You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-iot/organizations/how-to-manage-individual-sensors.md
+8-2Lines changed: 8 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -268,13 +268,19 @@ For more information, see [ERSPAN ports](best-practices/traffic-mirroring-method
268
268
269
269
|Name |Description |
270
270
|---------|---------|
271
-
|**Mode**| Select one of the following: <br><br>- **SPAN Traffic (no encapsulation)** to use the default SPAN port mirroring. <br>- **ERSPAN** if you're using ERSPAN mirroring. <br><br>For more information, see [Choose a traffic mirroring method for OT sensors](best-practices/traffic-mirroring-methods.md). |
271
+
|**Mode**| Select one of the following: <br><br>- **SPAN Traffic (no encapsulation)** to use the default SPAN port mirroring. <br>- **Tunneling** if you're using ERSPAN mirroring. <br><br>For more information, see [Choose a traffic mirroring method for OT sensors](best-practices/traffic-mirroring-methods.md). |
272
272
|**Description**| Enter an optional description for the interface. You'll see this later on in the sensor's **System settings > Interface configurations** page, and these descriptions may be helpful in understanding the purpose of each interface. |
273
+
|**Interface IP**| The ERSPAN IP on the sensor side. <br> - The management interface IP and the ERSPAN interface IP must be configured on separate network subnets. <br> - Configuring both the management and ERSPAN IP addresses on the same subnet might lead to asymmetric routing issues. |
274
+
|**Subnet**| The subnet mask of the ERSPAN interface IP. |
275
+
|**Name**| Enter a unique name for the virtual ERSPAN interface.|
276
+
|**ID** - ERSPAN tunnel ID | The ID value must be identical to the `erspan-id` value on the Cisco side. <br> In case of an ID mismatch, the sensor will discard all incoming tunnel traffic. |
277
+
|**Source IP**| The IP address of the ERSPAN interface on the Cisco side that sends the tunnel traffic. |
278
+
|**Add tunneling**| The sensor supports adding multiple tunnels. Each tunnel must have a unique name and ID. |
273
279
|**Auto negotiation**| Relevant for physical machines only. Use this option to determine which sort of communication methods are used, or if the communication methods are automatically defined between components. <br><br>**Important**: We recommend that you change this setting only on the advice of your networking team. |
274
280
275
281
For example:
276
282
277
-
:::image type="content" source="media/how-to-manage-individual-sensors/configure-erspan.png" alt-text="Screenshot of how to configure ERSPAN on the Interface configurations page.":::
283
+
:::image type="content" source="media/how-to-manage-individual-sensors/tunneling-advanced-settings.png" alt-text="Screenshot of how to configure Tunneling for ERSPAN on the Interface configurations page." lightbox="media/how-to-manage-individual-sensors/tunneling-advanced-settings.png":::
278
284
279
285
1. Select **Save** to save your changes. Your sensor software restarts to implement your changes.
0 commit comments