Table of Contents

Related Documents

17-Mirroring commands

Title	Size	Download
17-Mirroring commands	211.97 KB

Port mirroring commands

The device supports MDC only when it is operating in standalone mode. For more information about the standalone mode and device models that support MDC, see Virtual Technologies Configuration Guide.

display mirroring-group

Use display mirroring-group to display mirroring group information.

Syntax

display mirroring-group { group-id | all | local | remote-destination | remote-source }

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

group-id: Specifies a mirroring group by its ID. The value range for this argument is 1 to 128.

all: Specifies all mirroring groups.

local: Specifies local mirroring groups.

remote-destination: Specifies remote destination groups.

remote-source: Specifies remote source groups.

Usage guidelines

Mirroring group information includes the type, status, and content of a mirroring group. It is sorted by mirroring group number.

Examples

# Display information about all mirroring groups.

<Sysname> display mirroring-group all

Mirroring group 1:

Type: Local

Status: Active

Mirroring port:

Ten-GigabitEthernet3/0/1 Inbound

Monitor port:

Ten-GigabitEthernet3/0/2

Mirroring group 2:

Type: Local

Status: Active

Mirroring port:

Ten-GigabitEthernet3/0/5 Inbound

Monitor port:

Ten-GigabitEthernet3/0/6

Encapsulation: Destination IP address 1.1.1.1

Source IP address 2.2.2.2

DSCP 1

VLAN 2

VRF Instance 3

Destination MAC address 0011-0200-0211

Mirroring group 3:

Type: Local

Status: Active

Mirroring port:

GigabitEthernet2/0/1 Inbound

Monitor port:

GigabitEthernet2/0/2

Encapsulation: Destination IPv6 address 100:100:100:100:100:100:100:100

Source IPv6 address 200:200:200:200:200:200:200:200

Destination MAC address 000f-e241-5e5b

Table 1 Command output

Field	Description
Mirroring group	Number of the mirroring group.
Type	Type of the mirroring group: · Local. · Remote source. · Remote destination.
Status	Status of the mirroring group: · Active—The mirroring group has taken effect. · Incomplete—The mirroring group configuration is not complete and does not take effect.
Mirroring port	Source port.
Encapsulation	Encapsulation parameters of the mirrored packets.
Mirroring CPU	Source CPU.
Monitor port	Destination port.
Destination IP address	Destination IP address in the outer header of the GRE-encapsulated mirrored packets.
Source IP address	Source IP address in the outer header of the GRE-encapsulated mirrored packets.
Destination IPv6 address	Destination IPv6 address in the outer header of the GRE-encapsulated mirrored packets.
Source IPv6 address	Source IPv6 address in the outer header of the GRE-encapsulated mirrored packets.
DSCP	DSCP value in the outer header of the GRE-encapsulated mirrored packets.
VLAN	VLAN in the outer header of the GRE-encapsulated mirrored packets.
VRF Instance	VPN instance whose routing table is used to direct forwarding of the mirrored packets.
Destination MAC address	Destination MAC address in the outer header of the GRE-encapsulated mirrored packets.

‌

mirroring-group

Use mirroring-group to create a mirroring group.

Use undo mirroring-group to delete mirroring groups.

Syntax

mirroring-group group-id { local | remote-destination | remote-source }

undo mirroring-group { group-id | all | local | remote-destination | remote-source }

Default

No mirroring groups exist.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

group-id: Specifies a mirroring group ID. The value range for this argument is 1 to 128. The device supports a maximum of nine mirroring groups: four mirroring groups with ports as mirroring sources, four mirroring groups with VLANs as mirroring sources, and one mirroring group with CPUs as mirroring sources.

local: Specifies local mirroring groups.

remote-destination: Specifies remote destination groups.

remote-source: Specifies remote source groups.

all: Specifies all mirroring groups.

Examples

# Create local mirroring group 1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

mirroring-group mirroring-cpu

Use mirroring-group mirroring-cpu to configure source CPUs for a mirroring group.

Use undo mirroring-group mirroring-cpu to remove source CPUs from a mirroring group.

Syntax

In standalone mode:

mirroring-group group-id mirroring-cpu slot slot-number-list { both | inbound | outbound }

undo mirroring-group group-id mirroring-cpu slot slot-number-list

In IRF mode:

mirroring-group group-id mirroring-cpu chassis chassis-number slot slot-number-list { both | inbound | outbound }

undo mirroring-group group-id mirroring-cpu chassis chassis-number slot slot-number-list

Default

No source CPU is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

group-id: Specifies a mirroring group by its number. The specified mirroring group must already exist. The value range for this argument is 1 to 128.

slot slot-number-list: Specifies a space-separated list of up to eight slot number items. An item specifies a card by its slot number or specifies a range of cards in the form of start-slot-number to end-slot-number. The end slot number must be equal to or greater than the start slot number. (In standalone mode.)

chassis chassis-number slot slot-number-list: Specifies cards on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number-list argument specifies a space-separated list of up to eight slot number items. An item specifies a card by its slot number or specifies a range of cards in the form of start-slot-number to end-slot-number. The end slot number must be equal to or greater than the start slot number. (In IRF mode.)

both: Mirrors both received and sent packets.

inbound: Mirrors only received packets.

outbound: Mirrors only sent packets.

Usage guidelines

You can configure source CPUs only for local mirroring groups and remote source groups.

Examples

# (In standalone mode.) Create local mirroring group 1 to monitor the inbound traffic of the CPU on the specified slot.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 mirroring-cpu slot 1 inbound

Related commands

mirroring-group

mirroring-group mirroring-port (interface view)

Use mirroring-group mirroring-port to configure a port as a source port for a mirroring group.

Use undo mirroring-group mirroring-port to restore the default.

Syntax

mirroring-group group-id mirroring-port { both | inbound | outbound }

undo mirroring-group group-id mirroring-port

Default

A port does not act as a source port for any mirroring groups.

Views

Interface view

Predefined user roles

network-admin

mdc-admin

Parameters

group-id: Specifies a mirroring group by its ID. The value range for this argument is 1 to 128.

both: Mirrors both received and sent packets.

inbound: Mirrors only received packets.

outbound: Mirrors only sent packets.

Usage guidelines

You can configure source ports only for local mirroring groups and remote source groups.

Do not assign a source port of a mirroring group to the remote probe VLAN of the mirroring group.

A port can act as a source port for only one mirroring group.

A source port cannot be used as a monitor port or egress port.

Examples

# Create local mirroring group 1 to monitor the bidirectional traffic of the port Ten-GigabitEthernet 3/0/1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] mirroring-group 1 mirroring-port both

# Create remote source group 2 to monitor the bidirectional traffic of the port Ten-GigabitEthernet 3/0/2.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-source

[Sysname] interface ten-gigabitethernet 3/0/2

[Sysname-Ten-GigabitEthernet3/0/2] mirroring-group 2 mirroring-port both

Related commands

mirroring-group

mirroring-group mirroring-port (system view)

Use mirroring-group mirroring-port to configure source ports for a mirroring group.

Use undo mirroring-group mirroring-port to remove source ports from a mirroring group.

Syntax

mirroring-group group-id mirroring-port interface-list { both | inbound | outbound }

undo mirroring-group group-id mirroring-port interface-list

Default

No source port is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

group-id: Specifies a mirroring group by its ID. The value range for this argument is 1 to 128.

interface-list: Specifies a space-separated list of up to eight interface items. Each item specifies an interface by its type and number or specifies a range of interfaces in the form of interface-type interface-number1 to interface-type interface-number2. When you specify a range of interfaces, the interfaces must be of the same type and on the same slot. The start interface number must be identical to or lower than the end interface number.

both: Mirrors both received and sent packets.

inbound: Mirrors only received packets.

outbound: Mirrors only sent packets.

Usage guidelines

You can configure source ports only for local mirroring groups and remote source groups.

Do not assign a source port of a mirroring group to the remote probe VLAN of the mirroring group.

A port can act as a source port for only one mirroring group.

A source port cannot be used as a monitor port or egress port.

Examples

# Create local mirroring group 1 to monitor the bidirectional traffic of Ten-GigabitEthernet 3/0/1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 mirroring-port ten-gigabitethernet 3/0/1 both

# Create remote source group 2 to monitor the bidirectional traffic of Ten-GigabitEthernet 3/0/2.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-source

[Sysname] mirroring-group 2 mirroring-port ten-gigabitethernet 3/0/2 both

Related commands

mirroring-group

mirroring-group mirroring-vlan

Use mirroring-group mirroring-vlan to configure source VLANs for a mirroring group.

Use undo mirroring-group mirroring-vlan to remove source VLANs from a mirroring group.

Syntax

mirroring-group group-id mirroring-vlan vlan-list { both | inbound | outbound }

undo mirroring-group group-id mirroring-vlan vlan-list

Default

No source VLAN is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

group-id: Specifies a mirroring group by its number. The specified mirroring group must already exist. The value range for this argument is 1 to 128.

vlan-list: Specifies a space-separated list of up to eight VLAN ID items. Each item specifies a single VLAN ID or a VLAN ID range in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.

both: Mirrors both received and sent packets on the ports in the source VLANs.

inbound: Mirrors only packets received by the ports in the source VLANs.

outbound: Mirrors only packets sent by the ports in the source VLANs.

Usage guidelines

You can configure source VLANs only for local mirroring groups and remote source groups.

A VLAN can act as the source VLAN for only one mirroring group.

Examples

# Create local mirroring group 1 to monitor the bidirectional traffic of the ports in VLAN 1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 mirroring-vlan 1 both

# Create remote source group 2 to monitor the bidirectional traffic of the ports in VLAN 2.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-source

[Sysname] mirroring-group 2 mirroring-vlan 2 both

Related commands

mirroring-group

mirroring-group monitor-egress

Use mirroring-group monitor-egress to configure the egress port for a remote source group.

Use undo mirroring-group monitor-egress to restore the default.

Syntax

In system view:

mirroring-group group-id monitor-egress interface-type interface-number

undo mirroring-group group-id monitor-egress interface-type interface-number

In interface view:

mirroring-group group-id monitor-egress

undo mirroring-group group-id monitor-egress

Default

No egress port is configured for a remote source group.

Views

System view

Interface view

Predefined user roles

network-admin

mdc-admin

Parameters

group-id: Specifies a mirroring group by its ID. The value range for this argument is 1 to 128.

interface-type interface-number: Specifies a port by its type and number.

Usage guidelines

You can configure egress ports only for remote source groups.

Do not assign the egress port of a mirroring group to a source VLAN of the mirroring group.

For port mirroring to work correctly, disable the following features on the egress port of a mirroring group:

· Spanning tree.

· 802.1X.

· IGMP snooping.

· Static ARP.

· MAC address learning.

The member port of an existing mirroring group cannot be configured as an egress port.

The member port of an aggregate interface cannot be configured as an egress port.

When configuring an egress port, follow these restrictions and guidelines:

· If the mirroring source is a source port, the egress port must be in the same slot as the source port.

· If the mirroring source is a source VLAN, the egress port must be in the same slot as the ports of the source VLAN.

· If the mirroring source is a source CPU, the egress port must be in the same slot as the CPU.

Examples

# Create remote source group 1. Configure Ten-GigabitEthernet 3/0/1 as its egress port in system view.

<Sysname> system-view

[Sysname] mirroring-group 1 remote-source

[Sysname] mirroring-group 1 monitor-egress ten-gigabitethernet 3/0/1

# Create remote source group 2. Configure Ten-GigabitEthernet 3/0/2 as its egress port in interface view.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-source

[Sysname] interface ten-gigabitethernet 3/0/2

[Sysname-Ten-GigabitEthernet3/0/2] mirroring-group 2 monitor-egress

Related commands

mirroring-group

mirroring-group monitor-port (interface view)

Use mirroring-group monitor-port to configure a port as the monitor port for a mirroring group.

Use undo mirroring-group monitor-port to restore the default.

Syntax

mirroring-group group-id monitor-port [ { destination-ip destination-ip-address source-ip source-ip-address | destination-ipv6 destination-ipv6-address source-ipv6 source-ipv6-address } [ dscp dscp-value | vlan vlan-id | vrf-instance vrf-name ] * [ destination-mac mac-address ] | destination-mac mac-address ]

undo mirroring-group group-id monitor-port

Default

A port does not act as the monitor port for any mirroring groups.

Views

Interface view

Predefined user roles

network-admin

mdc-admin

Parameters

group-id: Specifies a mirroring group by its ID. The value range for this argument is 1 to 128.

destination-ip destination-ip-address: Specifies the destination IP address for the mirrored packets.

source-ip source-ip-address: Specifies the source IP address for the mirrored packets.

destination-ipv6 destination-ipv6-address: Specifies the destination IPv6 address for the mirrored packets.

source-ipv6 source-ipv6-address: Specifies the source IPv6 address for the mirrored packets.

dscp dscp-value: Specifies the DSCP value for the mirrored packets. The dscp-value argument can be a number in the range of 0 to 63 or a keyword in Table 2. The default DSCP value is 0.

Table 2 DSCP keywords and values

Keyword	DSCP value in binary	DSCP value in decimal
af11	001010	10
af12	001100	12
af13	001110	14
af21	010010	18
af22	010100	20
af23	010110	22
af31	011010	26
af32	011100	28
af33	011110	30
af41	100010	34
af42	100100	36
af43	100110	38
cs1	001000	8
cs2	010000	16
cs3	011000	24
cs4	100000	32
cs5	101000	40
cs6	110000	48
cs7	111000	56
default	000000	0
ef	101110	46

‌

vlan vlan-id: Specifies a VLAN by its VLAN ID in the range of 1 to 4094 for the mirrored packets.

vrf-instance vrf-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. The mirrored packets will be forwarded based on the routing table of the specified VPN instance.

destination-mac mac-address: Specifies the destination MAC address for mirrored packets. The mac-address argument is in the format of H-H-H. If you do not specify this option, the device uses the destination IP address to obtain the destination MAC address. If the destination MAC address cannot be obtained, the default MAC address 000f-e241-5e5b is used.

Usage guidelines

You can configure monitor ports only for local mirroring groups and remote destination groups.

Do not assign the monitor port of a mirroring group to a source VLAN of the mirroring group.

Do not enable the spanning tree feature on the monitor port of a mirroring group.

For a Layer 2 aggregate interface configured as the monitor port of a mirroring group, do not perform either of the following tasks:

· Configure its member ports as source ports of the mirroring group.

· Assign its member ports to a source VLAN of the mirroring group.

Use a monitor port only for port mirroring, so the data monitoring device receives and analyzes only the mirrored traffic.

The member port of an existing mirroring group cannot be configured as a monitor port.

Examples

# Create local mirroring group 1 and configure Ten-GigabitEthernet 3/0/1 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] mirroring-group 1 monitor-port

# Create remote destination group 2 and configure Ten-GigabitEthernet 3/0/2 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-destination

[Sysname] interface ten-gigabitethernet 3/0/2

[Sysname-Ten-GigabitEthernet3/0/2] mirroring-group 2 monitor-port

# Create local mirroring group 3. Specify Ten-GigabitEthernet 3/0/1 as its monitor port and configure the encapsulation parameters including the source and destination IP addresses, DSCP value, VLAN, and VPN instance for the mirrored packets.

<Sysname> system-view

[Sysname] mirroring-group 3 local

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] mirroring-group 3 monitor-port destination-ip 1.1.1.1 source-ip 3.3.3.3 dscp 1 vlan 1 vrf-instance 122

Related commands

mirroring-group

mirroring-group monitor-port (system view)

Use mirroring-group monitor-port to configure the monitor ports for a mirroring group.

Use undo mirroring-group monitor-port to remove the monitor ports from a mirroring group.

Syntax

mirroring-group group-id monitor-port interface-list [ { destination-ip destination-ip-address source-ip source-ip-address | destination-ipv6 destination-ipv6-address source-ipv6 source-ipv6-address } [ dscp dscp-value | vlan vlan-id | vrf-instance vrf-name ] * [ destination-mac mac-address ] | destination-mac mac-address ]

undo mirroring-group group-id monitor-port interface-list

Default

No monitor port is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

group-id: Specifies a mirroring group by its ID. The value range for this argument is 1 to 128.

destination-ip destination-ip-address: Specifies the destination IP address for the mirrored packets.

source-ip source-ip-address: Specifies the source IP address for the mirrored packets.

destination-ipv6 destination-ipv6-address: Specifies the destination IPv6 address for the mirrored packets.

source-ipv6 source-ipv6-address: Specifies the source IPv6 address for the mirrored packets.

dscp dscp-value: Specifies the DSCP value for the mirrored packets. The dscp-value argument can be a number in the range of 0 to 63 or a keyword in Table 2. The default DSCP value is 0.

vlan vlan-id: Specifies a VLAN by its VLAN ID in the range of 1 to 4094 for the mirrored packets.

Usage guidelines

You can configure monitor ports only for local mirroring groups and remote destination groups.

Do not assign the monitor port of a mirroring group to a source VLAN of the mirroring group.

Do not enable the spanning tree feature on the monitor port of a mirroring group.

For a Layer 2 aggregate interface configured as the monitor port of a mirroring group, do not perform any of the following tasks:

· Configure its member ports as source ports of the mirroring group.

· Assign its member ports to a source VLAN of the mirroring group.

Use a monitor port only for port mirroring, so the data monitoring device receives only the mirrored traffic.

The member port of an existing mirroring group cannot be configured as a monitor port.

Examples

# Create local mirroring group 1 and configure Ten-GigabitEthernet 3/0/1 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 monitor-port ten-gigabitethernet 3/0/1

# Create remote destination group 2 and configure Ten-GigabitEthernet 3/0/2 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-destination

[Sysname] mirroring-group 2 monitor-port ten-gigabitethernet 3/0/2

# Create local mirroring group 4. Specify Ten-GigabitEthernet 3/0/1 as its monitor port and configure the encapsulation parameters including the source and destination IP addresses, DSCP value, VLAN, and VPN instance for the mirrored packets.

<Sysname> system-view

[Sysname] mirroring-group 4 local

[Sysname] mirroring-group 4 monitor-port ten-gigabitethernet 3/0/1 destination-ip 1.1.1.1 source-ip 3.3.3.3 dscp 1 vlan 1 vrf-instance 122

Related commands

mirroring-group

mirroring-group remote-probe vlan

Use mirroring-group remote-probe vlan to specify a VLAN as the remote probe VLAN for a mirroring group.

Use undo mirroring-group remote-probe vlan to restore the default.

Syntax

mirroring-group group-id remote-probe vlan vlan-id

undo mirroring-group group-id remote-probe vlan vlan-id

Default

No remote probe VLAN is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

group-id: Specifies a mirroring group by its ID. The value range for this argument is 1 to 128.

vlan-id: Specifies a VLAN by its ID.

Usage guidelines

You can configure remote probe VLANs only for remote source groups and remote destination groups.

When a VLAN is configured as a remote probe VLAN, use the VLAN for port mirroring exclusively.

The remote mirroring groups on the source device and destination device must use the same remote probe VLAN.

Only a static VLAN that already exists can be configured as a remote probe VLAN. A VLAN can be configured as the remote probe VLAN for only one mirroring group.

To delete a VLAN that is configured as a remote probe VLAN, remove the remote probe VLAN configuration first.

Examples

# Create remote source group 1 and configure VLAN 10 as its remote probe VLAN.

<Sysname> system-view

[Sysname] mirroring-group 1 remote-source

[Sysname] mirroring-group 1 remote-probe vlan 10

# Create remote destination group 2 and configure VLAN 20 as its remote probe VLAN.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-destination

[Sysname] mirroring-group 2 remote-probe vlan 20

Related commands

mirroring-group

Flow mirroring commands

The device supports MDC only when it is operating in standalone mode. For more information about the standalone mode and device models that support MDC, see Virtual Technologies Configuration Guide.

display monitoring-group

Use display monitoring-group to display monitoring group information.

Syntax

display monitoring-group { group-id | all }

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

group-id: Specifies a monitoring group by its number. The value range for this argument is 1 to 4112.

all: Specifies all monitoring groups.

Examples

# Display information about all monitoring groups.

<Sysname> display monitoring-group all

Monitoring group 1:

Monitoring ports: Ten-GigabitEthernet3/0/2

Ten-GigabitEthernet3/0/3

Ten-GigabitEthernet3/0/4

Table 3 Command output

Field	Description
Monitoring group	ID of the monitoring group.
Monitoring ports	Monitoring ports in the monitoring group.

‌

# Display information about all monitoring groups. (Devices that support encapsulation parameter configuration.)

<Sysname> display monitoring-group all

Monitoring group 1:

Monitoring ports:

Ten-GigabitEthernet3/0/4

Ten-GigabitEthernet3/0/5

Monitoring ports:

Ten-GigabitEthernet3/0/6

Encapsulation: Destination IP address 1.1.1.1

Source IP address 2.2.2.2

DSCP 1

VLAN 2

VRF Instance aa

Destination MAC address 0011-0200-0211

Table 4 Command output

Field	Description
Monitoring group	ID of the monitoring group.
Monitoring ports	Monitoring ports in the monitoring group.
Encapsulation	Encapsulation parameters of the mirrored packets.
Destination IP address	Destination IP address in the outer header of the GRE-encapsulated mirrored packets.
Source IP address	Source IP address in the outer header of the GRE-encapsulated mirrored packets.
DSCP	DSCP value in the outer header of the GRE-encapsulated mirrored packets.
VLAN	VLAN in the outer header of the GRE-encapsulated mirrored packets.
VRF Instance	VPN instance whose routing table is used to direct forwarding of the mirrored packets.
Destination MAC address	Destination MAC address in the outer header of the GRE-encapsulated mirrored packets.

‌

mirror-to cpu

Use mirror-to cpu to configure a mirroring action that mirrors traffic to the CPU.

Use undo mirror-to cpu to delete the mirroring action that mirrors traffic to the CPU.

Syntax

mirror-to cpu

undo mirror-to cpu

Default

No mirroring action exists to mirror traffic to the CPU.

Views

Traffic behavior view

Predefined user roles

network-admin

mdc-admin

Examples

# Create traffic behavior 1 and configure the action of mirroring traffic to the CPU for the traffic behavior.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to cpu

mirror-to ifa-processor

Use mirror-to ifa-processor to configure a mirroring action that mirrors traffic to the in-band network telemetry (INT) processor.

Use undo mirror-to ifa-processor to delete the mirroring action that mirrors traffic to the INT processor.

Syntax

mirror-to ifa-processor [ sampler sampler-name ] [ vxlan ]

undo mirror-to ifa-processor

Default

No mirroring action exists to mirror traffic to the INT processor.

Views

Traffic behavior view

Predefined user roles

network-admin

mdc-admin

Parameters

sampler sampler-name: Specifies a sampler by its name. The sampler-name argument is a case-insensitive string of 1 to 31 characters. If you do not specify this option, packets are not sampled, and all matching packets are mirrored.

vxlan: Performs VXLAN encapsulation before performing INT encapsulation for packets to be mirrored to the INT processor. For more information about VXLAN, see VXLAN Configuration Guide or EVPN Configuration Guide.

Usage guidelines

A sampler selects a packet from sequential packets. Flow mirroring uses the sampler to limit the volume of traffic to be mirrored. Flow mirroring supports using a sampler that has not been created. If you configure multiple samplers for a mirroring action, the most recent configuration takes effect. For more information about samplers, see Network Management and Monitoring Configuration Guide.

To enable INT in a VXLAN or EVPN network, you must configure the VTEP as an INT entry node and specify the vxlan keyword when configuring the action of mirroring traffic to the INT processor.

Example

# Create traffic behavior 1 and configure the action of mirroring traffic to the INT processor. Specify sampler samp for the mirroring action.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to ifa-processor sampler samp

Related commands

sampler

mirror-to interface

Use mirror-to interface to configure a mirroring action that mirrors traffic to an interface.

Use undo mirror-to interface to delete a mirroring action that mirrors traffic to an interface.

Syntax

Syntax 1:

mirror-to interface interface-type interface-number [ backup-interface interface-type interface-number ] [ sampler sampler-name ] [ truncation ] [ { destination-ip destination-ip-address source-ip source-ip-address | destination-ipv6 destination-ipv6-address source-ipv6 source-ipv6-address } [ dscp dscp-value | vlan vlan-id | vrf-instance vrf-name ] * ] [ destination-mac mac-address ]

undo mirror-to interface interface-type interface-number

Syntax 2:

mirror-to interface { destination-ip destination-ip-address source-ip source-ip-address | destination-ipv6 destination-ipv6-address source-ipv6 source-ipv6-address } [ sampler sampler-name ] [ truncation ] [ dscp dscp-value | vlan vlan-id | vrf-instance vrf-name ] * [ destination-mac mac-address ]

undo mirror-to interface { destination-ip destination-ip-address source-ip source-ip-address| destination-ipv6 destination-ipv6-address source-ipv6 source-ipv6-address }

Syntax 3:

mirror-to interface interface-type interface-number reflector-port interface-type interface-number strip-vlan vlan-id

undo mirror-to interface interface-type interface-number

Default

No mirroring actions exist to mirror traffic to interfaces.

Views

Traffic behavior view

Predefined user roles

network-admin

mdc-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

backup-interface interface-type interface-number: Specifies a backup interface by its type and number. When the card hosting the primary interface specified by using the interface interface-type interface-number option is unplugged or rebooted, traffic can be mirrored to the backup interface. When the card hosting the primary interface recovers, traffic is switched back to the primary interface.

sampler sampler-name: Specifies a sampler by its name. The sampler-name argument is a case-insensitive string of 1 to 31 characters.

truncation: Truncates the mirrored packets to retain only the first 192 bytes of each packet.

destination-ip destination-ip-address: Specifies the destination IP address for the mirrored packets.

source-ip source-ip-address: Specifies the source IP address for the mirrored packets.

destination-ipv6 destination-ipv6-address: Specifies the destination IPv6 address for the mirrored packets.

source-ipv6 source-ipv6-address: Specifies the source IPv6 address for the mirrored packets.

dscp dscp-value: Specifies the DSCP value for the mirrored packets. The dscp-value argument can be a number in the range of 0 to 63 or a keyword in Table 5.

Table 5 DSCP keywords and values

Keyword	DSCP value in binary	DSCP value in decimal
af11	001010	10
af12	001100	12
af13	001110	14
af21	010010	18
af22	010100	20
af23	010110	22
af31	011010	26
af32	011100	28
af33	011110	30
af41	100010	34
af42	100100	36
af43	100110	38
cs1	001000	8
cs2	010000	16
cs3	011000	24
cs4	100000	32
cs5	101000	40
cs6	110000	48
cs7	111000	56
default	000000	0
ef	101110	46

‌

vlan vlan-id: Specifies a VLAN by its VLAN ID in the range of 1 to 4094 for the mirrored packets.

destination-mac mac-address: Specifies the destination MAC address for mirrored packets sent to the interface. The mac-address argument is in the format of H-H-H. If you do not specify this option, the device uses the destination IP address to dynamically get the destination MAC address for the mirrored packets.

reflector-port interface-type interface-number: Specifies a reflector port by its type and number.

strip-vlan vlan-id: Specifies a VLAN where mirrored packets are broadcast by its ID in the range of 1 to 4094.

Usage guidelines

If you execute the mirror-to interface interface-type interface-number command for a traffic behavior multiple times, the most recent configuration takes effect.

The configuration does not take effect when you use syntax 1 to mirror traffic to interfaces on the following interface modules. The vlan vlan-id, vrf-instance vrf-instance-name, and destination-mac mac-address keywords in this command do not take effect when you use syntax 2 to mirror traffic to interfaces on the following interface modules:

· SE interface modules.

· LSCM1GT48SC0 interface modules.

When you mirror traffic from an interface on an SC interface module prefixed with LSCM2 or SF interface module to an interface on an SE interface module or LSCM1GT48SC0 interface module, the truncation keyword in this command does not take effect.

A sampler selects a packet from sequential packets. Flow mirroring uses a sampler to limit the volume of traffic to be mirrored. Flow mirroring supports using a sampler that has not been created. If you configure multiple samplers for a mirroring action, the most recent configuration takes effect. For more information about samplers, see Network Management and Monitoring Configuration Guide.

To mirror traffic to the specified interface, use the mirror-to interface interface-type interface-number command.

To mirror traffic to interfaces based on routes matching the specified destination IP address, use the mirror-to interface destination-ip destination-ip-address source-ip source-ip-address command. When receiving packets that meet the flow mirroring criteria, the device performs the following tasks:

1. Encapsulates the packets based on the configured encapsulation parameters, including the source and destination IP addresses.

2. Searches the routing table for routes matching the configured destination IP address.

If ECMP load-balancing is configured, multiple matching ECMP routes might be found for the specified destination IP address.

3. Sends the mirrored packets out of the output interfaces in the matching routes to the final destination.

If a selected output interface goes down, the device will send the mirrored packets out of another interface based on the routing metric recalculations.

If you do not specify a VLAN for the mirrored packets destined to a VLAN interface, the device encapsulates the packets as follows:

¡ The device determines whether to encapsulate a VLAN ID for the packets based on the VLAN settings for the Layer 2 Ethernet interface associated with the VLAN interface.

¡ To encapsulate a VLAN ID, the device uses the VLAN ID of the VLAN interface to encapsulate the packets.

When you use syntax 3 to mirror traffic to an interface, the device copies packets received on the mirroring sources to the destination interface. Then, the destination interface sends the mirrored packets to the specified reflector port, and the reflector port broadcasts the mirrored packets within the specified VLAN. This syntax is applicable only when the mirrored packets are VLAN-tagged and these packets must be sent out of the device untagged.

When you use syntax 3, the specified mirroring destination interface and reflector port must be assigned to a mirroring-type service loopback group. For more information about service loopback groups, see service loopback group configuration in Layer 2—LAN Switching Configuration Guide.

You cannot flow-mirror traffic to tunnel interfaces.

Examples

# Create traffic behavior 1 and configure the action of mirroring traffic to Ten-GigabitEthernet 3/0/1 for the traffic behavior.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to interface ten-gigabitethernet 3/0/1

# Create traffic behavior 1, configure the action of mirroring traffic to Ten-GigabitEthernet 3/0/1, and use the sampler samp.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to interface ten-gigabitethernet 3/0/1 sampler samp

# Create traffic behavior 1, and configure the action of mirroring traffic to Ten-GigabitEthernet 3/0/1 for the traffic behavior. Specify the following parameters for the mirrored packets sent to Ten-GigabitEthernet 3/0/1:

· Specify 1.1.1.1 and 2.2.2.2 as the destination address and source address, respectively.

· Specify 20, 100, and vrf1 as the DSCP value, VLAN, and the VPN instance name, respectively.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to interface ten-gigabitethernet 3/0/1 destination-ip 1.1.1.1 source-ip 2.2.2.2 dscp 20 vlan 100 vrf-instance vrf1

# Configure traffic behavior 1 to encapsulate mirrored packets with source address 2.2.2.2 and destination address 1.1.1.1 and send out the packets.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to interface destination-ip 1.1.1.1 source-ip 2.2.2

# Configure traffic behavior 1 to mirror packets to Ten-GigabitEthernet 3/0/1 with the reflector port as Ten-GigabitEthernet 3/0/2 and broadcast the mirrored packets with VLAN 100.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to interface ten-gigabitethernet 3/0/1 reflector-port ten-gigabitethernet 3/0/2 strip-vlan 100

mirror-to monitoring-group

Use mirror-to monitoring-group to configure a mirroring action that mirrors traffic to a monitoring group.

Use undo mirror-to monitoring-group to delete a mirroring action that mirrors traffic to a monitoring group.

‌

NOTE:

This command is not supported on the LSCM1GT48SC0 modules and SE interface modules.

‌

Syntax

mirror-to monitoring-group group-id

undo mirror-to monitoring-group group-id

Default

No mirroring actions exist to mirror traffic to a monitoring group.

Views

Traffic behavior view

Predefined user roles

network-admin

mdc-admin

Parameters

group-id: Specifies a monitoring group by its number. The value range for this argument is 4097 to 4112.

Examples

# Create traffic behavior b1 and configure the action of mirroring traffic to monitoring group 1.

<Sysname> system-view

[Sysname] traffic behavior b1

[Sysname-behavior-b1] mirror-to monitoring-group 1

monitoring-group

Use monitoring-group to create a monitoring group and enter its view, or enter the view of an existing monitoring group.

Use undo monitoring-group to delete monitoring groups.

Syntax

monitoring-group group-id

undo monitoring-group { group-id | all }

Default

No monitoring groups exist.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

group-id: Specifies a number for the monitoring group. The value range for this argument is 1 to 4112.

all: Specifies all monitoring groups.

Examples

# Create monitoring group 1.

<Sysname> system-view

[Sysname] monitoring-group 1

monitoring-port

Use monitoring-port to assign ports to a monitoring group.

Use undo monitoring-port to remove ports from a monitoring group.

Syntax

Syntax I

monitoring-port interface-list [ { destination-ip destination-ip-address source-ip source-ip-address | destination-ipv6 destination-ipv6-address source-ipv6 source-ipv6-address } [ dscp dscp-value | vlan vlan-id | vrf-instance vrf-name ] * [ destination-mac mac-address ] ]

undo monitoring-port interface-list

Syntax II

monitoring-port { destination-ip destination-ip-address source-ip source-ip-address | destination-ipv6 destination-ipv6-address source-ipv6 source-ipv6-address } [ dscp dscp-value | vlan vlan-id | vrf-instance vrf-name ] * [ destination-mac mac-address ]

undo monitoring-port { destination-ip destination-ip-address source-ip source-ip-address | destination-ipv6 destination-ipv6-address source-ipv6 source-ipv6-address }

Default

A monitoring group does not contain any ports.

Views

Monitoring group view

Predefined user roles

network-admin

mdc-admin

Parameters

interface-list: Specifies a space-separated list of up to eight interface items. Each item specifies an interface by its type and number or specifies a range of interfaces in the form of interface-type interface-number1 to interface-type interface-number2. When you specify a range of interfaces, the start interface number must be identical to or lower than the end interface number.

destination-ip destination-ip-address: Specifies the destination IPv4 address for the mirrored packets.

source-ip source-ip-address: Specifies the source IPv4 address for the mirrored packets.

destination-ipv6 destination-ipv6-address: Specifies the destination IPv6 address for the mirrored packets.

source-ipv6 source-ipv6-address: Specifies the source IPv6 address for the mirrored packets.

dscp dscp-value: Specifies the DSCP value for the mirrored packets. The dscp-value argument can be a number in the range of 0 to 63 or a keyword in Table 6.

Table 6 DSCP keywords and values

Keyword	DSCP value in binary	DSCP value in decimal
af11	001010	10
af12	001100	12
af13	001110	14
af21	010010	18
af22	010100	20
af23	010110	22
af31	011010	26
af32	011100	28
af33	011110	30
af41	100010	34
af42	100100	36
af43	100110	38
cs1	001000	8
cs2	010000	16
cs3	011000	24
cs4	100000	32
cs5	101000	40
cs6	110000	48
cs7	111000	56
default	000000	0
ef	101110	46

‌

vlan vlan-id: Specifies a VLAN by its VLAN ID in the range of 1 to 4094 for the mirrored packets.

Usage guidelines

Use the ports in a monitoring group only for flow mirroring, so the data monitoring device receives and analyzes only the mirrored traffic.

If you use syntax 1 to assign multiple ports to a monitoring group, the device encapsulates a mirrored packet with the specified encapsulation parameters in a GRE packet with a protocol number of 0x88BE. Then, a copy of the packet is sent of each port in the monitoring group.

If you use syntax II, the device encapsulates a mirrored packet with the specified encapsulation parameters in a GRE packet with a protocol number of 0x88BE. Then, the device looks up the source IP address and destination IP address of the packet in the routing table and forwards the packet based on the matching route. The outgoing interface of the route is the destination interface of the mirrored packet.

Through configuring load sharing in the routing protocols, you can specify multiple destination interfaces for the mirrored traffic. When the current mirroring destination interface fails, the mirrored traffic is forwarded to the outgoing interface re-calculated by the routing protocols. If you do not specify a VLAN for the mirrored packets destined to a VLAN interface, the device encapsulates the packets as follows:

· The device determines whether to encapsulate a VLAN ID for the packets based on the VLAN settings for the Layer 2 Ethernet interface associated with the VLAN interface.

· To encapsulate a VLAN ID, the device uses the VLAN ID of the VLAN interface to encapsulate the packets.

If you specify encapsulation parameters when flow-mirroring traffic to a monitoring group, the encapsulation parameters for flow-mirroring traffic to the monitoring group member ports must be the same as the encapsulation parameters of the first member port.

Examples

# Create monitoring group 1 and assign Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2 to it.

<Sysname> system-view

[Sysname] monitoring-group 1

[Sysname-monitoring-group-1] monitoring-port ten-gigabitethernet 3/0/1 to ten-gigabitethernet 3/0/2

# Create monitoring group 2 and encapsulate the mirrored packets with destination IP address 1.1.1.1, source IP address 2.2.2.2, DSCP value 20, and VLAN ID 100. Forward the mirrored packets based on the routing table of the VPN instance named vrf1.

<Sysname> system-view

[Sysname] monitoring-group 2

[Sysname-monitoring-group-2] monitoring-port destination-ip 1.1.1.1 source-ip 2.2.2.2 dscp 20 vlan 100 vrf-instance vrf1

# Create monitoring group 3 and assign Ten-GigabitEthernet 3/0/1 to the monitoring group. Encapsulate the mirrored packets with destination IP address 1.1.1.1, source IP address 2.2.2.2, DSCP value 20, and VLAN ID 100. Forward the mirrored packets based on the routing table of the VPN instance named vrf2.

<Sysname> system-view

[Sysname] monitoring-group 3

[Sysname-monitoring-group-3] monitoring-port ten-gigabitethernet 3/0/1 destination-ip 1.1.1.1 source-ip 2.2.2.2 dscp 20 vlan 100 vrf-instance vrf2

Related commands

monitoring-group

12-Network Management and Monitoring Command Reference

display mirroring-group

mirroring-group mirroring-cpu

mirroring-group mirroring-port (system view)

mirroring-group monitor-port (interface view)

mirroring-group monitor-port (system view)

mirror-to interface

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us