11-Network Management and Monitoring Command Reference

HomeSupportSwitchesS6300 SeriesReference GuidesCommand ReferencesH3C S6300 Switch Series Command References-Release 243x-6W10011-Network Management and Monitoring Command Reference
08-Mirroring commands
Title Size Download
08-Mirroring commands 65.30 KB

Port mirroring commands

display mirroring-group

Use display mirroring-group to display mirroring group information.

Syntax

display mirroring-group { group-id | all | local | remote-destination | remote-source }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

group-id: Specifies a mirroring group by its number in the range of 1 to 4.

all: Specifies all mirroring groups.

local: Specifies local mirroring groups.

remote-destination: Specifies remote destination groups.

remote-source: Specifies remote source groups.

Usage guidelines

Mirroring group information includes the type, status, and content of a mirroring group. It is sorted by mirroring group number.

Examples

# Display information about all mirroring groups.

<Sysname> display mirroring-group all

Mirroring group 1:

    Type: Local

    Status: Active

    Mirroring port:

        Ten-GigabitEthernet1/0/1  Inbound

    Monitor port: Ten-GigabitEthernet1/0/2

Mirroring group 3:

    Type: Local

    Status: Active

    Mirroring port:

        Ten-GigabitEthernet1/0/1  Inbound

        Ten-GigabitEthernet1/0/2  Both

    Monitor port: Ten-GigabitEthernet1/0/3

Table 1 Command output

Field

Description

Mirroring group

Number of the mirroring group.

Type

Type of the mirroring group:

·     Local.

·     Remote source.

·     Remote destination.

Status

Status of the mirroring group:

·     Active—The mirroring group has taken effect.

·     Incomplete—The mirroring group configuration is not complete and does not take effect.

Mirroring port

Source port.

Monitor port

Destination port.

 

mirroring-group

Use mirroring-group to create a mirroring group.

Use undo mirroring-group to delete mirroring groups.

Syntax

mirroring-group group-id { local | remote-destination | remote-source }

undo mirroring-group { group-id | all | local | remote-destination | remote-source }

Default

No mirroring group exists on a device.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its number in the range of 1 to 4.

local: Specifies local mirroring groups.

remote-destination: Specifies remote destination groups.

remote-source: Specifies remote source groups.

all: Specifies all mirroring groups.

Examples

# Create local mirroring group 1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

mirroring-group mirroring-port (interface view)

Use mirroring-group mirroring-port to configure a source port for a mirroring group.

Use undo mirroring-group mirroring-port to remove a source port from a mirroring group.

Syntax

mirroring-group group-id mirroring-port { both | inbound | outbound }

undo mirroring-group group-id mirroring-port

Default

No source port is configured for any mirroring group.

Views

Interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its number in the range of 1 to 4. The specified mirroring group must already exist.

both: Mirrors both received and sent packets.

inbound: Mirrors only received packets.

outbound: Mirrors only sent packets.

Usage guidelines

You can configure source ports only for local mirroring groups and remote source groups.

Do not assign a source port of a mirroring group to the remote probe VLAN of the mirroring group.

A port can act as a source port for multiple mirroring groups.

A source port cannot be used as a reflector port, egress port, or monitor port.

A Layer 2 aggregate interface cannot be configured as a source port.

Examples

# Create local mirroring group 1 to monitor the bidirectional traffic of the port Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] mirroring-group 1 mirroring-port both

# Create remote source group 2 to monitor the bidirectional traffic of the port Ten-GigabitEthernet 1/0/2.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-source

[Sysname] interface ten-gigabitethernet 1/0/2

[Sysname-Ten-GigabitEthernet1/0/2] mirroring-group 2 mirroring-port both

Related commands

mirroring-group

mirroring-group mirroring-port (system view)

Use mirroring-group mirroring-port to configure source ports for a mirroring group.

Use undo mirroring-group mirroring-port to remove source ports from a mirroring group.

Syntax

mirroring-group group-id mirroring-port interface-list { both | inbound | outbound }

undo mirroring-group group-id mirroring-port interface-list

Default

No source port is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its number in the range of 1 to 4. The specified mirroring group must already exist.

interface-list: Specifies a space-separated list of up to eight port items. Each item specifies a single port or a port range in the form of interface-type interface-number 1 to interface-type interface-number 2. The specified interfaces must be of the same type and on the same device. The value for the interface-number 2 argument must be equal to or greater than the value for the interface-number 1 argument.

both: Mirrors both received and sent packets.

inbound: Mirrors only received packets.

outbound: Mirrors only sent packets.

Usage guidelines

You can configure source ports only for local mirroring groups and remote source groups.

Do not assign a source port of a mirroring group to the remote probe VLAN of the mirroring group.

A port can act as a source port for multiple mirroring groups.

A source port cannot be used as a reflector port, monitor port, or egress port.

A Layer 2 aggregate interface cannot be configured as a source port.

Examples

# Create local mirroring group 1 to monitor the bidirectional traffic of the port Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 mirroring-port ten-gigabitethernet 1/0/1 both

# Create remote source group 2 to monitor the bidirectional traffic of the port Ten-GigabitEthernet 1/0/2.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-source

[Sysname] mirroring-group 2 mirroring-port ten-gigabitethernet 1/0/2 both

Related commands

mirroring-group

mirroring-group monitor-egress

Use mirroring-group monitor-egress to configure the egress port for a remote source group.

Use undo mirroring-group monitor-egress to remove the egress port from a remote source group.

Syntax

In system view:

mirroring-group group-id monitor-egress interface-type interface-number

undo mirroring-group group-id monitor-egress interface-type interface-number

In interface view:

mirroring-group group-id monitor-egress

undo mirroring-group group-id monitor-egress

Default

No egress port is configured for a mirroring group.

Views

System view, interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its number in the range of 1 to 4. The specified mirroring group must already exist.

interface-type interface-number: Specifies a port by its type and number.

Usage guidelines

You can configure egress ports only for remote source groups.

For port mirroring to operate correctly, disable the following features on the egress port of a mirroring group:

·     Spanning tree.

·     802.1X.

·     IGMP snooping.

·     Static ARP.

·     MAC address learning.

Do not configure a port of an existing mirroring group as an egress port.

Examples

# Create remote source group 1, and configure port Ten-GigabitEthernet 1/0/1 as its egress port in system view.

<Sysname> system-view

[Sysname] mirroring-group 1 remote-source

[Sysname] mirroring-group 1 monitor-egress ten-gigabitethernet 1/0/1

# Create remote source group 2, and configure port Ten-GigabitEthernet 1/0/2 as its egress port in interface view.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-source

[Sysname] interface ten-gigabitethernet 1/0/2

[Sysname-Ten-GigabitEthernet1/0/2] mirroring-group 2 monitor-egress

Related commands

mirroring-group

mirroring-group monitor-port (interface view)

Use mirroring-group monitor-port to configure the port as the monitor port for a mirroring group.

Use undo mirroring-group monitor-port to remove the monitor port from a mirroring group.

Syntax

mirroring-group group-id monitor-port

undo mirroring-group group-id monitor-port

Default

No monitor port is configured for a mirroring group.

Views

Interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its number in the range of 1 to 4. The specified mirroring group must already exist.

Usage guidelines

You can configure monitor ports only for local mirroring groups and remote destination groups.

Do not enable the spanning tree feature on the monitor port of a mirroring group.

For a Layer 2 aggregate interface configured as the monitor port of a local mirroring group, do not configure its member ports as source ports.

A Layer 2 aggregate interface cannot be configured as the monitor port of a Layer 2 remote source or destination group.

Use a monitor port only for port mirroring, so the data monitoring device receives only the mirrored traffic.

Do not configure a port of an existing mirroring group as a monitor port.

Examples

# Create local mirroring group 1, and configure port Ten-GigabitEthernet 1/0/1 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] mirroring-group 1 monitor-port

# Create remote destination group 2, and configure port Ten-GigabitEthernet 1/0/2 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-destination

[Sysname] interface ten-gigabitethernet 1/0/2

[Sysname-Ten-GigabitEthernet1/0/2] mirroring-group 2 monitor-port

Related commands

mirroring-group

mirroring-group monitor-port (system view)

Use mirroring-group monitor-port to configure a port as the monitor port for a mirroring group.

Use undo mirroring-group monitor-port to remove the monitor port from a mirroring group.

Syntax

mirroring-group group-id monitor-port interface-type interface-number

undo mirroring-group group-id monitor-port interface-type interface-number

Default

No monitor port is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its number in the range of 1 to 4. The specified mirroring group must already exist.

interface-type interface-number: Specifies a port by its type and number.

Usage guidelines

You can configure monitor ports only for local mirroring groups and remote destination groups.

Do not enable the spanning tree feature on the monitor port of a mirroring group.

For a Layer 2 aggregate interface configured as the monitor port of a local mirroring group, do not configure its member ports as source ports.

A Layer 2 aggregate interface cannot be configured as the monitor port of a Layer 2 remote source or destination group.

Use a monitor port only for port mirroring, so the data monitoring device receives only the mirrored traffic.

Do not configure a port of an existing mirroring group as a monitor port.

Examples

# Create local mirroring group 1, and configure port Ten-GigabitEthernet 1/0/1 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 monitor-port ten-gigabitethernet 1/0/1

# Create remote destination group 2, and configure port Ten-GigabitEthernet 1/0/2 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-destination

[Sysname] mirroring-group 2 monitor-port ten-gigabitethernet 1/0/2

Related commands

mirroring-group

mirroring-group reflector-port

Use mirroring-group reflector-port to configure the reflector port for a remote source group.

Use undo mirroring-group reflector-port to remove the reflector port from a remote source group.

Syntax

In system view:

mirroring-group group-id reflector-port interface-type interface-number

undo mirroring-group group-id reflector-port interface-type interface-number

In interface view:

mirroring-group group-id reflector-port

undo mirroring-group group-id reflector-port

Default

No reflector port is configured for a mirroring group. A port does not act as the reflector port for a mirroring group.

Views

System view, interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its number in the range of 1 to 4. The specified mirroring group must already exist.

interface-type interface-number: Specifies a port by its type and number.

Usage guidelines

You can configure reflector ports only for remote source groups.

The port to be configured as a reflector port must be a port not in use. Do not connect a network cable to a reflector port.

When a port is configured as a reflector port, the port restores to the factory default settings. After the port is configured as a reflector port:

·     You cannot configure other features on the reflector port.

·     You cannot change the duplex mode, MDI setting, and port rate for the reflector port.

Examples

# Create remote source group 1, and configure port Ten-GigabitEthernet 1/0/1 as its reflector port in system view.

<Sysname> system-view

[Sysname] mirroring-group 1 remote-source

[Sysname] mirroring-group 1 reflector-port ten-gigabitethernet 1/0/1

This operation may delete all settings made on the interface. Continue? [Y/N]: y

# Create remote source group 2, and configure port Ten-GigabitEthernet 1/0/2 as its reflector port in interface view.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-source

[Sysname] interface ten-gigabitethernet 1/0/2

[Sysname-Ten-GigabitEthernet1/0/2] mirroring-group 2 reflector-port

This operation may delete all settings made on the interface. Continue? [Y/N]: y

Related commands

mirroring-group

mirroring-group remote-probe vlan

Use mirroring-group remote-probe vlan to specify a VLAN as the remote probe VLAN for a mirroring group.

Use undo mirroring-group remote-probe vlan to remove a remote probe VLAN from a mirroring group.

Syntax

mirroring-group group-id remote-probe vlan vlan-id

undo mirroring-group group-id remote-probe vlan vlan-id

Default

No remote probe VLAN is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its number in the range of 1 to 4. The specified mirroring group must already exist.

vlan-id: Specifies a VLAN by its ID.

Usage guidelines

You can configure remote probe VLANs only for remote source groups and remote destination groups.

When a VLAN is configured as a remote probe VLAN, use the VLAN for port mirroring exclusively.

The remote mirroring groups on the source device and destination device must use the same remote probe VLAN.

Only a static VLAN that already exists can be configured as a remote probe VLAN. A VLAN can be configured as the remote probe VLAN for only one mirroring group.

To delete a VLAN that is configured as a remote probe VLAN, remove the remote probe VLAN configuration first.

Examples

# Create remote source group 1, and configure VLAN 10 as its remote probe VLAN.

<Sysname> system-view

[Sysname] mirroring-group 1 remote-source

[Sysname] mirroring-group 1 remote-probe vlan 10

# Create remote destination group 2, and configure VLAN 20 as its remote probe VLAN.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-destination

[Sysname] mirroring-group 2 remote-probe vlan 20

Related commands

mirroring-group

 


Flow mirroring commands

mirror-to

Use mirror-to to configure a mirroring action for a traffic behavior.

Use undo mirror-to to delete a mirroring action.

Syntax

mirror-to { cpu | interface interface-type interface-number [ loopback | destination-ip destination-ip-address source-ip source-ip-address [ dscp dscp-value | vlan vlan-id | vrf-instance vrf-instance-name ] * ] }

undo mirror-to { cpu | interface interface-type interface-number }

Default

No mirroring action is configured for a traffic behavior.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

cpu: Specifies the CPU of the IRF member device that receives the packets matching the criteria defined in the traffic class.

interface interface-type interface-number: Specifies an interface by its type and number.

loopback: Uses the GRE encapsulation format for mirrored packets. Upon arriving at the specified interface, the mirrored packets are forwarded to the destination device through the GRE tunnel. The destination device decapsulates the packets and forwards them to the data monitoring device. If this keyword is specified, the device does not mirror Layer 2 broadcast packets. This keyword is not supported in the current software version.

destination-ip destination-ip-address: Specifies the destination IP address for mirrored packets that are sent out of the interface.

source-ip source-ip-address: Specifies the source IP address for mirrored packets that are sent out of the interface.

dscp dscp-value: Specifies the DSCP value for mirrored packets that are sent out of the interface. The value range for the dscp-value argument is 0 to 63.

vrf-instance vrf-instance-name: Specifies the VRF instance by its name for mirrored packets that are sent out of the interface.

vlan vlan-id: Specifies the VLAN by its ID for mirrored packets that are sent out of the interface. The value range for the vlan-id argument is 1 to 4094.

Usage guidelines

You can configure multiple actions of mirroring traffic to interfaces for a traffic behavior.

Examples

# Create traffic behavior 1, and configure the action of mirroring traffic to the CPU for the traffic behavior.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to cpu

# Create traffic behavior 1, and configure the action of mirroring traffic to interface Ten-GigabitEthernet 1/0/1 for the traffic behavior.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to interface ten-gigabitethernet 1/0/1

# Create traffic behavior 1, and configure the action of mirroring traffic to interface Ten-GigabitEthernet 1/0/1 for the traffic behavior. Specify the source IP address, destination IP address, and DSCP value for the mirrored packets sent out of the interface as 1.1.1.1, 2.2.2,2, and 20, respectively.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to interface ten-gigabitethernet 1/0/1 destination-ip 1.1.1.1 source-ip 2.2.2.2 dscp 20

 

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网