Hardware appliance - configuring mirrored traffic monitoring from a VDS with encapsulated remote mirroring

Procedure

1. Configure the mirroring source to forward encapsulated remote mirrored traffic.
   1. Log in to the vSphere Web Client.
   2. Select your virtual distributed switch in the left column and then click Configure.
   3. Click Port Mirroring.
      The Port mirroring screen appears.

      
   4. Click New....
      The Add Port Mirroring Sessions window appears.

      
   5. Select Encapsulated Remote Mirroring (L3) Source.
   6. Click Next.
      The Edit properties screen appears.

      
   7. In Name, type a session name.
   8. For Status, select Enabled.
   9. For Encapsulation type, select the encapsulation type.

      Note Using ERSPAN THREE may cause issues. Trend Micro recommends using GRE or ERSPAN TWO

   10. Click Next.
       The Select sources screen appears.
   11. Click the plus icon () to add the source virtual machines that you want to monitor.
   12. Click Next.
       The Select destinations screen appears.
   13. Click the plus icon to add an IP address as a destination.

       Note The destination IP address is the address that you configure on Deep Discovery Inspector in the next step.

   14. Click Next.
       The Ready to complete screen appears.
   15. Verify that the settings are correct and then click Finish.
2. Configure the mirroring destination to receive encapsulated remote mirrored traffic.
   1. In the Deep Discovery Inspector console, go to Administration → System Settings → Network Interface.
      The Network Interface screen appears.
   2. Locate a data port, and then click the right arrow () at the beginning of the row.
   3. Select Encapsulated Remote Mirroring.
   4. Specify the encapsulated remote mirroring destination address.

      Important The encapsulated remote mirroring destination address must be routable from the management VMkernel port of the ESXi host.

   5. Click Save.