Contents

Port mirroring commands· 1

display mirroring-group· 2

mirroring-group· 3

mirroring-group mirroring-port (interface view) 3

mirroring-group mirroring-port (system view) 4

mirroring-group monitor-port (interface view) 5

mirroring-group monitor-port (system view) 6

 

Port mirroring commands

The following compatibility matrix shows the support of hardware platforms for port mirroring:

 

Hardware	Port mirroring compatibility
F5010, F5020, F5020-GM, F5040, F5000-C, F5000-S	Yes
F5030, F5030-6GW, F5060, F5080, F5000-AI-20, F5000-AI-40, F5000-V30, F5000-M, F5000-A	Yes only on slots 3 through 8
F1000-AI-20, F1000-AI-30, F1000-AI-50	Yes
F1000-AI-60, F1000-AI-70, F1000-AI-80, F1000-AI-90	Yes only on interfaces GE 1/0/0 through GE 1/0/13, XGE 1/0/18 and XGE 1/0/19, and GE 1/0/22 through GE1/0/29 and interfaces in the four interface card slots
F1003-L, F1005-L, F1010-L	No
F1005, F1010	No
F1020, F1020-GM, F1030, F1030-GM, F1050, F1060, F1070, F1070-GM, F1070-GM-L, F1080, F1000-V70	Yes
F1090	Yes only on interfaces GE 1/0/0 through GE 1/0/13, XGE 1/0/18 and XGE 1/0/19, and GE 1/0/22 through GE1/0/29 and interfaces in the four interface card slots
F1000-AK1110, F1000-AK1120, F1000-AK1130, F1000-AK1140	No
F1000-AK1212, F1000-AK1222, F1000-AK1232, F1000-AK1312, F1000-AK1322, F1000-AK1332	Yes
F1000-AK1414, F1000-AK1424, F1000-AK1434, F1000-AK1514, F1000-AK1524, F1000-AK1534, F1000-AK1614	Yes only on interfaces GE 1/0/0 through GE 1/0/13, XGE 1/0/18 and XGE 1/0/19, and GE 1/0/22 through GE1/0/29 and interfaces in the four interface card slots
F1000-AK108, F1000-AK109, F1000-AK110, F1000-AK115, F1000-AK120, F1000-AK125. F1000-AK710	No
F1000-AK130, F1000-AK135, F1000-AK140, F1000-AK145, F1000-AK150, F1000-AK155, F1000-AK160, F1000-AK165, F1000-AK170, F1000-AK175, F1000-AK180, F1000-AK185, F1000-GM-AK370, F1000-GM-AK380, F1000-AK711	Yes
LSU3FWCEA0, LSUM1FWCEAB0, LSX1FWCEA1	No
LSXM1FWDF1, LSUM1FWDEC0, IM-NGFWX-IV, LSQM1FWDSC0, LSWM1FWD0, LSPM6FWD, LSQM2FWDSC0	No
vFW1000, vFW2000	No

‌

Virtual interfaces do not support port mirroring.

Port mirroring across IRF member devices are not supported. The mirroring sources and destination must reside on the same IRF member device.

If you configure an interface shared by multiple contexts as a source port, traffic passing through the shared interface will be mirrored to the monitor port without distinction of contexts.

The fixed interfaces of a device and the interfaces on interface cards cannot be assigned to the same mirroring group on devices of the following series:

·     F5010, F5020, F5020-GM, F5040, F5000-C, F5000-S.

·     F1000-AI-20, F1000-AI-30, F1000-AI-50.

·     F1020, F1020-GM, F1030, F1030-GM, F1050, F1060, F1070, F1070-GM, F1070-GM-L, F1080, F1000-V70.

·     F1000-AK1212, F1000-AK1222, F1000-AK1232, F1000-AK1312, F1000-AK1322, F1000-AK1332, F1000-AK130, F1000-AK135, F1000-AK140, F1000-AK145, F1000-AK150, F1000-AK155, F1000-AK160, F1000-AK165, F1000-AK170, F1000-AK711, F1000-AK175, F1000-AK180, F1000-AK185, F1000-GM-AK370, F1000-GM-AK380.

display mirroring-group

Use display mirroring-group to display mirroring group information.

Syntax

display mirroring-group { group-id | all | local }

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

group-id: Specifies a mirroring group by its ID. The group ID can be 1 and 2.

all: Specifies all mirroring groups.

local: Specifies local mirroring groups.

Usage guidelines

Mirroring group information includes the type, status, and content of a mirroring group. It is sorted by mirroring group number.

Examples

# Display information about all mirroring groups.

<Sysname> display mirroring-group all

Mirroring group 1:

    Type: Local

    Status: Active

    Mirroring port:

        GigabitEthernet1/0/1  Inbound

    Monitor port: GigabitEthernet1/0/2

Table 1 Command output

Field	Description
Mirroring group	Number of the mirroring group.
Type	Type of the mirroring group: Local.
Status	Status of the mirroring group: ·     Active—The mirroring group has taken effect. ·     Incomplete—The mirroring group configuration is not complete and does not take effect.
Mirroring port	Source port.
Monitor port	Destination port.

‌

mirroring-group

Use mirroring-group to create a mirroring group.

Use undo mirroring-group to delete mirroring groups.

Syntax

mirroring-group group-id local

undo mirroring-group { group-id | all | local }

Default

No mirroring groups exist.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

group-id: Specifies a mirroring group ID.The group ID can be 1 and 2.

local: Specifies local mirroring groups.

all: Specifies all mirroring groups.

Examples

# Create local mirroring group 1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

mirroring-group mirroring-port (interface view)

Use mirroring-group mirroring-port to configure a port as a source port for a mirroring group.

Use undo mirroring-group mirroring-port to restore the default.

Syntax

mirroring-group group-id mirroring-port { both | inbound | outbound }

undo mirroring-group group-id mirroring-port

Default

A port does not act as a source port for any mirroring groups.

Views

Interface view

Predefined user roles

network-admin

context-admin

Parameters

group-id: Specifies a mirroring group by its ID. The group ID can be 1 and 2.

both: Mirrors both received and sent packets.

inbound: Mirrors only received packets.

outbound: Mirrors only sent packets.

Usage guidelines

A Layer 2 or Layer 3 aggregate interface cannot be configured as a source port for a mirroring group.

A source port cannot be used as a monitor port.

Examples

# Create local mirroring group 1 to monitor the bidirectional traffic of port GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] mirroring-group 1 mirroring-port both

Related commands

mirroring-group

mirroring-group mirroring-port (system view)

Use mirroring-group mirroring-port to configure source ports for a mirroring group.

Use undo mirroring-group mirroring-port to remove source ports from a mirroring group.

Syntax

mirroring-group group-id mirroring-port interface-list { both | inbound | outbound }

undo mirroring-group group-id mirroring-port interface-list

Default

No source port is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

group-id: Specifies a mirroring group by its ID. The group ID can be 1 and 2.

interface-list: Specifies a space-separated list of up to eight interface items. Each item specifies an interface by its type and number or specifies a range of interfaces in the form of interface-type interface-number1 to interface-type interface-number2. When you specify a range of interfaces, the interfaces must be of the same type and on the same slot. The start interface number must be identical to or lower than the end interface number.

both: Mirrors both received and sent packets.

inbound: Mirrors only received packets.

outbound: Mirrors only sent packets.

Usage guidelines

A Layer 2 or Layer 3 aggregate interface cannot be configured as a source port for a mirroring group.

A source port cannot be used as a monitor port.

Examples

# Create local mirroring group 1 to monitor the bidirectional traffic of GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 mirroring-port gigabitethernet 1/0/1 both

Related commands

mirroring-group

mirroring-group monitor-port (interface view)

Use mirroring-group monitor-port to configure a port as the monitor port for a mirroring group.

Use undo mirroring-group monitor-port to restore the default.

Syntax

mirroring-group group-id monitor-port

undo mirroring-group group-id monitor-port

Default

A port does not act as the monitor port for any mirroring groups.

Views

Interface view

Predefined user roles

network-admin

context-admin

Parameters

group-id: Specifies a mirroring group by its ID. The group ID can be 1 and 2.

Usage guidelines

Do not enable the spanning tree feature on the monitor port of a mirroring group.

A Layer 2 or Layer 3 aggregate interface cannot be configured as the monitor port for a mirroring group.

Use a monitor port only for port mirroring, so the data monitoring device receives and analyzes only the mirrored traffic.

The member port of an existing mirroring group cannot be configured as a monitor port.

Examples

# Create local mirroring group 1 and configure GigabitEthernet 1/0/1 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] mirroring-group 1 monitor-port

Related commands

mirroring-group

mirroring-group monitor-port (system view)

Use mirroring-group monitor-port to configure the monitor ports for a mirroring group.

Use undo mirroring-group monitor-port to remove the monitor ports from a mirroring group.

Syntax

mirroring-group group-id monitor-port interface-type interface-number

undo mirroring-group group-id monitor-port interface-type interface-number

Default

No monitor port is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

group-id: Specifies a mirroring group by its ID. The group ID can be 1 and 2.

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

Do not enable the spanning tree feature on the monitor port of a mirroring group.

Use a monitor port only for port mirroring, so the data monitoring device receives only the mirrored traffic.

The member port of an existing mirroring group cannot be configured as a monitor port.

Examples

# Create local mirroring group 1 and configure GigabitEthernet 1/0/1 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 monitor-port gigabitethernet 1/0/1

Related commands

mirroring-group