Sinefa probes can ingest packet data directly using ERSPAN. Currently Sinefa supports both ERSPAN v1 (also called type II) and ERSPAN v2 (also called type III).
This guide assumes you have already configured a source ERSPAN session. For information and configuration examples, consult the Cisco documentation. Once a source ERSPAN session is configured you'll need to use the Sinefa CLI to configure a Sinefa probe as an ERSPAN destination.
You'll need to use the "interface add tunnel" command, full details are below:
interface add tunnel <name> mode erspan [remote <remote>] [local <local>] [interface <interface>] [key <key>]
... <name> The name of the tunnel interface to create
... remote <remote> The remote IP endpoint of the tunnel
... local <local> The local IP to bind the tunnel to
... interface <interface> The interface to bind the tunnel to
... key <key> The GRE key / ERSPAN session id
Once configured, each monitored ERSPAN session will appear as a new source on the Sinefa UI.
The following configuration example shows what a typical ERSPAN configuration might look like.
- ERSPAN session 100
- ERSPAN source IP 192.168.100.2 (the IP of the device sending ERSPAN traffic to the Sinefa probe)
interface add tunnel tun100 mode erspan remote 192.168.100.2 key 100