Options
CALLING ALL VMWARE PROS!
Netstudent
Member Posts: 1,693 ■■■□□□□□□□
in Off-Topic
I have a virtual server on VNWARE ESX that sits on a hp blade. This virtual server has websense installed on it and I am trying to block bad http sites.
Anyways my ESX server connects to a cisco switchport that is a SPAN destination port. My internet ports on the switch that internet data traverses are the source ports.
monitor session 1 source interface Gi3/12 - 13
monitor session 1 destination interface Gi3/10
This VMserver has 2 virtual NICS, one for SPAN and the other for management. The websense application uses the management port to close the TCP requests because span ports do not allow ingress traffic.
I can't get my vmware virtual SPAN NIC to see any of the internet traffic from the source ports. I have tried wireshark on my virtula machine to make sure that it is not websense, and wireshark shows no internet traffic after deliberately generating http requests.
Also I have come to the conclusion that it is not a cisco misconfiguration. The probelm lies in that my VMWARE virtual NIC for montoring is sitting on a virtual switch. I'm not sure how to create a new virtual nic that could map directly to the physical NIC instead of going through a switch. See the virtual switch is blocking my mirrored traffic because the destination MAC is not in the virtual switch. The destination mAC is my firewall, not my websense server.
I have tried going into vmware and making my virtual switch a promiscuous virtual switch, which is supposed to make it like a hub.
How can I
1. map my vmnic to the physical NIC without using any virtual switches.
2. Are there any extra necessities when using promiscuous mode virtual switches. I just allowed promiscuous mode under VNIC properties.
ANY TAKERS??
Anyways my ESX server connects to a cisco switchport that is a SPAN destination port. My internet ports on the switch that internet data traverses are the source ports.
monitor session 1 source interface Gi3/12 - 13
monitor session 1 destination interface Gi3/10
This VMserver has 2 virtual NICS, one for SPAN and the other for management. The websense application uses the management port to close the TCP requests because span ports do not allow ingress traffic.
I can't get my vmware virtual SPAN NIC to see any of the internet traffic from the source ports. I have tried wireshark on my virtula machine to make sure that it is not websense, and wireshark shows no internet traffic after deliberately generating http requests.
Also I have come to the conclusion that it is not a cisco misconfiguration. The probelm lies in that my VMWARE virtual NIC for montoring is sitting on a virtual switch. I'm not sure how to create a new virtual nic that could map directly to the physical NIC instead of going through a switch. See the virtual switch is blocking my mirrored traffic because the destination MAC is not in the virtual switch. The destination mAC is my firewall, not my websense server.
I have tried going into vmware and making my virtual switch a promiscuous virtual switch, which is supposed to make it like a hub.
How can I
1. map my vmnic to the physical NIC without using any virtual switches.
2. Are there any extra necessities when using promiscuous mode virtual switches. I just allowed promiscuous mode under VNIC properties.
ANY TAKERS??
There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
Comments
-
Options
Plantwiz
Mod Posts: 5,057 Mod
Have you tried VMWare support? They're pretty good.Plantwiz
_____
"Grammar and spelling aren't everything, but this is a forum, not a chat room. You have plenty of time to spell out the word "you", and look just a little bit smarter." by Phaideaux
***I'll add you can Capitalize the word 'I' to show a little respect for yourself too.
'i' before 'e' except after 'c'.... weird? -
OptionsNetstudent
Member Posts: 1,693 ■■■□□□□□□□
Ya just got off the phone with Ahmad Kardchif and we went through and chnaged some script files with vi. Still sniffing nothing but broadcasts and multicasts. I am going to the colo monday to put a HUB on the span port just be absolutely sure that the span port is actually mirroring traffic to try and isolate whether this is bad SPAN config or bad VMware network configs or none of the above. I doubt it's bad vmware network configuration because that guy was good.
I'll update just in case anyone is interested.
Thanks.There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1! -
OptionsPlantwiz
Mod Posts: 5,057 Mod
Sure, always interested in how real situations turn out.
Thanks for the update so far. Good luck.Plantwiz
_____
"Grammar and spelling aren't everything, but this is a forum, not a chat room. You have plenty of time to spell out the word "you", and look just a little bit smarter." by Phaideaux
***I'll add you can Capitalize the word 'I' to show a little respect for yourself too.
'i' before 'e' except after 'c'.... weird? -
OptionsNetstudent
Member Posts: 1,693 ■■■□□□□□□□
For anyone interested, or who would liek to help, I put a hub on this span port today and slapped wireshark on a laptop. I still get nothing.
I have tried
monitor session 1 source interface Gi3/12 - 13
monitor session 1 destination interface Gi3/10
AND
monitor session 1 source vlan 1
monitor session 1 destination interface Gi3/10
I get nothing. Note that these source ports are connected to a clustered ASA5520. Both inside interfaces connect to 12 and 13.
I am absolutely sure that these switchports are connected to the ASAcluster and I am absolutely sure that http traffic passes across these source ports. Thinking about calling TAC. I sent continuous pings to google and browsed from a vmware server connected to this switch, but wireshark saw none of it..There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!