Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2695
Views
0
Helpful
3
Replies

SPAN port over Layer 3

ronshuster
Level 1
Level 1

‎03-17-2009 10:45 AM - edited ‎03-06-2019 04:39 AM

Anyone has an idea how to configure Layer3 spanning?

We have a small site with access to the Internet but want to use Websense which is currently in a different site. So spanning the traffic that is destined to the Internet to go through Websense is the plan.

Any idea?

Labels:
0 Helpful
3 Replies 3

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎03-17-2009 11:04 AM

Hello Ron,

you should use the internet access of the small site just to build a GRE tunnel to the main site:

on the main site traffic can be sent to the Websense.

Return traffic if permitted is then sent back to the

The GRE tunnel can be protected with IPsec for privacy.

We do so IPSEC+GRE over internet and the remote sites to go to the internet via the main site.

Hope to help

Giuseppe

0 Helpful

ronshuster
Level 1
Level 1
In response to Giuseppe Larosa

‎03-18-2009 10:10 AM

Yes I understand, but as far as I know there is no need to introduce additional GRE tunnels, but rather SPAN to an IP address (layer3).

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to ronshuster

‎03-18-2009 10:16 AM

Hello Ron,

inside an intranet if the switches are 6500 you can take advantage of ERSPAN that builds a GRE tunnel between the two 6500.

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/span.html

not being on the forwarding path the websense can only log web activity.

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents