Login
- Table of Contents
-
- 17-Network Management and Monitoring Configuration Guide
- 00-Preface
- 01-System maintenance and debugging configuration
- 02-NQA configuration
- 03-NTP configuration
- 04-PoE configuration
- 05-SNMP configuration
- 06-RMON configuration
- 07-Event MIB configuration
- 08-NETCONF configuration
- 09-CWMP configuration
- 10-EAA configuration
- 11-Process monitoring and maintenance configuration
- 12-Sampler configuration
- 13-Mirroring configuration
- 14-NetStream configuration
- 15-IPv6 NetStream configuration
- 16-sFlow configuration
- 17-Information center configuration
- 18-Flow log configuration
- 19-SmartMC configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 13-Mirroring configuration | 130.37 KB |
Restrictions and guidelines: Port mirroring configuration
Configuring local port mirroring
Restrictions and guidelines for local port mirroring configuration
Local port mirroring tasks at a glance
Creating a local mirroring group
Display and maintenance commands for port mirroring
Port mirroring configuration examples
Example: Configuring local port mirroring
Restrictions: Hardware compatibility with flow mirroring
Restrictions and guidelines: Flow mirroring configuration
Flow mirroring tasks at a glance
Configuring a traffic behavior
Applying a QoS policy to an interface
Applying a QoS policy to the control plane
Flow mirroring configuration examples
Example: Configuring flow mirroring
Configuring port mirroring
About port mirroring
Port mirroring copies the packets passing through a port to a port that connects to a data monitoring device for packet analysis.
Terminology
The following terms are used in port mirroring configuration.
Mirroring source
The mirroring sources can be one or more monitored ports (called source ports).
Packets passing through mirroring sources are copied to a port connecting to a data monitoring device for packet analysis. The copies are called mirrored packets.
Source device
The device where the mirroring sources reside is called a source device.
Mirroring destination
The mirroring destination connects to a data monitoring device and is the destination port (also known as the monitor port) of mirrored packets. Mirrored packets are sent out of the monitor port to the data monitoring device.
A monitor port might receive multiple copies of a packet when it monitors multiple mirroring sources. For example, two copies of a packet are received on Port A when the following conditions exist:
· Port A is monitoring bidirectional traffic of Port B and Port C on the same device.
· The packet travels from Port B to Port C.
Destination device
The device where the monitor port resides is called the destination device.
Mirroring direction
The mirroring direction specifies the direction of the traffic that is copied on a mirroring source.
· Inbound—Copies packets received.
· Outbound—Copies packets sent.
· Bidirectional—Copies packets received and sent.
Mirroring group
Port mirroring is implemented through local mirroring groups. The mirroring sources and destination reside on the same device, which is directly connected to a data monitoring device. Packets received on the mirroring sources are sent through the mirroring destination to the data monitoring device.
Local port mirroring
Figure 1 Local port mirroring implementation
As shown in Figure 1, the source port (Port A) and the monitor port (Port B) reside on the same device. Packets received on Port A are copied to Port B. Port B then forwards the packets to the data monitoring device for analysis.
Restrictions and guidelines: Port mirroring configuration
If you configure a software forwarding interface as a source port for a mirroring group, the following rules apply:
· If the software forwarding interface operates in Layer 2 mode, the inbound and outbound IPv4 traffic, IPv6 traffic, and MPLS traffic of the interface will be mirrored.
· If the software forwarding interface operates in Layer 3 mode, the inbound and outbound IPv4 traffic, IPv6 traffic, and MPLS traffic of the interface will be mirrored. Make sure the interface has an IP address.
A software forwarding interface is an Ethernet interface. You can use the port link-mode command to change the link mode of an Ethernet interface. For more information, see Ethernet interface configuration in Interface Configuration Guide.
Whether a hardware forwarding interface can be configured as a source port for a mirroring group depends on the device model.
Configuring local port mirroring
Restrictions and guidelines for local port mirroring configuration
A local mirroring group takes effect only after it is configured with the monitor port and mirroring sources.
Port mirroring supports both software and hardware forwarding interfaces. However, you cannot assign a software forwarding interface and a hardware forwarding interface to the same mirroring group.
Local port mirroring tasks at a glance
To configure local port mirroring, perform the following tasks:
1. Configuring mirroring sources
2. Configuring the monitor port
Creating a local mirroring group
1. Enter system view.
system-view
2. Create a local mirroring group.
mirroring-group group-id local
Configuring mirroring sources
Restrictions and guidelines for mirroring source configuration
When you configure source ports for a local mirroring group, follow these restrictions and guidelines:
· A mirroring group can contain multiple source ports.
· A port can act as a source port for only one mirroring group.
· A source port cannot be configured as a monitor port.
Configuring source ports
· Configure source ports in system view.
a. Enter system view.
system-view
b. Configure source ports for a local mirroring group.
mirroring-group group-id mirroring-port interface-list { both | inbound | outbound }
By default, no source port is configured for a local mirroring group.
· Configure source ports in interface view.
a. Enter system view.
system-view
b. Enter interface view.
interface interface-type interface-number
c. Configure the port as a source port for a local mirroring group.
mirroring-group group-id mirroring-port { both | inbound | outbound }
By default, a port does not act as a source port for any local mirroring groups.
Configuring the monitor port
Restrictions and guidelines
Do not enable the spanning tree feature on the monitor port.
Use a monitor port only for port mirroring, so the data monitoring device receives only the mirrored traffic.
Procedure
· Configure the monitor port in system view.
a. Enter system view.
system-view
b. Configure the monitor port for a local mirroring group.
mirroring-group group-id monitor-port interface-type interface-number
By default, no monitor port is configured for a local mirroring group.
· Configure the monitor port in interface view.
a. Enter system view.
system-view
b. Enter interface view.
interface interface-type interface-number
c. Configure the port as the monitor port for a mirroring group.
mirroring-group group-id monitor-port
By default, a port does not act as the monitor port for any local mirroring groups.
Display and maintenance commands for port mirroring
Execute display commands in any view.
|
Task |
Command |
|
Display mirroring group information. |
display mirroring-group { group-id | all | local } |
Port mirroring configuration examples
Example: Configuring local port mirroring
Network configuration
As shown in Figure 2, configure local port mirroring in source port mode to enable the server to monitor the bidirectional traffic of the marketing and technical departments.
Procedure
# Create local mirroring group 1.
<Device> system-view
[Device] mirroring-group 1 local
# Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 as source ports for local mirroring group 1.
[Device] mirroring-group 1 mirroring-port gigabitethernet 1/0/1 gigabitethernet 1/0/2 both
# Configure GigabitEthernet 1/0/3 as the monitor port for local mirroring group 1.
[Device] mirroring-group 1 monitor-port gigabitethernet 1/0/3
# Disable the spanning tree feature on the monitor port (GigabitEthernet 1/0/3).
[Device] interface gigabitethernet 1/0/3
[Device-GigabitEthernet1/0/3] undo stp enable
[Device-GigabitEthernet1/0/3] quit
Verifying the configuration
# Verify the mirroring group configuration.
[Device] display mirroring-group all
Mirroring group 1:
Type: Local
Status: Active
Mirroring port:
GigabitEthernet1/0/1 Both
GigabitEthernet1/0/2 Both
Monitor port: GigabitEthernet1/0/3
Configuring flow mirroring
About flow mirroring
Flow mirroring copies packets matching a class to a destination for packet analyzing and monitoring. It is implemented through QoS.
To implement flow mirroring through QoS, perform the following tasks:
· Define traffic classes and configure match criteria to classify packets to be mirrored. Flow mirroring allows you to flexibly classify packets to be analyzed by defining match criteria.
· Configure traffic behaviors to mirror the matching packets to the specified destination.
For more information about QoS policies, traffic classes, and traffic behaviors, see ACL and QoS Configuration Guide.
Restrictions: Hardware compatibility with flow mirroring
|
Hardware |
Flow mirroring compatibility |
|
MSR810, MSR810-W, MSR810-W-DB, MSR810-LM, MSR810-W-LM, MSR810-10-PoE, MSR810-LM-HK, MSR810-W-LM-HK, MSR810-LMS-EA |
Yes |
|
MSR810-LMS, MSR810-LUS |
Yes |
|
MSR2600-6-X1, MSR2600-10-X1 |
Yes |
|
MSR 2630 |
Yes |
|
MSR3600-28, MSR3600-51 |
Yes |
|
MSR3600-28-SI, MSR3600-51-SI |
Yes |
|
MSR3600-28-X1, MSR3600-28-X1-DP, MSR3600-51-X1, MSR3600-51-X1-DP |
Yes |
|
MSR3610-I-DP, MSR3610-IE-DP |
Yes |
|
MSR3610-X1, MSR3610-X1-DP, MSR3610-X1-DC, MSR3610-X1-DP-DC |
Yes |
|
MSR 3610, MSR 3620, MSR 3620-DP, MSR 3640, MSR 3660 |
Yes |
|
MSR3610-G, MSR3620-G |
No |
Restrictions and guidelines: Flow mirroring configuration
For information about the configuration commands except the mirror-to command, see QoS policy commands in ACL and QoS Command Reference.
Flow mirroring tasks at a glance
To configure flow mirroring, perform the following tasks:
1. Configuring a traffic class
A traffic class defines the criteria that filters the traffic to be mirrored.
2. Configuring a traffic behavior
A traffic behavior specifies mirroring destinations.
Choose one of the following tasks:
¡ Applying a QoS policy to an interface
¡ Applying a QoS policy to the control plane
Configuring a traffic class
1. Enter system view.
system-view
2. Create a class and enter class view.
traffic classifier classifier-name [ operator { and | or } ]
3. Configure match criteria.
if-match [ not ] match-criteria
By default, no match criterion is configured in a traffic class.
4. (Optional.) Display traffic class information.
display traffic classifier user-defined
This command is available in any view.
Configuring a traffic behavior
1. Enter system view.
system-view
2. Create a traffic behavior and enter traffic behavior view.
traffic behavior behavior-name
3. Mirror traffic to an interface.
mirror-to interface interface-type interface-number
By default, no mirroring actions exist to mirror traffic to interfaces.
Flow mirroring does not support mirroring traffic to Layer 3 Ethernet interfaces.
4. (Optional.) Display traffic behavior configuration.
display traffic behavior user-defined
This command is available in any view.
Configuring a QoS policy
1. Enter system view.
system-view
2. Create a QoS policy and enter QoS policy view.
qos policy policy-name
3. Associate a class with a traffic behavior in the QoS policy.
classifier classifier-name behavior behavior-name
By default, no traffic behavior is associated with a class.
4. (Optional.) Display QoS policy configuration.
display qos policy user-defined
This command is available in any view.
Applying a QoS policy
Applying a QoS policy to an interface
Restrictions and guidelines
You can apply a QoS policy to an interface to mirror the traffic of the interface.
A policy can be applied to multiple interfaces.
In one traffic direction of an interface, only one QoS policy can be applied.
Procedure
1. Enter system view.
system-view
2. Enter interface view.
interface interface-type interface-number
3. Apply a policy to the interface.
qos apply policy policy-name { inbound | outbound }
4. (Optional.) Display the QoS policy applied to the interface.
display qos policy interface
This command is available in any view.
Applying a QoS policy to the control plane
Restrictions and guidelines
You can apply a QoS policy to the control plane to mirror the traffic of all ports on the control plane.
Procedure
1. Enter system view.
system-view
2. Enter control plane view.
In standalone mode:
control-plane
In IRF mode:
control-plane slot slot-number
3. Apply a QoS policy to the control plane.
qos apply policy policy-name inbound
4. (Optional.) Display QoS policies applied to the control plane
display qos policy control-plane
This command is available in any view.
Flow mirroring configuration examples
Example: Configuring flow mirroring
Network configuration
As shown in Figure 3, configure flow mirroring so that the server can monitor the following traffic:
· All traffic that the Technical Department sends to access the Internet.
· IP traffic that the Technical Department sends to the Marketing Department during working hours (8:00 to 18:00) on weekdays.
Procedure
# Create working hour range work, in which working hours are from 8:00 to 18:00 on weekdays.
<DeviceA> system-view
[DeviceA] time-range work 8:00 to 18:00 working-day
# Create IPv4 advanced ACL 3000 to allow packets from the Technical Department to access the Internet and the Marketing Department during working hours.
[DeviceA] acl advanced 3000
[DeviceA-acl-ipv4-adv-3000] rule permit tcp source 192.168.2.0 0.0.0.255 destination-port eq www
[DeviceA-acl-ipv4-adv-3000] rule permit ip source 192.168.2.0 0.0.0.255 destination 192.168.1.0 0.0.0.255 time-range work
[DeviceA-acl-ipv4-adv-3000] quit
# Create traffic class tech_c, and configure the match criterion as ACL 3000.
[DeviceA] traffic classifier tech_c
[DeviceA-classifier-tech_c] if-match acl 3000
[DeviceA-classifier-tech_c] quit
# Create traffic behavior tech_b, configure the action of mirroring traffic to GigabitEthernet 1/0/3.
[DeviceA] traffic behavior tech_b
[DeviceA-behavior-tech_b] mirror-to interface gigabitethernet 1/0/3
[DeviceA-behavior-tech_b] quit
# Create QoS policy tech_p, and associate traffic class tech_c with traffic behavior tech_b in the QoS policy.
[DeviceA] qos policy tech_p
[DeviceA-qospolicy-tech_p] classifier tech_c behavior tech_b
[DeviceA-qospolicy-tech_p] quit
# Apply QoS policy tech_p to the incoming packets of GigabitEthernet 1/0/4.
[DeviceA] interface gigabitethernet 1/0/4
[DeviceA-GigabitEthernet1/0/4] qos apply policy tech_p inbound
[DeviceA-GigabitEthernet1/0/4] quit
Verifying the configuration
# Verify that the server can monitor the following traffic:
· All traffic sent by the Technical Department to access the Internet.
· IP traffic that the Technical Department sends to the Marketing Department during working hours on weekdays.
(Details not shown.)
