Login
- Table of Contents
-
- H3C S3610[S5510] Series Ethernet Switches Operation Manual-Release 5303(V1.01)
- 00-1Cover
- 00-2Product Overview
- 01-Login Configuration
- 02-VLAN Configuration
- 03-IP Addressing and Performance Configuration
- 04-QinQ-BPDU Tunneling Configuration
- 05-Port Correlation Configuration
- 06-Link Aggregation Configuration
- 07-MAC Address Table Management Configuration
- 08-IP Source Guard Configuration
- 09-MSTP Configuration
- 10-IPv6 Configuration
- 11-Routing Overview
- 12-IPv4 Routing Configuration
- 13-BFD-GR Configuration
- 14-IPv6 Routing Configuration
- 15-Multicast Protocol Configuration
- 16-802.1x-HABP-MAC Authentication Configuration
- 17-AAA-RADIUS-HWTACACS Configuration
- 18-ARP Configuration
- 19-DHCP Configuration
- 20-ACL Configuration
- 21-QoS Configuration
- 22-Port Mirroring Configuration
- 23-Cluster Management Configuration
- 24-UDP Helper Configuration
- 25-SNMP-RMON Configuration
- 26-NTP Configuration
- 27-DNS Configuration
- 28-File System Management Configuration
- 29-Information Center Configuration
- 30-System Maintaining and Debugging Configuration
- 31-NQA Configuration
- 32-VRRP Configuration
- 33-SSH Configuration
- 34-MCE Configuration
- 35-OAM Configuration
- 36-DLDP Configuration
- 37-RRPP Configuration
- 38-SSL-HTTPS Configuration
- 39-PKI Configuration
- 40-Appendix
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 22-Port Mirroring Configuration | 130.44 KB |
Table of Contents
Chapter 1 Port Mirroring Configuration
1.1 Introduction to Port Mirroring
1.1.1 Classification of Port Mirroring
1.1.2 Implementing Port Mirroring
1.1.3 Other Functions Supported by Port Mirroring
1.2 Configuring Local Port Mirroring
1.3 Configuring Remote Port Mirroring
1.3.1 Configuring a Remote Source Mirroring Group
1.3.2 Configuring a Remote Destination Port Mirroring Group
1.5 Port Mirroring Configuration Examples
1.5.1 Local Port Mirroring Configuration Example
1.5.2 Remote Port Mirroring Configuration Example
Chapter 1 Port Mirroring Configuration
When configuring port mirroring, go to these sections for information you are interested in:
l Introduction to Port Mirroring
l Configuring Local Port Mirroring
l Configuring Remote Port Mirroring
l Port Mirroring Configuration Examples
1.1 Introduction to Port Mirroring
Port mirroring allows you to duplicate the packets passing specified ports to the destination mirroring port. As destination mirroring ports usually have data monitoring devices connected to them, you can analyze the packets duplicated to the destination mirroring port on these devices so as to monitor and troubleshoot the network.
Figure 1-1 A port mirroring implementation
1.1.1 Classification of Port Mirroring
There are two kinds of port mirroring: local port mirroring and remote port mirroring.
l Local port mirroring copies packets passing through one or more ports (known as source ports) of a device to the monitor port (also destination port) for analysis and monitoring purpose. In this case, the source ports and the destination port are located on the same device.
l Remote port mirroring implements port mirroring between multiple devices. That is, the source ports and the destination port can be located on different devices in a network. Currently, remote port mirroring can only be implemented on Layer 2.
1.1.2 Implementing Port Mirroring
Port mirroring is implemented through port mirroring groups, which fall into these three categories: local port mirroring group, remote source port mirroring group, and remote destination port mirroring group. Two port mirroring implementation modes are introduced in the following section.
I. Local port mirroring
Local port mirroring is implemented by local port mirroring group.
In this mode, the source ports and the destination port are in the same local port mirroring group. Packets passing through the source ports are duplicated and then are forwarded to the destination port.
II. Remote port mirroring
Remote port mirroring is achieved through the cooperation of remote source port mirroring group and remote destination port mirroring group.
Figure 1-2 illustrates a remote port mirroring implementation.
Figure 1-2 A remote mirroring implementation
The devices in Figure 1-2 function as follows:
l Source device
Source device contains source mirroring ports, and remote source port mirroring groups are created on source devices. A source device duplicates the packets passing the source ports on it and sends them to the reflector port. The packets are then broadcast in the remote mirroring VLAN and are received by the intermediate device or destination device.
l Intermediate device
Intermediate devices are used to connect source devices and destination devices. An intermediate device forwards the mirrored packets to the next intermediate device or the destination device. If the source device is directly connected to the destination device, no intermediate device is needed. In a remote mirroring VLAN, the source devices and the destination device need to be able to communicate with one another on Layer 2.
l Destination device
Destination device contains destination mirroring port, and remote destination port mirroring groups are created on destination devices. Upon receiving a mirrored packet, the destination device checks to see if the VLAN ID of the received packet is the same as that of the remote mirroring VLAN of the remote destination port mirroring group. If yes, the destination device forwards the packet to the monitoring device through the destination mirroring port.
& Note:
l With the S3610 and S5510 series, you can configure either one local mirroring group or one remote source mirroring group, but not both, at a time.
l If the destination port of traffic mirroring and that of the local port mirroring group are different, you cannot configure traffic mirroring and local port mirroring at the same time. For details about traffic mirroring, refer to the QoS part in this manual.
1.1.3 Other Functions Supported by Port Mirroring
In addition, in a port mirroring group, a destination port can monitor multiple source ports simultaneously in the mirroring group.
1.2 Configuring Local Port Mirroring
Follow these steps to configure local port mirroring:
|
Use the command… |
Remarks |
||
|
Enter system view |
system-view |
— |
|
|
Create a local mirroring group |
mirroring-group group-id local |
Required |
|
|
Add ports to the port mirroring group as source ports |
In system view |
mirroring-group group-id mirroring-port mirroring-port-list { both | inbound | outbound } |
You can add ports to a port mirroring group as source ports in either system view or interface view. In system view, you can add multiple ports to a port mirroring group at one time. While in interface view, you can only add the current port to a port mirroring group. |
|
In interface view |
interface interface-type interface-number |
||
|
[ mirroring-group group-id ] mirroring-port { both | inbound | outbound } |
|||
|
quit |
|||
|
Add a port to the mirroring group as the destination port |
In system view |
mirroring-group group-id monitor-port monitor-port-id |
You can add a destination port to a port mirroring group in either system view or interface view. They achieve the same purpose. |
|
In interface view |
interface interface-type interface-number |
||
|
[ mirroring-group group-id ] monitor-port |
|||
& Note:
l A local mirroring group is effective only when it has both source ports and the destination port configured.
l You must create a mirroring group before you can specify it.
l It is not recommended to enable STP, RSTP or MSTP on the destination port; otherwise, the mirroring function may be affected.
l An aggregation port cannot be specified as a destination port.
l A source port or a destination port cannot be a member port of the current mirroring group.
l You can configure multiple source ports for a mirroring group, but only one destination port.
1.3 Configuring Remote Port Mirroring
1.3.1 Configuring a Remote Source Mirroring Group
Follow these steps to configure a remote port mirroring group
|
To do… |
Use the command… |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Create a remote source mirroring group |
mirroring-group group-id remote-source |
Required |
|
|
Add ports to the mirroring group as source ports |
In system view |
mirroring-group group-id mirroring-port mirroring-port-list { both | inbound | outbound } |
You can add ports to a source port mirroring group in either system view or interface view. They achieve the same purpose. |
|
In interface view |
interface interface-type interface-number |
||
|
[ mirroring-group group-id ] mirroring-port { both | inbound | outbound } |
|||
|
quit |
|||
|
Add a port to the mirroring group as the reflector mirroring port |
In system view |
mirroring-group group-id reflector-port reflector-port-id |
You can add ports to a source mirroring group in either system view or interface view. They achieve the same purpose. |
|
In interface view |
interface interface-type interface-number |
||
|
mirroring-group group-id reflector-port |
|||
|
quit |
|||
|
Configure the remote port mirroring VLAN for the mirroring group |
mirroring-group group-id remote-probe vlan rprobe-vlan-id |
Required |
|
& Note:
l All the ports of a remote source mirroring group belong to a single device. A remote source mirroring group can contain only one reflector mirroring port.
l A reflector port cannot be a member port of the current mirroring group, an aggregation port and cannot be configured with the QinQ function. It is required to be an access port and belong to the default VLAN.
l It is not recommended to add the source ports to a remote VLAN, which can be used for remote mirroring only.
l It is not recommended to connect network cable to the reflector port and to configure the following functions on this port: STP, RSTP, MSTP, 802.1x, IGMP Snooping, static ARP and MAC address learning, otherwise, the mirroring function may be affected.
l A port can be configured as a reflector port only when it operates with the following settings being the defaults: operation mode (half duplex/full duplex), port speed, MDI setting. Conversely, these settings cannot be modified once a port is configured as a reflector port.
l Only existing static VLANs can be configured as remote port mirroring VLANs. To remove a VLAN operating as a remote port mirroring VLAN, you need to restore it to a normal VLAN first. A remote port mirroring group gets invalid if the corresponding remote port mirroring VLAN is removed.
l A port can belong to only one port mirroring group. A VLAN can be the remote port mirroring VLAN of only one port mirroring group.
1.3.2 Configuring a Remote Destination Port Mirroring Group
Follow these steps to configure a remote destination port mirroring group:
|
To do… |
Use the command… |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Create a remote destination port mirroring group |
mirroring-group group-id remote-destination |
Required |
|
|
Configure the remote port mirroring VLAN for the port mirroring group |
mirroring-group group-id remote-probe vlan rprobe-vlan-id |
Required |
|
|
Add a port to the port mirroring group as the destination port |
In system view |
mirroring-group group-id monitor-port monitor-port-id |
You can add a port to a remote port mirroring group as the destination port in either system view or interface view. They achieve the same purpose. |
|
In interface view |
interface interface-type interface-number |
||
|
[ mirroring-group group-id ] monitor-port |
|||
|
quit |
|||
|
Enter destination interface view |
interface interface-type interface-number |
— |
|
|
Add the port to the remote port mirroring VLAN |
The port is an access port |
port access vlan rprobe-vlan-id |
Perform one of these three operations according to the port type. |
|
The port is a trunk port |
port trunk permit vlan rprobe-vlan-id |
||
|
The port is a hybrid port |
port hybrid vlan rprobe-vlan-id { tagged | untagged } |
||
& Note:
l A destination port cannot be a member port of the current mirroring group.
l A port can be configured in only one mirroring group, and a VLAN can be used by only one mirroring group.
l It is not recommended to enable STP, RSTP or MSTP on the destination port; otherwise, the mirroring function may be affected.
l Only existing static VLANs can be configured as remote port mirroring VLANs. To remove a VLAN operating as a remote port mirroring VLAN, you need to restore it to a normal VLAN first. A remote port mirroring group gets invalid if the corresponding remote port mirroring VLAN is removed.
1.4 Displaying Port Mirroring
Follow these steps to display port mirroring:
|
To do… |
Use the command… |
Remarks |
|
Display the configuration of a port mirroring group |
display mirroring-group { groupid | all | local | remote-destination | remote-source } |
Available in any view |
1.5 Port Mirroring Configuration Examples
1.5.1 Local Port Mirroring Configuration Example
I. Network requirements
The departments of a company connect to each other through Ethernet switches:
l Research and Development (R&D) department is connected to Switch C through Ethernet 1/0/1.
l Marketing department is connected to Switch C through Ethernet 1/0/2.
l Data monitoring device is connected to Switch C through Ethernet 1/0/3
The administrator wants to monitor the packets received on and sent from the R&D department and the marketing department through the data monitoring device.
Use the local port mirroring function to meet the requirement. Perform the following configurations on Switch C.
l Configure Ethernet 1/0/1 and Ethernet 1/0/2 as mirroring source ports.
l Configure Ethernet 1/0/3 as the mirroring destination port.
II. Network diagram
Figure 1-3 Network diagram for local port mirroring configuration
III. Configuration procedure
Configure Switch C.
# Create a local port mirroring group.
<SwitchC> system-view
[SwitchC] mirroring-group 1 local
# Add port Ethernet 1/0/1 and Ethernet 1/0/2 to the port mirroring group as source ports. Add port Ethernet 1/0/3 to the port mirroring group as the destination port.
[SwitchC] mirroring-group 1 mirroring-port Ethernet 1/0/1 Ethernet 1/0/2 both
[SwitchC] mirroring-group 1 monitor-port Ethernet 1/0/3
# Display the configuration of all the port mirroring groups.
[SwitchC] display mirroring-group all
mirroring-group 1:
type: local
status: active
mirroring port:
Ethernet1/0/1 both
Ethernet1/0/2 both
monitor port: Ethernet1/0/3
After finishing the configuration, you can monitor all the packets received and sent by R&D department and Marketing department on the Data monitoring device.
1.5.2 Remote Port Mirroring Configuration Example
I. Network requirements
The departments of a company connect to each other through Ethernet switches:
l Department 1 is connected to Ethernet 1/0/1 of Switch A.
l Department 2 is connected to Ethernet 1/0/2 of Switch A.
l Ethernet 1/0/3 of Switch A connects to Ethernet 1/0/1 of Switch B.
l Ethernet 1/0/2 of Switch B connects to Ethernet 1/0/1 of Switch C.
l The data monitoring device is connected to Ethernet 1/0/2 of Switch C.
The administrator wants to monitor the packets sent from Department 1 and 2 through the data monitoring device.
Use the remote port mirroring function to meet the requirement. Perform the following configurations:
l Use Switch A as the source device, Switch B as the intermediate device, and Switch C as the destination device.
l On Switch A, create a remote source mirroring group; create VLAN 2 and configure it as the remote port mirroring VLAN; add port Ethernet 1/0/1 and Ethernet 1/0/2 to the port mirroring group as two source ports. Configure port Ethernet 1/0/4 as the reflector port.
l Configure port Ethernet 1/0/3 of Switch A, port Ethernet 1/0/1 and Ethernet 1/0/2 of Switch B, and port Ethernet 1/0/1 of Switch C as trunk ports and configure them to permit packets of VLAN 2.
l Create a remote destination mirroring group on Switch C. Configure VLAN 2 as the remote port mirroring VLAN and port Ethernet 1/0/2, to which the data monitoring device is connected, as the destination port.
II. Network diagram
Figure 1-4 Network diagram for remote port mirroring configuration
III. Configuration procedure
1) Configure Switch A.
# Create a remote source port mirroring group.
<SwitchA> system-view
[SwitchA] mirroring-group 1 remote-source
# Create VLAN 2.
[SwitchA] vlan 2
[SwitchA-vlan2] quit
# Configure VLAN 2 as the remote port mirroring VLAN of the remote port mirroring group. Add port Ethernet 1/0/1 and Ethernet1/0/2 to the remote port mirroring group as source ports. Configure port Ethernet 1/0/4 as the reflector port.
[SwitchA] mirroring-group 1 remote-probe vlan 2
[SwitchA] mirroring-group 1 mirroring-port Ethernet 1/0/1 Ethernet 1/0/2 inbound
[SwitchA] mirroring-group 1 reflector-port Ethernet 1/0/4
# Configure port Ethernet 1/0/3 as a trunk port and configure the port to permit the packets of VLAN 2.
[SwitchA] interface Ethernet 1/0/3
[SwitchA-Ethernet1/0/3] port link-type trunk
[SwitchA-Ethernet1/0/3] port trunk permit vlan 2
2) Configure Switch B.
# Configure port Ethernet 1/0/1 as a trunk port and configure the port to permit the packets of VLAN 2.
<SwitchB> system-view
[SwitchB] interface Ethernet 1/0/1
[SwitchB-Ethernet1/0/1] port link-type trunk
[SwitchB-Ethernet1/0/1] port trunk permit vlan 2
[SwitchB-Ethernet1/0/1] quit
# Configure port Ethernet 1/0/2 as a trunk port and configure the port to permit the packets of VLAN 2.
[SwitchB] interface Ethernet 1/0/2
[SwitchB-Ethernet1/0/2] port link-type trunk
[SwitchB-Ethernet1/0/2] port trunk permit vlan 2
3) Configure Switch C.
# Configure port Ethernet 1/0/1 as a trunk port and configure the port to permit the packets of VLAN 2.
<SwitchC> system-view
[SwitchC] interface Ethernet 1/0/1
[SwitchC-Ethernet1/0/1] port link-type trunk
[SwitchC-Ethernet1/0/1] port trunk permit vlan 2
[SwitchC-Ethernet1/0/1] quit
# Create a remote destination port mirroring group.
[SwitchC] mirroring-group 1 remote-destination
# Create VLAN 2.
[SwitchC] vlan 2
[SwitchC-vlan2] quit
# Configure VLAN 2 as the remote port mirroring VLAN of the remote destination port mirroring group. Add port Ethernet 1/0/2 to the remote destination port mirroring group as the destination port.
[SwitchC] mirroring-group 1 remote-probe vlan 2
[SwitchC] mirroring-group 1 monitor-port Ethernet 1/0/2
After finishing the configuration, you can monitor all the packets sent by Department 1 and Department 2 on the Data monitoring device.
