VMWare ERSPAN

To monitor virtual machines in a VMware vSphere environment, VMware vSphere Distributed Switch (VDS) supports industry standard features such as port mirroring and NetFlow. These features were introduced with the release of vSphere 5.0. You can use ERSPAN to mirror traffic from one or more source ports on a virtual switch, physical switch, or router and send the traffic to a destination IP host running NNM. The following ERSPAN virtual environments are supported for NNM:

  • VMware ERSPAN (Transparent Ethernet Bridging)
  • Cisco ERSPAN (ERSPAN Type II)

Note: Tenable Nessus Network Monitor does not support ERSPAN Type III. As a workaround, you can create a new port mirroring session using GRE tunneling.

For VSphere 5.1:

To monitor virtual machines with NNM residing on the same ESX host as the virtual machines, see the following link:
https://blogs.vmware.com/vsphere/2013/01/vsphere-5-1-vds-feature-enhancements-port-mirroring-part-1.html

To monitor virtual machines with NNM residing on external hardware, see the following link:
https://blogs.vmware.com/vsphere/2013/02/vsphere-5-1-vds-feature-enhancements-port-mirroring-part-2.html

To monitor virtual machines with NNM residing on an ESX host other than where the virtual machines reside, see the following link:
https://blogs.vmware.com/vsphere/2013/02/vsphere-5-1-vds-feature-enhancements-port-mirroring-part-3.html

For VSphere versions above 5.1:

  1. In your browser, navigate to https://docs.vmware.com/en/VMware-vSphere/5.5/com.vmware.vsphere.networking.doc/GUID-68B5DD45-DD3F-4E9B-A6CD-BE97026A846A.html.
  2. In the top right corner of the screen, select the version of VSphere for which you wish to view configuration instructions.

    The instructions include information regarding all 3 relevant configurations for Tenable Nessus Network Monitor.