Field	Description
Mirroring group	Number of the mirroring group.
Type	Type of the mirroring group: · Local. · Remote source. · Remote destination.
Status	Status of the mirroring group: · Active—The mirroring group has taken effect. · Incomplete—The mirroring group configuration is not complete and does not take effect.
Mirroring port	Source port.
Encapsulation	Encapsulation parameters of the mirrored packets.
Mirroring CPU	Source CPU.
Monitor port	Destination port.
Destination IP address	Destination IP address in the outer header of the GRE-encapsulated mirrored packets.
Source IP address	Source IP address in the outer header of the GRE-encapsulated mirrored packets.
DSCP	DSCP value in the outer header of the GRE-encapsulated mirrored packets.
VLAN	VLAN in the outer header of the GRE-encapsulated mirrored packets.
VRF Instance	VPN instance whose routing table is used to direct forwarding of the mirrored packets.
Destination MAC address	Destination MAC address in the outer header of the GRE-encapsulated mirrored packets.

‌

mirroring-group

Use mirroring-group to create a mirroring group.

Use undo mirroring-group to delete mirroring groups.

Syntax

mirroring-group group-id { local | remote-destination | remote-source }

undo mirroring-group { group-id | all | local | remote-destination | remote-source }

Default

No mirroring groups exist.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group ID. The value range for this argument is 1 to 4.

local: Specifies local mirroring groups.

remote-destination: Specifies remote destination groups.

remote-source: Specifies remote source groups.

all: Specifies all mirroring groups.

Examples

# Create local mirroring group 1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

mirroring-group mirroring-cpu

Use mirroring-group mirroring-cpu to configure source CPUs for a mirroring group.

Use undo mirroring-group mirroring-cpu to remove source CPUs from a mirroring group.

Syntax

mirroring-group group-id mirroring-cpu slot slot-number-list inbound

undo mirroring-group group-id mirroring-cpu slot slot-number-list

Default

No source CPU is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its number. The specified mirroring group must already exist. The value range for this argument is 1 to 4.

slot slot-number-list: Specifies a space-separated list of up to eight slot number items. An item specifies an IRF member device by its member ID or specifies a range of IRF member devices in the form of start-slot-number to end-slot-number. The end slot number must be equal to or greater than the start slot number.

inbound: Mirrors only received packets.

Usage guidelines

You can configure source CPUs only for local mirroring groups and remote source groups.

Examples

# Create local mirroring group 1 to monitor the inbound traffic of the CPU on the specified slot.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 mirroring-cpu slot 1 inbound

Related commands

mirroring-group

mirroring-group mirroring-port (interface view)

Use mirroring-group mirroring-port to configure a port as a source port for a mirroring group.

Use undo mirroring-group mirroring-port to restore the default.

Syntax

mirroring-group group-id mirroring-port { both | inbound | outbound }

undo mirroring-group group-id mirroring-port

Default

A port does not act as a source port for any mirroring groups.

Views

Interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its ID. The value range for this argument is 1 to 4.

both: Mirrors both received and sent packets.

inbound: Mirrors only received packets.

outbound: Mirrors only sent packets.

Usage guidelines

You can configure source ports only for local mirroring groups and remote source groups.

A Layer 2 or Layer 3 aggregate interface can be configured as a source port of a local or a remote source group. However, the mirrored traffic direction of an aggregate interface cannot be the same as the mirrored traffic direction of its member ports in the same mirroring group. If the mirrored traffic direction of an aggregate interface is the same as the mirrored traffic direction of an interface in the same group, do not assign the interface to the aggregate interface. Otherwise, the mirroring source configuration does not take effect for the interface and the aggregate interface in the specified direction.

Do not assign a source port of a mirroring group to the remote probe VLAN of the mirroring group.

A port can be assigned to different mirroring groups as follows:

· When acting as a source port for unidirectional mirroring, the port can be assigned to up to four mirroring groups.

· When acting as a source port for bidirectional mirroring, the port can be assigned to up to two mirroring groups.

· When acting as a source port for unidirectional and bidirectional mirroring, the port can be assigned to up to three mirroring groups. One mirroring group is used for bidirectional mirroring and the other two for unidirectional mirroring.

A source port cannot be used as a reflector port, monitor port, or egress port.

Examples

# Create local mirroring group 1 to monitor the bidirectional traffic of the port Twenty-FiveGigE 1/0/1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] interface twenty-fivegige 1/0/1

[Sysname-Twenty-FiveGigE1/0/1] mirroring-group 1 mirroring-port both

# Create remote source group 2 to monitor the bidirectional traffic of the port Twenty-FiveGigE 1/0/2.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-source

[Sysname] interface twenty-fivegige 1/0/2

[Sysname-Twenty-FiveGigE1/0/2] mirroring-group 2 mirroring-port both

Related commands

mirroring-group

mirroring-group mirroring-port (system view)

Use mirroring-group mirroring-port to configure source ports for a mirroring group.

Use undo mirroring-group mirroring-port to remove source ports from a mirroring group.

Syntax

mirroring-group group-id mirroring-port interface-list { both | inbound | outbound }

undo mirroring-group group-id mirroring-port interface-list

Default

No source port is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its ID. The value range for this argument is 1 to 4.

interface-list: Specifies a space-separated list of up to eight interface items. Each item specifies an interface by its type and number or specifies a range of interfaces in the form of interface-type interface-number1 to interface-type interface-number2. When you specify a range of interfaces, the interfaces must be of the same type and on the same slot. The start interface number must be identical to or lower than the end interface number.

both: Mirrors both received and sent packets.

inbound: Mirrors only received packets.

outbound: Mirrors only sent packets.

Usage guidelines

You can configure source ports only for local mirroring groups and remote source groups.

Do not assign a source port of a mirroring group to the remote probe VLAN of the mirroring group.

A port can be assigned to different mirroring groups as follows:

· When acting as a source port for unidirectional mirroring, the port can be assigned to up to four mirroring groups.

· When acting as a source port for bidirectional mirroring, the port can be assigned to up to two mirroring groups.

A source port cannot be used as a reflector port, monitor port, or egress port.

Examples

# Create local mirroring group 1 to monitor the bidirectional traffic of Twenty-FiveGigE 1/0/1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 mirroring-port twenty-fivegige 1/0/1 both

# Create remote source group 2 to monitor the bidirectional traffic of Twenty-FiveGigE 1/0/2.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-source

[Sysname] mirroring-group 2 mirroring-port twenty-fivegige 1/0/2 both

Related commands

mirroring-group

mirroring-group monitor-egress

Use mirroring-group monitor-egress to configure the egress port for a remote source group.

Use undo mirroring-group monitor-egress to restore the default.

Syntax

In system view:

mirroring-group group-id monitor-egress interface-type interface-number

undo mirroring-group group-id monitor-egress interface-type interface-number

In interface view:

mirroring-group group-id monitor-egress

undo mirroring-group group-id monitor-egress

Default

No egress port is configured for a remote source group.

Views

System view

Interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its ID. The value range for this argument is 1 to 4.

interface-type interface-number: Specifies a port by its type and number.

Usage guidelines

You can configure egress ports only for remote source groups.

For port mirroring to work correctly, disable the following features on the egress port of a mirroring group:

· Spanning tree.

· 802.1X.

· IGMP snooping.

· Static ARP.

· MAC address learning.

The member port of an existing mirroring group cannot be configured as an egress port.

Examples

# Create remote source group 1. Configure Twenty-FiveGigE 1/0/1 as its egress port in system view.

<Sysname> system-view

[Sysname] mirroring-group 1 remote-source

[Sysname] mirroring-group 1 monitor-egress twenty-fivegige 1/0/1

# Create remote source group 2. Configure Twenty-FiveGigE 1/0/2 as its egress port in interface view.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-source

[Sysname] interface twenty-fivegige 1/0/2

[Sysname-Twenty-FiveGigE1/0/2] mirroring-group 2 monitor-egress

Related commands

mirroring-group

mirroring-group monitor-port (interface view)

Use mirroring-group monitor-port to configure a port as the monitor port for a mirroring group.

Use undo mirroring-group monitor-port to restore the default.

Syntax

mirroring-group group-id monitor-port [ destination-ip destination-ip-address source-ip source-ip-address [ dscp dscp-value | vlan vlan-id | vrf-instance vrf-name ] * ]

undo mirroring-group group-id monitor-port

Default

A port does not act as the monitor port for any mirroring groups.

Views

Interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its ID. The value range for this argument is 1 to 4.

destination-ip destination-ip-address: Specifies the destination IP address for the mirrored packets.

source-ip source-ip-address: Specifies the source IP address for the mirrored packets.

dscp dscp-value: Specifies the DSCP value for the mirrored packets. The dscp-value argument can be a number in the range of 0 to 63 or a keyword in Table 2. The default DSCP value is 0.

Table 2 DSCP keywords and values

Keyword	DSCP value in binary	DSCP value in decimal
af11	001010	10
af12	001100	12
af13	001110	14
af21	010010	18
af22	010100	20
af23	010110	22
af31	011010	26
af32	011100	28
af33	011110	30
af41	100010	34
af42	100100	36
af43	100110	38
cs1	001000	8
cs2	010000	16
cs3	011000	24
cs4	100000	32
cs5	101000	40
cs6	110000	48
cs7	111000	56
default	000000	0
ef	101110	46

‌

vlan vlan-id: Specifies a VLAN by its VLAN ID in the range of 1 to 4094 for the mirrored packets.

vrf-instance vrf-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. The mirrored packets will be forwarded based on the routing table of the specified VPN instance.

Usage guidelines

You can configure monitor ports only for local mirroring groups and remote destination groups.

To implement Layer 3 remote port mirroring in ERSPAN mode, you must configure the following encapsulation parameters for mirrored packets sent to the monitor port:

· Destination IP address, which is the IP address of the remote data monitoring device.

· Source IP address.

· Optional encapsulation parameters, including the DSCP value, VLAN, VPN instance, and destination MAC address.

The mirrored packet is first encapsulated in a GRE packet with a protocol number of 0x88BE. The GRE packet is then encapsulated in a delivery protocol by using the configured encapsulation parameters and routed to the final destination.

Do not enable the spanning tree feature on the monitor port of a mirroring group.

For a Layer 2 aggregate interface configured as the monitor port of a mirroring group, do not perform either of the following tasks:

· Configure its member ports as source ports of the mirroring group.

A Layer 3 aggregate interface cannot be configured as the monitor port for a local mirroring group.

Use a monitor port only for port mirroring, so the data monitoring device receives and analyzes only the mirrored traffic.

The member port of an existing mirroring group cannot be configured as a monitor port.

When you configure Layer 3 remote port mirroring in ERSPAN mode, if the monitor port of a local mirroring group is an aggregate interface, make sure the member ports in the aggregate interface and the source ports in the local mirroring group belong to the same interface group.

When you configure Layer 3 remote port mirroring in tunnel mode, if the monitor port of a local mirroring group is an aggregate interface, make sure the member ports in the service loopback group and the source ports in the local mirroring group belong to the same interface group.

Execute the display drv system 9 command in probe view. In the command output, interfaces in the same pipe belong to the same interface group.

Examples

# Create local mirroring group 1 and configure Twenty-FiveGigE 1/0/1 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] interface twenty-fivegige 1/0/1

[Sysname-Twenty-FiveGigE1/0/1] mirroring-group 1 monitor-port

# Create remote destination group 2 and configure Twenty-FiveGigE 1/0/2 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-destination

[Sysname] interface twenty-fivegige 1/0/2

[Sysname-Twenty-FiveGigE1/0/2] mirroring-group 2 monitor-port

# Create local mirroring group 3. Specify Twenty-FiveGigE 1/0/1 as its monitor port and configure the encapsulation parameters including the source and destination IP addresses, DSCP value, VLAN, and VPN instance for the mirrored packets.

<Sysname> system-view

[Sysname] mirroring-group 3 local

[Sysname] interface twenty-fivegige 1/0/1

[Sysname-Twenty-FiveGigE1/0/1] mirroring-group 3 monitor-port destination-ip 1.1.1.1 source-ip 3.3.3.3 dscp 1 vlan 1 vrf-instance 122

Related commands

mirroring-group

mirroring-group monitor-port (system view)

Use mirroring-group monitor-port to configure the monitor ports for a mirroring group.

Use undo mirroring-group monitor-port to remove the monitor ports from a mirroring group.

Syntax

mirroring-group group-id monitor-port interface-type interface-number [ destination-ip destination-ip-address source-ip source-ip-address [ dscp dscp-value | vlan vlan-id | vrf-instance vrf-name ] * ]

undo mirroring-group group-id monitor-port interface-type interface-number

Default

No monitor port is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its ID. The value range for this argument is 1 to 4.

interface-type interface-number: Specifies an interface by its type and number.

destination-ip destination-ip-address: Specifies the destination IP address for the mirrored packets.

source-ip source-ip-address: Specifies the source IP address for the mirrored packets.

dscp dscp-value: Specifies the DSCP value for the mirrored packets. The dscp-value argument can be a number in the range of 0 to 63 or a keyword in Table 2. The default DSCP value is 0.

vlan vlan-id: Specifies a VLAN by its VLAN ID in the range of 1 to 4094 for the mirrored packets.

Usage guidelines

You can configure monitor ports only for local mirroring groups and remote destination groups.

To implement Layer 3 remote port mirroring in ERSPAN mode, you must configure the following encapsulation parameters for mirrored packets sent to the monitor port:

· Destination IP address, which is the IP address of the remote data monitoring device.

· Source IP address.

· Optional encapsulation parameters, including the DSCP value, VLAN, VPN instance, and destination MAC address.

Do not enable the spanning tree feature on the monitor port of a mirroring group.

For a Layer 2 aggregate interface configured as the monitor port of a mirroring group, do not perform any of the following tasks:

· Configure its member ports as source ports of the mirroring group.

A Layer 3 aggregate interface cannot be configured as the monitor port for a local mirroring group.

Use a monitor port only for port mirroring, so the data monitoring device receives only the mirrored traffic.

The member port of an existing mirroring group cannot be configured as a monitor port.

Execute the display drv system 9 command in probe view. In the command output, interfaces in the same pipe belong to the same interface group.

Examples

# Create local mirroring group 1 and configure Twenty-FiveGigE 1/0/1 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 monitor-port twenty-fivegige 1/0/1

# Create remote destination group 2 and configure Twenty-FiveGigE 1/0/2 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-destination

[Sysname] mirroring-group 2 monitor-port twenty-fivegige 1/0/2

# Create local mirroring group 4. Specify Twenty-FiveGigE 1/0/1 as its monitor port and configure the encapsulation parameters including the source and destination IP addresses, DSCP value, VLAN, and VPN instance for the mirrored packets.

<Sysname> system-view

[Sysname] mirroring-group 4 local

[Sysname] mirroring-group 4 monitor-port twenty-fivegige 1/0/1 destination-ip 1.1.1.1 source-ip 3.3.3.3 dscp 1 vlan 1 vrf-instance 122

Related commands

mirroring-group

mirroring-group reflector-port

Use mirroring-group reflector-port to configure the reflector port for a remote source group.

Use undo mirroring-group reflector-port to restore the default.

Syntax

In system view:

mirroring-group group-id reflector-port interface-type interface-number

undo mirroring-group group-id reflector-port interface-type interface-number

In interface view:

mirroring-group group-id reflector-port

undo mirroring-group group-id reflector-port

Default

No reflector port is configured for a mirroring group.

Views

System view

Interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its ID. The value range for this argument is 1 to 4.

interface-type interface-number: Specifies a port by its type and number.

Usage guidelines

CAUTION:

· The port to be configured as a reflector port must be a port not in use. Do not connect a network cable to a reflector port.

· When a port is configured as a reflector port, the port restores to the factory default settings. You cannot configure other features on a reflector port.

· If an IRF port is bound to only one physical interface, do not configure the physical interface as a reflector port. Otherwise, the IRF might split.

You can configure reflector ports only for remote source groups.

You cannot change the duplex mode or speed for a reflector port.

Examples

# Create remote source group 1. Configure Twenty-FiveGigE 1/0/1 as its reflector port in system view.

<Sysname> system-view

[Sysname] mirroring-group 1 remote-source

[Sysname] mirroring-group 1 reflector-port twenty-fivegige 1/0/1

This operation may delete all settings made on the interface. Continue? [Y/N]: y

# Create remote source group 2. Configure Twenty-FiveGigE 1/0/2 as its reflector port in interface view.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-source

[Sysname] interface twenty-fivegige 1/0/2

[Sysname-Twenty-FiveGigE1/0/2] mirroring-group 2 reflector-port

This operation may delete all settings made on the interface. Continue? [Y/N]: y

Related commands

mirroring-group

mirroring-group remote-probe vlan

Use mirroring-group remote-probe vlan to specify a VLAN as the remote probe VLAN for a mirroring group.

Use undo mirroring-group remote-probe vlan to restore the default.

Syntax

mirroring-group group-id remote-probe vlan vlan-id

undo mirroring-group group-id remote-probe vlan vlan-id

Default

No remote probe VLAN is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its ID. The value range for this argument is 1 to 4.

vlan-id: Specifies a VLAN by its ID.

Usage guidelines

You can configure remote probe VLANs only for remote source groups and remote destination groups.

When a VLAN is configured as a remote probe VLAN, use the VLAN for port mirroring exclusively.

The remote mirroring groups on the source device and destination device must use the same remote probe VLAN.

Only a static VLAN that already exists can be configured as a remote probe VLAN. A VLAN can be configured as the remote probe VLAN for only one mirroring group.

To delete a VLAN that is configured as a remote probe VLAN, remove the remote probe VLAN configuration first.

Examples

# Create remote source group 1 and configure VLAN 10 as its remote probe VLAN.

<Sysname> system-view

[Sysname] mirroring-group 1 remote-source

[Sysname] mirroring-group 1 remote-probe vlan 10

# Create remote destination group 2 and configure VLAN 20 as its remote probe VLAN.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-destination

[Sysname] mirroring-group 2 remote-probe vlan 20

Related commands

mirroring-group

Flow mirroring commands

You can enable sampling for only one of the following features on the device:

· Mirroring.

· NetStream.

· IPv6 NetStream.

· sFlow.

· INT.

· Telemetry stream.

· MOD.

For more information about NetStream, IPv6 NetStream, and sFlow, see Network Management and Monitoring Configuration Guide. For more information about INT, telemetry stream, and MOD, see Telemetry Configuration Guide.

mirror-to cpu

Use mirror-to cpu to configure a mirroring action that mirrors traffic to the CPU.

Use undo mirror-to cpu to delete the mirroring action that mirrors traffic to the CPU.

Syntax

mirror-to cpu

undo mirror-to cpu

Default

No mirroring action exists to mirror traffic to the CPU.

Views

Traffic behavior view

Predefined user roles

network-admin

Examples

# Create traffic behavior 1 and configure the action of mirroring traffic to the CPU for the traffic behavior.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to cpu

mirror-to grpc

Use mirror-to grpc to configure a mirroring action that mirrors traffic to gRPC.

Use undo mirror-to grpc to delete the mirroring action that mirrors traffic to gRPC.

Syntax

mirror-to grpc

undo mirror-to grpc

Default

No mirroring action exists to mirror traffic to gRPC.

Views

Traffic behavior view

Predefined user roles

network-admin

Usage guidelines

Google Remote Procedure Call (gRPC) is a Google developed framework for remote procedure calls. gRPC provides a programmable method for monitoring and managing network devices.

This command enables the device to mirror traffic matching the traffic class in the QoS policy to the directly-connected gRPC network management server for traffic analysis.

For more information about gRPC, visit website www.grpc.io. For information about how to configure the gRPC network management server, see the network management server configuration guide.

Examples

# Create traffic behavior 1 and configure a mirroring action that mirrors traffic to gRPC.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to grpc

mirror-to ifa-processor

Use mirror-to ifa-processor to configure a mirroring action that mirrors traffic to the in-band network telemetry (INT) processor.

Use undo mirror-to ifa-processor to delete the mirroring action that mirrors traffic to the INT processor.

Syntax

mirror-to ifa-processor [ sampler sampler-name ]

undo mirror-to ifa-processor

Default

No mirroring action exists to mirror traffic to the INT processor.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

sampler sampler-name: Specifies a sampler by its name. The sampler-name argument is a case-insensitive string of 1 to 31 characters. If you do not specify this option, packets are not sampled, and all matching packets are mirrored.

Usage guidelines

A sampler selects a packet from sequential packets. Flow mirroring uses the sampler to limit the volume of traffic to be mirrored. Flow mirroring supports using a sampler that has not been created. If you configure multiple samplers for a mirroring action, the most recent configuration takes effect. For more information about samplers, see Network Management and Monitoring Configuration Guide.

Example

# Create traffic behavior 1 and configure the action of mirroring traffic to the INT processor. Specify sampler samp for the mirroring action.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to ifa-processor sampler samp

Related commands

sampler

mirror-to interface

Use mirror-to interface to configure a mirroring action that mirrors traffic to an interface.

Use undo mirror-to interface to delete a mirroring action that mirrors traffic to an interface.

Syntax

Syntax 1:

mirror-to interface interface-type interface-number [ sampler sampler-name ] [ truncation ] [ loopback | [ { destination-ip destination-ip-address source-ip source-ip-address | destination-ipv6 destination-ipv6-address source-ipv6 source-ipv6-address } [ vxlan vxlan-id [ destination-port destination-port-value | source-port source-port-value ] * ] [ dscp dscp-value | vlan vlan-id | vrf-instance vrf-name ] * ]

undo mirror-to interface interface-type interface-number

Syntax 2:

mirror-to interface { destination-ip destination-ip-address source-ip source-ip-address | destination-ipv6 destination-ipv6-address source-ipv6 source-ipv6-address } [ vxlan vxlan-id [ destination-port destination-port-value | source-port source-port-value ] * ] [ sampler sampler-name ] [ truncation ] [ dscp dscp-value | vlan vlan-id | vrf-instance vrf-name ] *

undo mirror-to interface { destination-ip destination-ip-address source-ip source-ip-address | destination-ipv6 destination-ipv6-address source-ipv6 source-ipv6-address }

Default

No mirroring actions exist to mirror traffic to interfaces.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

sampler sampler-name: Specifies a sampler by its name, a case-insensitive string of 1 to 31 characters.

truncation: Truncates the mirrored packets to retain only the first 192 bytes of each packet.

loopback: Uses the GRE encapsulation format for mirrored packets. Upon arriving at the specified interface, the mirrored packets are forwarded to the destination device through the GRE tunnel. The destination device decapsulates the packets and forwards them to the data monitoring device.

destination-ip destination-ip-address: Specifies the destination IP address for the mirrored packets.

source-ip source-ip-address: Specifies the source IP address for the mirrored packets.

destination-ipv6 destination-ipv6-address: Specifies the destination IPv6 address for the mirrored packets. This keyword is supported only in Release 6635 and later.

source-ipv6 source-ipv6-address: Specifies the source IPv6 address for the mirrored packets. This keyword is supported only in Release 6635 and later.

vxlan vxlan-id: Specifies a VXLAN by its ID in the range of 1 to 16777215 for the mirrored packets. For more information about VXLAN, see VXLAN Configuration Guide. This keyword is supported only in Release 6635 and later.

destination-port destination-port-value: Specifies the destination port number for mirrored packets encapsulated by using VXLAN. The default is 4789. This keyword is supported only in Release 6635 and later.

source-port source-port-value: Specifies the source port number for mirrored packets encapsulated by using VXLAN. The default is 65535. This keyword is supported only in Release 6635 and later.

dscp dscp-value: Specifies the DSCP value for the mirrored packets. The dscp-value argument can be a number in the range of 0 to 63 or a keyword in Table 3.

Table 3 DSCP keywords and values

Keyword	DSCP value in binary	DSCP value in decimal
af11	001010	10
af12	001100	12
af13	001110	14
af21	010010	18
af22	010100	20
af23	010110	22
af31	011010	26
af32	011100	28
af33	011110	30
af41	100010	34
af42	100100	36
af43	100110	38
cs1	001000	8
cs2	010000	16
cs3	011000	24
cs4	100000	32
cs5	101000	40
cs6	110000	48
cs7	111000	56
default	000000	0
ef	101110	46

‌

vlan vlan-id: Specifies a VLAN by its VLAN ID in the range of 1 to 4094 for the mirrored packets.

Usage guidelines

You can execute the mirror-to interface interface-type interface-number command multiple times for a traffic behavior to mirror traffic to different interfaces.

By using the mirror-to interface interface-type interface-number command, you can mirror traffic to a maximum of four Ethernet interfaces or Layer 2 aggregate interfaces. If more than four interfaces are configured, all the interfaces configured by using the command do not take effect.

A sampler selects a packet from sequential packets. Flow mirroring uses a sampler to limit the volume of traffic to be mirrored. Flow mirroring supports using a sampler that has not been created. If you configure multiple samplers for a mirroring action, the most recent configuration takes effect. For more information about samplers, see Network Management and Monitoring Configuration Guide.

To mirror traffic to the specified interface, use the mirror-to interface interface-type interface-number command.

To mirror traffic to interfaces based on routes matching the specified destination IP address, use the mirror-to interface destination-ip destination-ip-address source-ip source-ip-address command. When receiving packets that meet the flow mirroring criteria, the device performs the following tasks:

1. Encapsulates the packets based on the configured encapsulation parameters, including the source and destination IP addresses.

2. Searches the routing table for routes matching the configured destination IP address.

If ECMP load-balancing is configured, multiple matching ECMP routes might be found for the specified destination IP address.

3. Sends the mirrored packets out of the output interfaces in the matching routes to the final destination.

If a selected output interface goes down, the device will send the mirrored packets out of another interface based on the routing metric recalculations.

If traffic is mirrored to an aggregate interface, make sure the member ports in the aggregate interface and the incoming interface of the original traffic belong to the same interface group. Execute the display drv system 9 command in probe view. In the command output, interfaces in the same pipe belong to the same interface group.

In Release 6635 and later, follow these restrictions and guidelines:

· You can successfully encapsulate packets with an IPv6 address only when VXLAN encapsulation is used.

· You cannot specify the dscp keyword for packets successfully encapsulated with an IPv6 address by VXLAN.

· If you configure both a generic QoS policy and a mirror-type QoS policy to mark the same packets with different VXLAN IDs, these packets are actually encapsulated with the same VXLAN ID. Avoid such configuration.

Examples

# Create traffic behavior 1 and configure the action of mirroring traffic to Twenty-FiveGigE 1/0/1 for the traffic behavior.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to interface twenty-fivegige 1/0/1

# Create traffic behavior 1, configure the action of mirroring traffic to Twenty-FiveGigE 1/0/1, and use the sampler samp.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to interface twenty-fivegige 1/0/1 sampler samp

# Create traffic behavior 1, and configure the action of mirroring traffic to Twenty-FiveGigE 1/0/1 for the traffic behavior. Specify the following parameters for the mirrored packets sent to Twenty-FiveGigE 1/0/1:

· Specify 1.1.1.1 and 2.2.2.2 as the source address and destination address, respectively.

· Specify 20, 100, and vrf1 as the DSCP value, VLAN, and the VPN instance name, respectively.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to interface twenty-fivegige 1/0/1 destination-ip 1.1.1.1 source-ip 2.2.2.2 dscp 20 vlan 100 vrf-instance vrf1

# Configure traffic behavior 1 to encapsulate mirrored packets with destination address 2.2.2.2 and source address 1.1.1.1 and send out the packets.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to interface destination-ip 1.1.1.1 source-ip 2.2.2

11-Network Management and Monitoring Command Reference

Port mirroring commands

display mirroring-group

mirroring-group

mirroring-group mirroring-cpu

mirroring-group mirroring-port (interface view)

mirroring-group mirroring-port (system view)

mirroring-group monitor-egress

mirroring-group monitor-port (interface view)

mirroring-group monitor-port (system view)

mirroring-group reflector-port

mirroring-group remote-probe vlan

Flow mirroring commands

mirror-to cpu

mirror-to grpc

mirror-to ifa-processor

mirror-to interface

Cloud & AI

InterConnect

Intelligent Computing

Security

SMB Products

Intelligent Terminal Products

Industry Solutions

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Training & Certification

Become a Partner

Partner Resources

Partner Business Management

Company Information

News & Events

Online Exhibition Center

Contact Us