select a port mirroring session with Encapsulated Remote Mirroring (L3) Source enabled and click Edit. For more information about creating a port mirroring session, refer to vSphere documentation.

  10. In the Properties section, click the Status drop-down list and select Enabled.

  11. In the Sources section, create a source port with the following fields.

  12. In the Destinations section, click the green + sign to add IP addresses to receive the traffic.

  13. Click OK to save the changes and exit the editor window.

    Consider turning off TCP segmentation offloading on the operating systems involved in forwarded communication.
  14. Log in to the ExtraHop Web UI (https://<extrahop_ip>/extrahop) to view monitored traffic.

  • VMware: Select Port Mirroring Session Type with the vSphere Web Client

  • ExtraHop: ExtraHop Admin UI Help

Published 2019-08-19 14:49