Login
- Table of Contents
-
- 11 Network Management and Monitoring Command Reference
- 00-Preface
- 01-System maintenance and debugging commands
- 02-NTP commands
- 03-Information center commands
- 04-SNMP commands
- 05-RMON commands
- 06-NQA commands
- 07-Mirroring commands
- 08-sFlow commands
- 09-Process monitoring and maintenance commands
- 10-EAA commands
- 11-NETCONF commands
- 12-Packet capture commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 07-Mirroring commands | 99.12 KB |
mirroring-group mirroring-port (interface view)
mirroring-group mirroring-port (system view)
mirroring-group monitor-egress
mirroring-group monitor-port (interface view)
mirroring-group monitor-port (system view)
mirroring-group reflector-port
mirroring-group remote-probe vlan
The port mirroring commands are available on Layer 2 Ethernet interfaces and Layer 3 Ethernet interfaces. The term "interface" in this chapter collectively refers to these types of interfaces. You can use the port link-mode command to configure an Ethernet port as a Layer 2 or Layer 3 interface (see Layer 2—LAN Switching Configuration Guide).
display mirroring-group
Use display mirroring-group to display mirroring group information.
Syntax
display mirroring-group { group-id | all | local | remote-destination | remote-source }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
group-id: Specifies a mirroring group by its number in the range of 1 to 4.
all: Specifies all mirroring groups.
local: Specifies local mirroring groups.
remote-destination: Specifies remote destination groups.
remote-source: Specifies remote source groups.
Usage guidelines
Mirroring group information includes the type, status, and content of a mirroring group. It is sorted by mirroring group number.
Examples
# Display information about all mirroring groups.
<Sysname> display mirroring-group all
Mirroring group 1:
Type: Local
Status: Active
Mirroring port:
FortyGigE1/1/1 Inbound
Monitor port: FortyGigE1/1/2
Mirroring group 3:
Type: Local
Status: Active
Mirroring port:
FortyGigE1/1/1 Inbound
FortyGigE1/1/2 Both
Monitor port: FortyGigE1/1/3
Table 1 Command output
|
Field |
Description |
|
Mirroring group |
Number of the mirroring group. |
|
Type |
Type of the mirroring group: · Local. · Remote source. · Remote destination. |
|
Status |
Status of the mirroring group: · Active—The mirroring group has taken effect. · Incomplete—The mirroring group configuration is not complete and does not take effect. |
|
Mirroring port |
Source port. |
|
Monitor port |
Destination port. |
mirroring-group
Use mirroring-group to create a mirroring group.
Use undo mirroring-group to delete mirroring groups.
Syntax
mirroring-group group-id { local | remote-destination | remote-source }
undo mirroring-group { group-id | all | local | remote-destination | remote-source }
Default
No mirroring group exists on a device.
Views
System view
Predefined user roles
network-admin
Parameters
group-id: Specifies a mirroring group by its number in the range of 1 to 4.
local: Specifies local mirroring groups.
remote-destination: Specifies remote destination groups.
remote-source: Specifies remote source groups.
all: Specifies all mirroring groups.
Examples
# Create local mirroring group 1.
<Sysname> system-view
[Sysname] mirroring-group 1 local
mirroring-group mirroring-port (interface view)
Use mirroring-group mirroring-port to configure a source port for a mirroring group.
Use undo mirroring-group mirroring-port to remove a source port from a mirroring group.
Syntax
mirroring-group group-id mirroring-port { both | inbound | outbound }
undo mirroring-group group-id mirroring-port
Default
No source port is configured for any mirroring group.
Views
Interface view
Predefined user roles
network-admin
Parameters
group-id: Specifies a mirroring group by its number in the range of 1 to 4. The specified mirroring group must already exist.
both: Mirrors both received and sent packets.
inbound: Mirrors only received packets.
outbound: Mirrors only sent packets.
Usage guidelines
You can configure source ports only for local mirroring groups and remote source groups.
Do not assign a source port of a mirroring group to the remote probe VLAN of the mirroring group.
A port can act as a source port for multiple mirroring groups.
A source port cannot be used as a reflector port, egress port, or monitor port.
Examples
# Create local mirroring group 1 to monitor the bidirectional traffic of the port FortyGigE 1/1/1.
<Sysname> system-view
[Sysname] mirroring-group 1 local
[Sysname] interface fortygige 1/1/1
[Sysname-FortyGigE1/1/1] mirroring-group 1 mirroring-port both
# Create remote source group 2 to monitor the bidirectional traffic of the port FortyGigE 1/1/2.
<Sysname> system-view
[Sysname] mirroring-group 2 remote-source
[Sysname] interface fortygige 1/1/2
[Sysname-FortyGigE1/1/2] mirroring-group 2 mirroring-port both
Related commands
mirroring-group
mirroring-group mirroring-port (system view)
Use mirroring-group mirroring-port to configure source ports for a mirroring group.
Use undo mirroring-group mirroring-port to remove source ports from a mirroring group.
Syntax
mirroring-group group-id mirroring-port interface-list { both | inbound | outbound }
undo mirroring-group group-id mirroring-port interface-list
Default
No source port is configured for a mirroring group.
Views
System view
Predefined user roles
network-admin
Parameters
group-id: Specifies a mirroring group by its number in the range of 1 to 4. The specified mirroring group must already exist.
interface-list: Specifies a space-separated list of up to eight port items. Each item specifies a single port or a port range in the form of interface-type interface-number 1 to interface-type interface-number 2. The specified interfaces must be of the same type and on the same device. The value for the interface-number 2 argument must be equal to or greater than the value for the interface-number 1 argument.
both: Mirrors both received and sent packets.
inbound: Mirrors only received packets.
outbound: Mirrors only sent packets.
Usage guidelines
You can configure source ports only for local mirroring groups and remote source groups.
Do not assign a source port of a mirroring group to the remote probe VLAN of the mirroring group.
A port can act as a source port for multiple mirroring groups.
A source port cannot be used as a reflector port, monitor port, or egress port.
Examples
# Create local mirroring group 1 to monitor the bidirectional traffic of the port FortyGigE 1/1/1.
<Sysname> system-view
[Sysname] mirroring-group 1 local
[Sysname] mirroring-group 1 mirroring-port fortygige 1/1/1 both
# Create remote source group 2 to monitor the bidirectional traffic of the port FortyGigE 1/1/2.
<Sysname> system-view
[Sysname] mirroring-group 2 remote-source
[Sysname] mirroring-group 2 mirroring-port fortygige 1/1/2 both
mirroring-group
mirroring-group monitor-egress
Use mirroring-group monitor-egress to configure the egress port for a remote source group.
Use undo mirroring-group monitor-egress to remove the egress port from a remote source group.
Syntax
In system view:
mirroring-group group-id monitor-egress interface-type interface-number
undo mirroring-group group-id monitor-egress interface-type interface-number
In interface view:
mirroring-group group-id monitor-egress
undo mirroring-group group-id monitor-egress
Default
No egress port is configured for a mirroring group.
Views
System view, interface view
Predefined user roles
network-admin
Parameters
group-id: Specifies a mirroring group by its number in the range of 1 to 4. The specified mirroring group must already exist.
interface-type interface-number: Specifies a port by its type and number.
Usage guidelines
You can configure egress ports only for remote source groups.
For port mirroring to operate correctly, disable the following features on the egress port of a mirroring group:
· Spanning tree.
· 802.1X.
· IGMP snooping.
· Static ARP.
· MAC address learning.
Do not configure a port of an existing mirroring group as an egress port.
Examples
# Create remote source group 1, and configure port FortyGigE 1/1/1 as its egress port in system view.
<Sysname> system-view
[Sysname] mirroring-group 1 remote-source
[Sysname] mirroring-group 1 monitor-egress fortygige 1/1/1
# Create remote source group 2, and configure port FortyGigE 1/1/2 as its egress port in interface view.
<Sysname> system-view
[Sysname] mirroring-group 2 remote-source
[Sysname] interface fortygige 1/1/2
[Sysname-FortyGigE1/1/2] mirroring-group 2 monitor-egress
Related commands
mirroring-group
mirroring-group monitor-port (interface view)
Use mirroring-group monitor-port to configure the port as the monitor port for a mirroring group.
Use undo mirroring-group monitor-port to remove the monitor port from a mirroring group.
Syntax
mirroring-group group-id monitor-port
undo mirroring-group group-id monitor-port
Default
No monitor port is configured for a mirroring group.
Views
Interface view
Predefined user roles
network-admin
Parameters
group-id: Specifies a mirroring group by its number in the range of 1 to 4. The specified mirroring group must already exist.
Usage guidelines
You can configure monitor ports only for local mirroring groups and remote destination groups.
Do not enable the spanning tree feature on the monitor port of a mirroring group.
For a Layer 2 aggregate interface configured as the monitor port of a local mirroring group, do not configure its member ports as source ports.
Layer 2 remote port mirroring does not support using Layer 2 aggregate interfaces as source ports or monitor ports.
Use a monitor port only for port mirroring, so the data monitoring device receives only the mirrored traffic.
Do not configure a port of an existing mirroring group as a monitor port.
Examples
# Create local mirroring group 1, and configure port FortyGigE 1/1/1 as its monitor port.
<Sysname> system-view
[Sysname] mirroring-group 1 local
[Sysname] interface fortygige 1/1/1
[Sysname-FortyGigE1/1/1] mirroring-group 1 monitor-port
# Create remote destination group 2, and configure port FortyGigE 1/1/2 as its monitor port.
<Sysname> system-view
[Sysname] mirroring-group 2 remote-destination
[Sysname] interface fortygige 1/1/2
[Sysname-FortyGigE1/1/2] mirroring-group 2 monitor-port
Related commands
mirroring-group
mirroring-group monitor-port (system view)
Use mirroring-group monitor-port to configure a port as the monitor port for a mirroring group.
Use undo mirroring-group monitor-port to remove the monitor port from a mirroring group.
Syntax
mirroring-group group-id monitor-port interface-type interface-number
undo mirroring-group group-id monitor-port interface-type interface-number
Default
No monitor port is configured for a mirroring group.
Views
System view
Predefined user roles
network-admin
Parameters
group-id: Specifies a mirroring group by its number in the range of 1 to 4. The specified mirroring group must already exist.
interface-type interface-number: Specifies a port by its type and number.
Usage guidelines
You can configure monitor ports only for local mirroring groups and remote destination groups.
Do not enable the spanning tree feature on the monitor port of a mirroring group.
For a Layer 2 aggregate interface configured as the monitor port of a local mirroring group, do not configure its member ports as source ports.
Layer 2 remote port mirroring does not support using Layer 2 aggregate interfaces as source ports or monitor ports.
Use a monitor port only for port mirroring, so the data monitoring device receives only the mirrored traffic.
Do not configure a port of an existing mirroring group as a monitor port.
Examples
# Create local mirroring group 1, and configure port FortyGigE 1/1/1 as its monitor port.
<Sysname> system-view
[Sysname] mirroring-group 1 local
[Sysname] mirroring-group 1 monitor-port fortygige 1/1/1
# Create remote destination group 2, and configure port FortyGigE 1/1/2 as its monitor port.
<Sysname> system-view
[Sysname] mirroring-group 2 remote-destination
[Sysname] mirroring-group 2 monitor-port fortygige 1/1/2
Related commands
mirroring-group
mirroring-group reflector-port
Use mirroring-group reflector-port to configure the reflector port for a remote source group.
Use undo mirroring-group reflector-port to remove the reflector port from a remote source group.
Syntax
In system view:
mirroring-group group-id reflector-port interface-type interface-number
undo mirroring-group group-id reflector-port interface-type interface-number
In interface view:
mirroring-group group-id reflector-port
undo mirroring-group group-id reflector-port
Default
No reflector port is configured for a mirroring group. A port does not act as the reflector port for a mirroring group.
Views
System view, interface view
Predefined user roles
network-admin
Parameters
group-id: Specifies a mirroring group by its number in the range of 1 to 4. The specified mirroring group must already exist.
interface-type interface-number: Specifies a port by its type and number.
Usage guidelines
You can configure reflector ports only for remote source groups.
The port to be configured as a reflector port must be a port not in use. Do not connect a network cable to a reflector port.
When a port is configured as a reflector port, the port restores to the factory default settings. After the port is configured as a reflector port:
· You cannot configure other features on the reflector port.
· You cannot change the duplex mode, and port rate for the reflector port.
Examples
# Create remote source group 1, and configure port FortyGigE 1/1/1 as its reflector port in system view.
<Sysname> system-view
[Sysname] mirroring-group 1 remote-source
[Sysname] mirroring-group 1 reflector-port fortygige 1/1/1
This operation may delete all settings made on the interface. Continue? [Y/N]: y
# Create remote source group 2, and configure port FortyGigE 1/1/2 as its reflector port in interface view.
<Sysname> system-view
[Sysname] mirroring-group 2 remote-source
[Sysname] interface fortygige 1/1/2
[Sysname-FortyGigE1/1/2] mirroring-group 2 reflector-port
This operation may delete all settings made on the interface. Continue? [Y/N]: y
Related commands
mirroring-group
mirroring-group remote-probe vlan
Use mirroring-group remote-probe vlan to specify a VLAN as the remote probe VLAN for a mirroring group.
Use undo mirroring-group remote-probe vlan to remove a remote probe VLAN from a mirroring group.
Syntax
mirroring-group group-id remote-probe vlan vlan-id
undo mirroring-group group-id remote-probe vlan vlan-id
Default
No remote probe VLAN is configured for a mirroring group.
Views
System view
Predefined user roles
network-admin
Parameters
group-id: Specifies a mirroring group by its number in the range of 1 to 4. The specified mirroring group must already exist.
vlan-id: Specifies a VLAN by its ID.
Usage guidelines
You can configure remote probe VLANs only for remote source groups and remote destination groups.
When a VLAN is configured as a remote probe VLAN, use the VLAN for port mirroring exclusively.
The remote mirroring groups on the source device and destination device must use the same remote probe VLAN.
Only a static VLAN that already exists can be configured as a remote probe VLAN. A VLAN can be configured as the remote probe VLAN for only one mirroring group.
To delete a VLAN that is configured as a remote probe VLAN, remove the remote probe VLAN configuration first.
Examples
# Create remote source group 1, and configure VLAN 10 as its remote probe VLAN.
<Sysname> system-view
[Sysname] mirroring-group 1 remote-source
[Sysname] mirroring-group 1 remote-probe vlan 10
# Create remote destination group 2, and configure VLAN 20 as its remote probe VLAN.
<Sysname> system-view
[Sysname] mirroring-group 2 remote-destination
[Sysname] mirroring-group 2 remote-probe vlan 20
Related commands
mirroring-group
The flow mirroring commands are available on both Layer 2 and Layer 3 Ethernet interfaces. The term "interface" in this chapter collectively refers to these two types of interfaces. You can use the port link-mode command to configure an Ethernet port as a Layer 2 or Layer 3 interface (see Layer 2—LAN Switching Configuration Guide).
mirror-to
Use mirror-to to configure a mirroring action for a traffic behavior.
Use undo mirror-to to delete a mirroring action.
Syntax
mirror-to { cpu | interface interface-type interface-number [ destination-ip destination-ip-address source-ip source-ip-address [ dscp dscp-value | vlan vlan-id | vrf-instance vrf-instance-name ] * ] }
undo mirror-to { cpu | interface interface-type interface-number }
Default
No mirroring action is configured for a traffic behavior.
Views
Traffic behavior view
Predefined user roles
network-admin
Parameters
cpu: Specifies the CPU of the IRF member device that receives the packets matching the criteria defined in the traffic class.
interface interface-type interface-number: Specifies an interface by its type and number.
source-ip source-ip-address: Specifies the source IP address for the mirrored packets sent out of the mirroring destination interface.
dscp dscp-value: Specifies the DSCP value for the mirrored packets sent out of the mirroring destination interface. The value range for the dscp-value argument is 0 to 63.
Usage guidelines
You can configure multiple actions of mirroring traffic to interfaces for a traffic behavior.
Examples
# Create traffic behavior 1, and configure the action of mirroring traffic to the CPU for the traffic behavior.
<Sysname> system-view
[Sysname] traffic behavior 1
[Sysname-behavior-1] mirror-to cpu
# Create traffic behavior 1, and configure the action of mirroring traffic to interface FortyGigE 1/1/1 for the traffic behavior.
<Sysname> system-view
[Sysname] traffic behavior 1
[Sysname-behavior-1] mirror-to interface fortygige 1/1/1
[Sysname] traffic behavior 1
[Sysname-behavior-1] mirror-to interface fortygige 1/1/1 destination-ip 1.1.1.1 source-ip 2.2.2.2 dscp 20
