11-Network Management and Monitoring Command Reference

HomeSupportResource CenterSwitchesS12500R SeriesS12500R SeriesTechnical DocumentsReference GuidesCommand ReferencesH3C S12500R Switch Router Series Command References(R3606)-6W10011-Network Management and Monitoring Command Reference
13-Mirroring commands
Title Size Download
13-Mirroring commands 92.28 KB

Port mirroring commands

display mirroring-group

Use display mirroring-group to display mirroring group information.

Syntax

display mirroring-group { group-id | all | local | remote-destination | remote-source }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

group-id: Specifies a mirroring group by its number. The value range for this argument is 1 to 15.

all: Specifies all mirroring groups.

local: Specifies local mirroring groups.

remote-destination: Specifies remote destination groups.

remote-source: Specifies remote source groups.

Usage guidelines

Mirroring group information includes the type, status, and content of a mirroring group. It is sorted by mirroring group number.

Examples

# Display information about all mirroring groups.

<Sysname> display mirroring-group all

Mirroring group 1:

    Type: Local

    Status: Active

    Sampler: samp (failed)

    Mirroring port: HundredGigE1/0/1 Inbound

      Monitor port: HundredGigE1/0/2

                    HundredGigE1/0/3

                    HundredGigE1/0/4

Table 1 Command output

Field

Description

Mirroring group

Number of the mirroring group.

Type

Type of the mirroring group:

·     Local.

·     Remote source.

·     Remote destination.

Status

Status of the mirroring group:

·     Active—The mirroring group has taken effect.

·     Incomplete—The mirroring group configuration is not complete and does not take effect.

Sampler

Sampler name.

·     If the mirroring group failed to use the sampler, this field displays sampler-name (failed).

·     If no sampler is configured, this field is not displayed.

Mirroring port

Source port, which might be followed by the following keywords:

·     Both—Mirrors both the received and the sent packets of the interface.

·     Inbound—Mirrors the received packets of the interface.

·     Outbound—Mirrors the sent packets of the interface.

Mirroring CPU

Source CPU.

Monitor port

Destination port and the action taken on mirrored packets. truncation means to truncate mirrored packets.

mirroring-group

Use mirroring-group to create a mirroring group.

Use undo mirroring-group to delete mirroring groups.

Syntax

mirroring-group group-id  { local [ sampler sampler-name ] | remote-destination | remote-source }

undo mirroring-group { group-id | all | local | remote-destination | remote-source }

Default

No mirroring groups exist.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its number in the range of 1 to 15.

local: Specifies local mirroring groups.

remote-destination: Specifies remote destination groups.

remote-source: Specifies remote source groups.

all: Specifies all mirroring groups.

sampler sampler-name: Specifies a sampler to be used by its name. The sampler-name argument is a case-insensitive string of 1 to 31 characters.

Usage guidelines

A sampler selects a packet from sequential packets. Port mirroring uses the sampler to limit the volume of traffic to be mirrored. You can specify a sampler that has not been created for a mirroring group. If you configure multiple samplers for a mirroring group, the most recent configuration takes effect. For more information about samplers, see Network Management and Monitoring Configuration Guide.

Examples

# Create local mirroring group 1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

mirroring-group mirroring-cpu

Use mirroring-group mirroring-cpu to configure source CPUs for a mirroring group.

Use undo mirroring-group mirroring-cpu to remove source CPUs from a mirroring group.

Syntax

mirroring-group group-id mirroring-cpu slot slot-number-list inbound

undo mirroring-group group-id mirroring-cpu slot slot-number-list

Default

No source CPU is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its number. The specified mirroring group must already exist. The value range for this argument is 1 to 15.

slot slot-number-list: Specifies a space-separated list of up to eight slot number items. An item specifies a card by its slot number or specifies a range of cards in the form of start-slot-number to end-slot-number. The end slot number must be equal to or greater than the start slot number.

inbound: Mirrors only received packets.

Usage guidelines

You can configure source CPUs only for local mirroring groups and remote source groups.

Examples

# Create remote source group 2 to monitor the bidirectional traffic of the CPU.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-source

[Sysname] mirroring-group 2 mirroring-cpu both

Related commands

mirroring-group

mirroring-group mirroring-port (interface view)

Use mirroring-group mirroring-port to configure a port as a source port for a mirroring group.

Use undo mirroring-group mirroring-port to restore the default.

Syntax

mirroring-group group-id mirroring-port { both | inbound | outbound }

undo mirroring-group group-id mirroring-port

Default

A port does not act as a source port for any mirroring groups.

Views

Interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its number. The specified mirroring group must already exist. The value range for this argument is 1 to 15.

both: Mirrors both received and sent packets.

inbound: Mirrors only received packets.

outbound: Mirrors only sent packets.

Usage guidelines

You can configure source ports only for local mirroring groups and remote source groups.

Layer 2 or Layer 3 aggregate interfaces cannot be configured as source ports.

Do not assign a source port of a mirroring group to the remote probe VLAN of the mirroring group.

A port can act as a source port for only one mirroring group.

A source port cannot be used as a reflector port, monitor port, or egress port.

Examples

# Create local mirroring group 1 to monitor the bidirectional traffic of HundredGigE 1/0/1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] interface hundredgige 1/0/1

[Sysname-HundredGigE1/0/1] mirroring-group 1 mirroring-port both

# Create remote source group 2 to monitor the bidirectional traffic of HundredGigE 1/0/2.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-source

[Sysname] interface hundredgige 1/0/2

[Sysname-HundredGigE1/0/2] mirroring-group 2 mirroring-port both

Related commands

mirroring-group

mirroring-group mirroring-port (system view)

Use mirroring-group mirroring-port to configure source ports for a mirroring group.

Use undo mirroring-group mirroring-port to remove source ports from a mirroring group.

Syntax

mirroring-group group-id mirroring-port interface-list { both | inbound | outbound }

undo mirroring-group group-id mirroring-port interface-list

Default

No source port is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its number. The specified mirroring group must already exist. The value range for this argument is 1 to 15.

interface-list: Specifies a space-separated list of up to eight port items. Each item specifies a single port or a port range in the form of interface-type interface-number1 to interface-type interface-number2. The specified interfaces must be of the same type and on the same slot. The value for the interface-number2 argument must be equal to or greater than the value for the interface-number1 argument.

both: Mirrors both received and sent packets.

inbound: Mirrors only received packets.

outbound: Mirrors only sent packets.

Usage guidelines

You can configure source ports only for local mirroring groups and remote source groups.

Layer 2 or Layer 3 aggregate interfaces cannot be configured as source ports.

Do not assign a source port of a mirroring group to the remote probe VLAN of the mirroring group.

A port can act as a source port for only one mirroring group.

A source port cannot be used as a reflector port, monitor port, or egress port.

Examples

# Create local mirroring group 1 to monitor the bidirectional traffic of HundredGigE 1/0/1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 mirroring-port hundredgige 1/0/1 both

# Create remote source group 2 to monitor the bidirectional traffic of HundredGigE 1/0/2.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-source

[Sysname] mirroring-group 2 mirroring-port hundredgige 1/0/2 both

Related commands

mirroring-group

mirroring-group monitor-egress

Use mirroring-group monitor-egress to configure the egress port for a remote source group.

Use undo mirroring-group monitor-egress to restore the default.

Syntax

In system view:

mirroring-group group-id monitor-egress interface-type interface-number

undo mirroring-group group-id monitor-egress interface-type interface-number

In interface view:

mirroring-group group-id monitor-egress

undo mirroring-group group-id monitor-egress

Default

No egress port is configured for a remote source group.

Views

System view

Interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its number. The specified mirroring group must already exist. The value range for this argument is 1 to 15.

interface-type interface-number: Specifies a port by its type and number.

Usage guidelines

You can configure egress ports only for remote source groups.

For port mirroring to work correctly, disable the following features on the egress port of a mirroring group:

·     Spanning tree.

·     IGMP snooping.

·     Static ARP.

·     MAC address learning.

The member port of an existing mirroring group cannot be configured as an egress port.

Examples

# Create remote source group 1. Configure HundredGigE 1/0/1 as its egress port in system view.

<Sysname> system-view

[Sysname] mirroring-group 1 remote-source

[Sysname] mirroring-group 1 monitor-egress hundredgige 1/0/1

# Create remote source group 2. Configure HundredGigE 1/0/2 as its egress port in interface view.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-source

[Sysname] interface hundredgige 1/0/2

[Sysname-HundredGigE1/0/2] mirroring-group 2 monitor-egress

Related commands

mirroring-group

mirroring-group monitor-port (interface view)

Use mirroring-group monitor-port to configure a port as a monitor port for a mirroring group.

Use undo mirroring-group monitor-port to restore the default.

Syntax

mirroring-group group-id monitor-port [ truncation ]

undo mirroring-group group-id monitor-port

Default

A port does not act as a monitor port for any mirroring groups.

Views

Interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its number. The specified mirroring group must already exist. The value range for this argument is 1 to 15.

truncation: Truncates 128 bytes of a mirrored packet from the start and sends the truncated part to the monitor port.

Usage guidelines

You can configure monitor ports only for local mirroring groups and remote destination groups.

Do not enable the spanning tree feature on the monitor port of a mirroring group.

For a Layer 2 aggregate interface configured as the monitor port of a mirroring group, do not configure its member ports as source ports of the mirroring group.

Use a monitor port only for port mirroring, so the data monitoring device receives and analyzes only the mirrored traffic.

The member port of an existing mirroring group cannot be configured as a monitor port.

The source port of an existing mirroring group cannot be configured as a monitor port.

The member port of an aggregate interface cannot be configured as a monitor port.

With the truncation keyword specified, only the truncated part is sent to the data monitoring device. In this way, you can reduce the packet processing workload on the data monitoring device or prevent the payload in packets from be sent to the data monitoring device.

On a device that supports multiple monitor ports for a mirroring group, the monitor ports of the same mirroring group must be configured with the same mirrored packet truncation attribute.

To modify the mirrored packet truncation configuration, you must first execute the undo mirroring-group monitor-port command.

Examples

# Create local mirroring group 1 and configure HundredGigE 1/0/1 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] interface hundredgige 1/0/1

[Sysname-HundredGigE1/0/1] mirroring-group 1 monitor-port

# Create remote destination group 2 and configure HundredGigE 1/0/2 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-destination

[Sysname] interface hundredgige 1/0/2

[Sysname-HundredGigE1/0/2] mirroring-group 2 monitor-port

Related commands

mirroring-group

mirroring-group monitor-port (system view)

Use mirroring-group monitor-port to configure the monitor ports for a mirroring group.

Use undo mirroring-group monitor-port to remove the monitor ports from a mirroring group.

Syntax

mirroring-group group-id monitor-port interface-list [ truncation ]

undo mirroring-group group-id monitor-port interface-list

Default

No monitor port is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its number. The specified mirroring group must already exist. The value range for this argument is 1 to 15.

interface-list: Specifies a space-separated list of up to eight port items. Each item specifies a single port or a port range in the form of interface-type interface-number1 to interface-type interface-number2. The value for the interface-number2 argument must be equal to or greater than the value for the interface-number1 argument.

truncation: Truncates 128 bytes of a mirrored packet from the start and sends the truncated part to the monitor port.

Usage guidelines

You can configure monitor ports only for local mirroring groups and remote destination groups.

Do not enable the spanning tree feature on the monitor port of a mirroring group.

For a Layer 2 aggregate interface configured as the monitor port of a mirroring group, do not configure its member ports as source ports of the mirroring group.

Use a monitor port only for port mirroring, so the data monitoring device receives only the mirrored traffic.

The member port of an existing mirroring group cannot be configured as a monitor port.

The source port of an existing mirroring group cannot be configured as a monitor port.

The member port of an aggregate interface cannot be configured as a monitor port.

With the truncation keyword specified, only the truncated part is sent to the data monitoring device. In this way, you can reduce the packet processing workload on the data monitoring device or prevent the payload in packets from be sent to the data monitoring device.

On a device that supports multiple monitor ports for a mirroring group, the monitor ports of the same mirroring group must be configured with the same mirrored packet truncation attribute.

To modify the mirrored packet truncation configuration, you must first execute the undo mirroring-group monitor-port command.

Examples

# Create local mirroring group 1 and configure HundredGigE 1/0/1 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 monitor-port hundredgige 1/0/1

# Create remote destination group 2 and configure HundredGigE 1/0/2 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-destination

[Sysname] mirroring-group 2 monitor-port hundredgige 1/0/2

# Create local mirroring group 3 and configure ports HundredGigE 1/0/1 through HundredGigE 1/0/3 and HundredGigE 1/0/5 as its monitor ports.

<Sysname> system-view

[Sysname] mirroring-group 3 local

[Sysname] mirroring-group 3 monitor-port hundredgige 1/0/1 to hundredgige 1/0/3 hundredgige 1/0/5

Related commands

mirroring-group

mirroring-group reflector-port

Use mirroring-group reflector-port to configure the reflector port for a remote source group.

Use undo mirroring-group reflector-port to restore the default.

Syntax

In system view:

mirroring-group group-id reflector-port interface-type interface-number

undo mirroring-group group-id reflector-port interface-type interface-number

In interface view:

mirroring-group group-id reflector-port

undo mirroring-group group-id reflector-port

Default

No reflector port is configured for a mirroring group.

Views

System view

Interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its number. The specified mirroring group must already exist. The value range for this argument is 1 to 15.

interface-type interface-number: Specifies a port by its type and number.

Usage guidelines

You can configure reflector ports only for remote source groups.

The port to be configured as a reflector port must be a port not in use. Do not connect a network cable to a reflector port.

When a port is configured as a reflector port, the port restores to the factory default settings. You cannot configure other features on a reflector port.

Examples

# Create remote source group 1. Configure HundredGigE 1/0/1 as its reflector port in system view.

<Sysname> system-view

[Sysname] mirroring-group 1 remote-source

[Sysname] mirroring-group 1 reflector-port hundredgige 1/0/1

This operation may delete all settings made on the interface. Continue? [Y/N]: y

# Create remote source group 2. Configure HundredGigE 1/0/2 as its reflector port in interface view.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-source

[Sysname] interface hundredgige 1/0/2

[Sysname-HundredGigE1/0/2] mirroring-group 2 reflector-port

This operation may delete all settings made on the interface. Continue? [Y/N]: y

Related commands

mirroring-group

mirroring-group remote-probe vlan

Use mirroring-group remote-probe vlan to specify a VLAN as the remote probe VLAN for a mirroring group.

Use undo mirroring-group remote-probe vlan to restore the default.

Syntax

mirroring-group group-id remote-probe vlan vlan-id

undo mirroring-group group-id remote-probe vlan vlan-id

Default

No remote probe VLAN is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its number. The specified mirroring group must already exist. The value range for this argument is 1 to 15.

vlan-id: Specifies a VLAN by its ID.

Usage guidelines

You can configure remote probe VLANs only for remote source groups and remote destination groups.

When a VLAN is configured as a remote probe VLAN, use the VLAN for port mirroring exclusively.

The remote mirroring groups on the source device and destination device must use the same remote probe VLAN.

Only a static VLAN that already exists can be configured as a remote probe VLAN. A VLAN can be configured as the remote probe VLAN for only one mirroring group.

To delete a VLAN that is configured as a remote probe VLAN, remove the remote probe VLAN configuration first.

Examples

# Create remote source group 1 and configure VLAN 10 as its remote probe VLAN.

<Sysname> system-view

[Sysname] mirroring-group 1 remote-source

[Sysname] mirroring-group 1 remote-probe vlan 10

# Create remote destination group 2 and configure VLAN 20 as its remote probe VLAN.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-destination

[Sysname] mirroring-group 2 remote-probe vlan 20

Related commands

mirroring-group


Flow mirroring commands

mirror-to cpu

Use mirror-to cpu to configure a mirroring action that mirrors traffic to the CPU.

Use undo mirror-to cpu to delete the mirroring action that mirrors traffic to the CPU.

Syntax

mirror-to cpu

undo mirror-to cpu

Default

No mirroring action exists to mirror traffic to the CPU.

Views

Traffic behavior view

Predefined user roles

network-admin

Examples

# Create traffic behavior 1 and configure the action of mirroring traffic to the CPU for the traffic behavior.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to cpu

mirror-to interface

Use mirror-to interface to configure a mirroring action that mirrors traffic to an interface.

Use undo mirror-to interface to delete a mirroring action that mirrors traffic to an interface.

Syntax

mirror-to interface interface-type interface-number

undo mirror-to interface interface-type interface-number

Default

No mirroring actions exist to mirror traffic to interfaces.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

 

Usage guidelines

A traffic behavior can mirror traffic to only one interface.

If you execute this command for a traffic behavior multiple times, the most recent configuration takes effect.

The encapsulation parameters for the mirrored packets are available only when the mirrored packets are sent out of Ethernet interfaces.

Examples

# Create traffic behavior 1 and configure the action of mirroring traffic to HundredGigE 1/0/1 for the traffic behavior.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to interface hundredgige 1/0/1

 

  • Cloud & AI
  • InterConnect
  • Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网