Syntax
display mirroring-group { group-id | all | local | remote-destination
| remote-source }
View
Any view
Parameter
group-id:
Group number of a port mirroring group, in the range of 1 to 20.
local:
Defines the specified mirroring group as a local port mirroring group.
remote-destination: Defines the specified mirroring group as the destination group for
remote mirroring.
remote-source: Defines the specified mirroring group as the source group for
remote mirroring.
all:
Specifies all mirroring groups.
Description
Use the display mirroring-group command
to display the parameter settings of a port mirroring group.
Local mirroring group information includes:
l
Group number
l
Group type: local
l
Group status
l
Information about the source port of mirroring
l
Information about the destination port of mirroring
Information displayed on the destination
mirroring group for remote mirroring includes:
l
Group number
l
Group type: remote-destination
l
Group status
l
Information of the destination port
l
Remote-probe VLAN information
Information displayed on the source mirroring
group for remote mirroring includes:
l
Group number
l
Group type: remote-source
l
Group status
l
Information of the source port
l
Information of the reflector port
l
Remote-probe VLAN information
Example
# Display the parameter settings of the
port mirroring group.
<H3C> display mirroring-group
all
mirroring-group 2:
type: local
status: active
mirroring port:
GigabitEthernet1/0/1 both
monitor port:
GigabitEthernet1/0/4
Syntax
display qos-interface [ interface-type interface-number ] mirrored-to
View
Any view
Parameter
interface-type interface-number: Port of the switch. If you enter this argument, the switch will
display the parameter settings of the specified port. If not, the switch will
display the parameters settings of all ports.
Description
Use the display qos-interface
mirrored-to command to display the parameter settings of traffic mirroring.
Information displayed includes:
l
Port name and action name of traffic mirroring
l
Direction of traffic mirroring
l
ACL for identifying traffics
l
Mirroring group
Related command: mirrored-to
Example
# Display the parameter settings of traffic
mirroring on GigabitEthernet1/0/1.
<H3C> display qos-interface
GigabitEthernet 1/0/1 mirrored-to
GigabitEthernet1/0/1: mirrored-to
Inbound:
Matches: Acl 2000 rule 0 running
Mirrored to: mirroring-group 3
Syntax
mirrored-to inbound acl-rule [ system-index ] { interface
interface-type interface-number [ reflector ] | mirroring-group
group-id }
undo mirrored-to inbound acl-rule
View
QoS view
Parameter
inbound:
Mirrors packets received on the port.
acl-rule:
Applied ACL rules, which can be the combination of different types of ACL
rules. Table 1-1 and Table
1-3 describe the ACL combinations on service board of A type and the
corresponding parameter description. Table 1-2 and
Table 1-3 describe the ACL combinations on service
boards other than A type and the corresponding parameter description.
Table 1-1 Combined application of ACLs on service board of A type
|
Combination mode
|
Form of acl-rule
|
|
Apply all rules in an IP type ACL
separately
|
ip-group {
acl-number | acl-name }
|
|
Apply one rule in an IP type ACL
separately
|
ip-group {
acl-number | acl-name } rule rule-id
|
|
Apply all rules in a link type ACL
separately
|
link-group { acl-number | acl-name }
|
|
Apply one rule in a link type separately
|
link-group { acl-number | acl-name } rule rule-id
|
|
Apply one
rule in an IP type ACL and one rule in a link type ACL simultaneously
|
ip-group
{ acl-number | acl-name } rule
rule-id link-group { acl-number | acl-name } rule
rule-id
|
Table 1-2 Combined application of ACLs
on service board other than A type.
|
Combination mode
|
Form of acl-rule
|
|
Apply all rules in an IP type ACL
separately
|
ip-group {
acl-number | acl-name }
|
|
Apply one rule in an IP type ACL
separately
|
ip-group {
acl-number | acl-name } rule rule-id
|
|
Apply all rules in a link type ACL
separately
|
link-group { acl-number | acl-name }
|
|
Apply one rule in a link type separately
|
link-group { acl-number | acl-name } rule rule-id
|
|
Apply all rules in a user-defined ACL separately
|
user-group { acl-number | acl-name }
|
|
Apply one rule in a user-defined ACL
separately
|
user-group { acl-number | acl-name } rule rule-id
|
|
Apply one rule in an IP type ACL and one
rule in a Link type ACL simultaneously
|
ip-group {
acl-number | acl-name } rule rule-id
link-group { acl-number | acl-name } rule rule-id
|
Table 1-3 Parameter description of ACL
combinations
|
Parameter
|
Description
|
|
ip-group {
acl-number | acl-name }
|
Basic and advanced ACL.
acl-number:
ACL number of basic and advanced ACL, ranging from 2,000 to 3,999.
acl-name:
ACL name, containing up to 32 characters, beginning with an English letter (a
to z or A to Z) without space and quotation mark, case insensitive.
|
|
link-group { acl-number | acl-name }
|
Layer 2 ACL
acl-number:
ACL number of the Layer 2 ACL, ranging from 4,000 to 4,999.
acl-name:
ACL name, containing up to 32 characters, beginning with an English letter (a
to z or A to Z) without space and quotation mark, case insensitive.
|
|
user-group { acl-number | acl-name }
|
User-defined ACL
acl-number:
ACL number of the user-defined ACL, ranging from 5,000 to 5,999.
acl-name:
ACL name, containing up to 32 characters, beginning with an English letter (a
to z or A to Z) without space and quotation mark, case insensitive.
|
|
rule-id
|
Number of the ACL rule, ranging from 0 to
127. If this argument is not specified, all rules in the specified ACL will
be applied.
|
system-index:
Specifies an interior index value that is used when an ACL rule is applied to
the port. The index value ranges from 0 to 4,294,967,295. This keyword is only
available when the ACL rule number is specified in the command. After the
specified ACL takes effect, there are three scenarios when you input the index
value:
l
If you do not input an index value or the index
value you input is 0, the system will automatically assign an index greater
than 0;
l
If the input index value is not 0 and does not
conflict with the interior index used by the system, the system will adopt the
index value;
l
If the input index value is not 0 but conflicts
with the interior index used by the system, the system will reassign an index
value.
When the specified ACL rule is not
effective, the system will adopt the input index value.
interface interface-type
interface-number [ reflector ]: Mirrors traffics to the specified
port. interface-type interface-number indicates an Ethernet port. With
the reflector keyword specified, the parameters represent a reflector
port, together with corresponding configuration to realize remote traffic
mirroring; without the reflector keyword, the parameters represent a
destination port, used to realize the local traffic mirroring.
mirroring-group group-id: Mirrors traffics to the
specified mirroring group.
Description
Use the mirrored-to command to start
ACLs to identify traffics and perform traffic mirroring for matched packets.
Use the undo mirrored-to command to
remove traffic mirroring configuration.
This command only applies to the rules
whose actions are permit in matching the specified ACL, and only mirrors
the received traffics. If you want to mirror traffics to a specified port, the
port must be a destination port or reflector port of a mirroring group. Traffic
mirroring supports no cross board operation.
Related command: display qos-interface
mirrored-to
Example
# Mirror packets that match ACL 2000 on
port GigabitEthernet1/0/1 to GigabitEthernet1/0/4 through traffic mirroring.
<H3C> system-view
[H3C] mirroring-group 3 local
[H3C] mirroring-group 3 monitor-port
GigabitEthernet 1/0/4
[H3C] interface GigabitEthernet 1/0/1
[H3C-GigabitEthernet1/0/1] qos
[H3C-qosb-GigabitEthernet1/0/1]
mirrored-to inbound ip-group 3000 interface GigabitEthernet 1/0/4
Syntax
mirroring-group group-id { local | remote-destination
| remote-source }
undo mirroring-group { group-id | all | local | remote-destination
| remote-source }
View
System view
Parameter
group-id:
Group number of a port mirroring group, in the range of 1 to 20.
local:
Specifies the mirroring group as a local port mirroring group.
remote-destination: Specifies the mirroring group as the destination mirroring group
for remote port mirroring.
remote-source: Specifies the mirroring group as the source mirroring group for
remote mirroring.
all: Deletes
all mirroring groups.
Description
Use the mirroring-group command to
configure a port mirroring group.
Use the undo mirroring-group command
to delete a port mirroring group.
Example
# Configure a port mirroring group on the
local switch.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] mirroring-group 3 local
1.1.5 mirroring-group (only for Recovery)
Syntax
mirroring-group groupid { inbound | outbound }
mirroring-port-list mirrored-to monitor-port
undo mirroring-group groupid
View
System view
Parameter
groupId:
Group ID of the port mirroring group, in the range of 1 to 20.
inbound:
Monitors the received packets only.
outbound:
Monitors the transmitted packets only.
mirroring-port-list: Ethernet port list. It means there can be multiple ports. This
argument is provided in the form of port-list={ interface-type
interface-number [ to interface-type interface-number ]
}&<1-8>, where Interface-type interface-number means an
Ethernet port, and &<1-8> means you can specify eight Ethernet ports
or Ethernet port lists.
mirrored-to monitor-port:
Specifies the destination port.
Description
Use the mirroring-group command to
configure a mirroring group.
Use the undo mirroring-group command
to cancel the configuration.
This command is only used to recover
configurations. You cannot execute the command actually, so that after you
execute the command, the system prompts ”Error: The command is only used
in resuming config!”.
Example
# Configure mirroring group 2, specify
ports Ethernet1/0/1 through Ethernet1/0/3 as source ports, and Ethernet1/0/4 as
the destination port, and only monitor the packets received through the ports.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] mirroring-group 2 inbound
Ethernet 1/0/1 to Ethernet 1/0/3 mirrored-to Ethernet 1/0/4
Syntax
mirroring-group group-id mirroring-port mirroring-port-list { both | inbound | outbound }
undo mirroring-group group-id mirroring-port mirroring-port-list
View
System view/Ethernet port view
Parameter
group-id:
Group number of a port mirroring group, in the range of 1 to 20.
mirroring-port mirroring-port-list: Specifies a list
of source ports, provided in the form of mirroring-port-list={ interface-type
interface-number [ to interface-type interface-number ]
}&<1-8>, where Interface-type interface-number means an
Ethernet port, and &<1-8> means you can specify eight source ports or
source port lists. monitor-port-list is available in system view only.
both:
Mirrors packets received and sent through the port.
inbound:
Mirrors packets received through the port.
outbound:
Mirrors packets sent through the port.
Description
Use the mirroring-group mirroring-port
command to configure the source port.
Use the undo mirroring-group
mirroring-port command to remove the configuration of the source port.
Example
# Configure GigabitEthernet1/0/1 as the
source port and mirror all packets received through this port.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] mirroring-group 1
mirroring-port Gigabitethernet1/0/1 inbound
Syntax
mirroring-group group-id monitor-port monitor-port
undo mirroring-group group-id monitor-port monitor-port
View
System view/Ethernet port view
Parameter
group-id:
Group number of a port mirroring group, in the range of 1 to 20.
monitor-port monitor-port: Specifies the destination
port for port mirroring. monitor-port is available in system view only.
Description
Use the mirroring-group monitor-port
command to configure the destination port.
Use the undo mirroring-group
monitor-port to remove the configuration of the destination port.
Note the following when you configure the
destination port:
l
LACP and STP must be disabled on the destination
port.
l
The destination port for remote mirroring must
be an Access port.
l
After a port is configured as a reflector port,
the switch does not allow you to change the port type and its default VLAN ID.
Example
# Configure GigabitEthernet1/0/4 as the
source port and monitor all packets received through this port.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] mirroring-group 1 monitor-port
Gigabitethernet1/0/4
Syntax
mirroring-group group-id reflector-port reflector-port
undo mirroring-group group-id reflector-port reflector-port
View
System view/Ethernet port view
Parameter
group-id:
Group number of a port mirroring group, in the range of 1 to 20.
reflector-port reflector-port: Specifies the reflector
port. reflector-port is available in system view only.
Description
Use the mirroring-group reflector-port
command to specify the reflector port.
Use the undo mirroring-group reflector-port
command to remove the configuration of the reflector port.
Note the following when you configure the
reflector port:
l
The reflector port must be an Access port.
l
LACP and STP must be disabled on the reflector
port.
l
After a port is configured as a reflector port,
the switch does not allow you to change the port type and its default VLAN ID,
or to add it to another VLAN.
l
To mirror tagged packets, you need to configure
VLAN VPN on the reflector port.
Example
# Configure GigabitEthernet1/0/2 as the
reflector port.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] mirroring-group 1
reflector-port GigabitEthernet1/0/2
Syntax
mirroring-group group-id remote-probe vlan remote-probe-vlan-id
undo mirroring-group group-id remote-probe vlan remote-probe-vlan-id
View
System view
Parameter
group-id:
Group number of a port mirroring group, in the range of 1 to 20.
remote-probe vlan remote-probe-vlan-id:
Specifies the remote-probe VLAN for the mirroring group.
Description
Use the mirroring-group remote-probe
vlan command to specify the remote-probe VLAN for a mirroring group.
Use the undo mirroring-group
remote-probe vlan command to remove the configuration of remote-probe VLAN
for a mirroring group.
Example
# Configure VLAN 100 as the remote-probe
VLAN.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] mirroring-group 1 remote-probe
vlan 100
1.1.10 remote-probe vlan
Syntax
remote-probe
vlan enable
undo remote-probe vlan enable
View
VLAN view
Parameter
None
Description
Use the remote-probe vlan enable
command to configure the current VLAN as the remote-probe VLAN. After you
input the command, the system will check whether the current VLAN is a dynamic
VLAN. If it is a dynamic VLAN, the command fails to be executed, and the system
prompts that “Can not set dynamic VLAN as remote-probe VLAN!”.
Use the undo remote-probe vlan enable command
to configure the remote-probe VLAN as a normal VLAN.
Before configuring the remote-probe VLAN,
make sure that no Access or Hybrid port belongs to this VLAN. If any Trunk port
exists in this VLAN, the port PVID cannot be the ID of the remote-probe VLAN.
After setting a VLAN as remote-probe VLAN, you are not recommended to add an
Access or Hybrid port to the VLAN.
Example
# Configure VLAN 5 as a remote-probe vlan.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] vlan 5
[H3C-vlan5] remote-probe vlan enable
