You are here: Hyper-V Installations > Troubleshooting, Hyper-V > Configuring SPAN for Hyper-V

Configuring SPAN for Hyper-V

This section describes how to enable and configure SPAN for Hyper-V.

The default behavior of Hyper-V Manager allows port mirroring between VA instances on the same Hyper-V server. It does not allow users to configure promiscuous mode for a virtual interface on a specific VA instance in order to receive external traffic.

Process Overview for Enabling and Configuring SPAN

 

Make sure no ClearPass VA instance is running while you perform the following steps.

1. Create a virtual switch.
2. Attach a ClearPass SPAN virtual interface to the virtual switch.
3. Enable Microsoft NDIS capture extensions for the virtual switch.
4. Set the mirroring mode on the external port.
5. Set the local SPAN in a Cisco switch.

 

Make sure SPAN is enabled only on the data port and not the management port. Also, before you begin the SPAN configuration on the data port, make sure the data port is not configured with an IP address.

Creating a Virtual Switch

1. Open the Virtual Switch Manager.
2. In the Virtual Switches list, highlight New virtual network switch and then select External as `the dedicated spanned network adapter type. Click Create Virtual Switch.

Figure 1  Virtual Switch Manager, New Virtual Network Switch

3. For the switch you just created, select External Network as the Connection type, and select the Allow management operating system to share this network adapter option.

Figure 2  Virtual Switch Manager, Connection Type

Attaching a ClearPass SPAN Virtual Interface to the Virtual Switch

The steps to attach the ClearPass SPAN virtual interface can be performed either from Windows PowerShell or from Hyper-V Manager.

Using PowerShell:

1. Add a new network adapter, selecting the newly added SPAN virtual switch. Use the command:

ADD-VMNetworkAdapter -VMName VK-CP-VA-500-LongRunning-650 -Name Monitor -SwitchName vSwitch_Span

2. Enable port mirroring for the selected interface as the span destination. Use the command:

Get-VMNetworkAdapter -VMName VK-CP-VA-500-LongRunning-650 | ? Name -eq Monitor | Set-VMNetworkAdapter -PortMirroring Destination

 

Where:

VK-CP-VA-500-LongRunning-650 = CPPM VA name

vSwitch_Span = Newly added SPAN virtual switch name

Monitor = Newly added adapter name

(The newly added adapter hardware name will be “Monitor” when adding using the above commands, and “Network Adapter” when added using Hyper-V Manager.)

Using Hyper-V Manager:

1. Add a new network adapter. In the Hardware list, highlight Network Adapter.
2. In the Virtual Switch field, select vSwitch_Span.

Figure 3  Hyper-V Manager, Virtual Switch

3. In the Hardware list, expand Network Adapter and select Advanced Features.
4. In the Port Mirroring area, select Destination as the Mirroring mode for the new virtual interface.

Figure 4  Hyper-V Manager, Mirroring Mode

Enabling Microsoft NDIS Capture Extensions for the Virtual Switch

To enable Microsoft NDIS Capture Extensions for the newly added virtual switch:

1. Open the Virtual Switch Manager on the Hyper-V host.
2. In the Virtual Switches list, expand the virtual switch name vSwitch_Span and highlight Extensions.
3. In the Switch Extensions field, select Microsoft NDIS Capture.

Figure 5  Virtual Switch Manager, Microsoft NDIS Capture

4. Click OK.

Setting the Mirroring Mode on the External Port

The final part of the procedure is to set the mirroring mode on the external port of the new virtual switch to be the source.

The Hyper-V virtual switch (vSwitch_Span) must be configured so that any traffic that comes to the external source port is forwarded to the virtual network adapter that you configured as the destination.

* The following PowerShell commands can be used to set the external virtual switch port to source mirror mode:

$ExtPortFeature=Get-VMSystemSwitchExtensionPortFeature -FeatureName "Ethernet Switch Port Security Settings"

$ExtPortFeature.SettingData.MonitorMode=2

Add-VMSwitchExtensionPortFeature -ExternalPort -SwitchName vSwitch_Span -VMSwitchExtensionFeature $ExtPortFeature

 

Where:

vSwitch_Span = Newly added SPAN virtual switch name.

MonitorMode=2 = Source

MonitorMode=1 = Destination

MonitorMode=0 = None

 

* The following PowerShell command verifies the monitoring mode status:

Get-VMSwitchExtensionPortFeature -FeatureName "Ethernet Switch Port Security Settings" -SwitchName vSwitch_Span -ExternalPort | select -ExpandProperty SettingData

 

Where:

vSwitch_Span = Newly added SPAN virtual switch name

Setting the Local SPAN in a Cisco Switch

The following commands can be used to set the local span on a Cisco switch where you plan to test SPAN:

* To add the Source:

monitor session 1 source interface gigabitEthernet 1/0/1 both

* To add the Destination:

monitor session 1 destination interface gigabitEthernet 1/0/11

Additional References, SPAN Configuration

The following references provide additional information about Hyper-V and SPAN:

* http://charbelnemnom.com/2015/01/how-to-deploy-websense-in-stand-alone-mode-on-a-hyper-v-virtual-machine-hyperv-websense/
* http://www.cloudbase.it/hyper-v-promiscuous-mode/