Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 07-Mirroring Configuration | 131.52 KB |
Contents
Introduction to port mirroring
Terminologies of port mirroring
Classification of port mirroring
Configuring local port mirroring
Local port mirroring configuration task list
Creating a local mirroring group
Configuring source ports for the local mirroring group
Configuring the monitor port for the local mirroring group
Displaying and maintaining port mirroring
Port mirroring configuration examples
Local port mirroring configuration example
This chapter includes these sections:
· Introduction to port mirroring
· Configuring local port mirroring
· Displaying and maintaining port mirroring
· Port mirroring configuration examples
|
|
NOTE: · The term "switch" or "device" in this chapter refers to the switching engine on a WX3000E wireless switch. · The WX3000E series comprises WX3024E and WX3010E wireless switches. · The port numbers in this chapter are for illustration only. |
Introduction to port mirroring
Port mirroring refers to the process of copying the packets passing through a port to the monitor port connecting to a monitoring device for packet analysis.
Terminologies of port mirroring
Port mirroring involves the following terminologies.
Source port
A source port is a monitored port. Packets passing through source ports are to copies to a port connecting to a monitoring device for packet analysis.
Destination port
The destination port (also known as the monitor port) forwards mirrored packets to its connecting monitoring device.
Mirroring direction
The mirroring direction can be:
· Inbound: Mirrors packets received on a source port.
· Outbound: Mirrors packets sent out of a source port.
· Bidirectional: Mirrors packets both received and sent on a source port.
Classification of port mirroring
According to the application scenarios, port mirroring falls into the following types:
· Local port mirroring: The source ports and monitor port are on the same device.
· Layer 2 remote port mirroring: The source ports and the monitor port are located on different devices on a same Layer 2 network.
· Layer 3 remote port mirroring: The source ports and the monitor port are separated by IP networks.
|
|
NOTE: · The switching engine on the WX3000E wireless switch supports local port mirroring. · A monitor port may receive multiple duplicates of a packet in some cases because it can monitor multiple mirroring sources. For example, assume that Port 1 is monitoring bidirectional traffic on Port 2 and Port 3 on the same device. If a packet travels from Port 2 to Port 3, two duplicates of the packet will be received on Port 1. |
Port mirroring implementation
Port mirroring is implemented through mirroring groups.
A local mirroring group created on a device contains the source ports and the monitor ports.
|
|
NOTE: The switching engine on the WX3000E wireless switch supports up to five mirroring groups. |
Local port mirroring implementation
Local port mirroring is implemented through a local mirroring group. In local port mirroring, packets passing through a source port are mirrored to the monitor port located on the same device.
Figure 1 Local port mirroring implementation
As shown in Figure 1, packets from the source port are copied to the monitor port, which then forwards the packets to the data monitoring device for analysis.
Configuring local port mirroring
Local port mirroring configuration task list
Configure local port on one device.
Configure a local mirroring group and then configure one or multiple source ports for the local mirroring group.
Complete these tasks to configure local port mirroring:
|
Task |
Remarks |
|
Required |
|
|
Perform at least one of these operations, or two or all of them. |
|
|
Required |
|
|
NOTE: A port can belong to only one mirroring group. |
Creating a local mirroring group
Follow these steps to create a local mirroring group:
|
Use the command… |
Remarks |
|
|
Enter system view |
system-view |
— |
|
Create a local mirroring group |
mirroring-group group-id local |
Required No local mirroring group exists by default. |
|
|
NOTE: A local mirroring group takes effect only after you configure a monitor port and source ports for it. |
Configuring source ports for the local mirroring group
You can configure a list of source ports for a mirroring group at a time in system view, or assign only the current port to it as a source port in interface view. To assign multiple ports to the mirroring group as source ports in interface view, repeat the operation.
Configuring source ports in system view
Follow these steps to configure source ports for a local mirroring group in system view:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure source ports |
mirroring-group group-id mirroring-port mirroring-port-list { both | inbound | outbound } |
Required By default, no source port is configured for a local mirroring group. |
Configuring a source port in interface view
Follow these steps to configure a source port for a local mirroring group in interface view:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter interface view |
interface interface-type interface-number |
Required |
|
Configure the current port as a source port |
[ mirroring-group group-id ] mirroring-port { both | inbound | outbound } |
Required By default, a port does not serve as a source port for any local mirroring group. |
|
|
NOTE: A mirroring group can contain multiple source ports. |
Configuring the monitor port for the local mirroring group
You can configure the monitor port for a mirroring group in system view, or assign the current port to a mirroring group as the monitor port in interface view. The two modes lead to the same result.
Configuring the monitor port in system view
Follow these steps to configure the monitor port of a local mirroring group in system view:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the monitor port |
mirroring-group group-id monitor-port monitor-port-id |
Required By default, no monitor port is configured for a mirroring group. |
Configuring the monitor port in interface view
Follow these steps to configure the monitor port of a local mirroring group in interface view:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Configure the current port as the monitor port |
[ mirroring-group group-id ] monitor-port |
Required By default, a port does not serve as the monitor port for any mirroring group. |
|
|
NOTE: · A mirroring group contains only one monitor port. · To ensure that the mirroring function works properly, do not enable the Spanning Tree Protocol (STP), Multiple Spanning Tree Protocol (MSTP), or Rapid Spanning Tree Protocol (RSTP) on the monitor port. · The monitor can copy packets not only from source ports. To ensure that the data monitoring device only analyzes packets from source ports, use the monitor port for port mirroring exclusively. |
Displaying and maintaining port mirroring
|
To do… |
Use the command… |
Remarks |
|
Display the configuration of mirroring groups |
display mirroring-group { group-id | all | local | } [ | { begin | exclude | include } regular-expression ] |
Available in any view |
Port mirroring configuration examples
Local port mirroring configuration example
Network requirements
On a network shown in Figure 2:
· Device A connects to the marketing department through GigabitEthernet 1/0/1 and to the technical department through GigabitEthernet 1/0/2, and connects to the server through GigabitEthernet 1/0/3.
· Configure local port mirroring in source port mode to enable the server to monitor the bidirectional traffic of the marketing department and the technical department.
Figure 2 Network diagram for local port mirroring configuration
Configuration procedure
1. Create a local mirroring group.
# Create local mirroring group 1.
<DeviceA> system-view
[DeviceA] mirroring-group 1 local
# Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 as source ports and port GigabitEthernet 1/0/3 as the monitor port.
[DeviceA] mirroring-group 1 mirroring-port gigabitethernet 1/0/1 gigabitethernet 1/0/2 both
[DeviceA] mirroring-group 1 monitor-port gigabitethernet 1/0/3
2. Verify the configurations.
# Display the configuration of all mirroring groups.
[DeviceA] display mirroring-group all
mirroring-group 1:
type: local
status: active
mirroring port:
GigabitEthernet1/0/1 both
GigabitEthernet1/0/2 both
mirroring CPU:
monitor port: GigabitEthernet1/0/3
After the configurations are completed, you can monitor all the packets received and sent by the marketing department and the technical department on the server.
