Example for Configuring MQC-based Local Traffic Mirroring
Networking Requirements
In Figure 1, the science and technology department and administrative department of a company use the network segments 10.1.1.0/24 and 10.1.2.0/24, respectively, to access the Internet or communicate with each other through the Switch. The monitoring device (Server) is directly connected to the Switch.
- Traffic to the Internet
- Traffic to the administrative department
Configuration Roadmap
- Configure GE0/0/2 of the Switch as a local observing port to forward mirrored packets to the Server.
- Configure a traffic classifier on the Switch to match Internet access traffic and traffic sent to the administrative department, and configure a traffic behavior to mirror traffic to a local observing port.
- Configure a traffic policy on the Switch, bind the traffic classifier and traffic behavior to the traffic policy, and apply the traffic policy to GE0/0/1.
Procedure
- Configure an observing port.
# Configure GE0/0/2 of the Switch as a local observing port.
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] observe-port 1 interface gigabitethernet 0/0/2
# Disable the observing port from forwarding data packets.[Switch] observe-port 1 forwarding disable
- Configure a traffic classifier.
# Create a traffic classifier c1 on the Switch, and configure rules to match two types of traffic: traffic with source address 10.1.1.0/24 and destination TCP port number WWW and traffic with source address 10.1.1.0/24 and destination address 10.1.2.0/24.
[Switch] acl number 3000 [Switch-acl-adv-3000] rule permit tcp source 10.1.1.0 0.0.0.255 destination-port eq www [Switch-acl-adv-3000] quit [Switch] acl number 3001 [Switch-acl-adv-3001] rule permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255 [Switch-acl-adv-3001] quit [Switch] traffic classifier c1 operator or [Switch-classifier-c1] if-match acl 3000 [Switch-classifier-c1] if-match acl 3001 [Switch-classifier-c1] quit
- Configure a traffic behavior.
# Create a traffic behavior b1 on the Switch, and define traffic mirroring in the traffic behavior to copy specified traffic to local observing port GE0/0/2.
[Switch] traffic behavior b1 [Switch-behavior-b1] mirroring to observe-port 1 [Switch-behavior-b1] quit
When configuring outbound traffic mirroring on the S6720-EI and S6720S-EI, do not configure other traffic behaviors; otherwise, outbound traffic mirroring is ineffective.
- Configure a traffic policy and apply it to an interface.
# Create a traffic policy named p1 on the Switch, bind the traffic behavior and traffic classifier to the traffic policy, and apply the traffic policy to the inbound direction of GE0/0/1 to monitor specified traffic of the science and technology department.
[Switch] traffic policy p1 [Switch-trafficpolicy-p1] classifier c1 behavior b1 [Switch-trafficpolicy-p1] quit [Switch] interface gigabitethernet 0/0/1 [Switch-GigabitEthernet0/0/1] traffic-policy p1 inbound [Switch-GigabitEthernet0/0/1] return
- Verify the configuration.
# Check the traffic classifier configuration.
<Switch> display traffic classifier user-defined c1 User Defined Classifier Information: Classifier: c1 Operator: OR Rule(s) : if-match acl 3000 if-match acl 3001# Check the traffic policy configuration.
<Switch> display traffic policy user-defined p1 User Defined Traffic Policy Information: Policy: p1 Classifier: c1 Operator: OR Behavior: b1 Mirroring to observe-port 1# Check the observing port configuration.
<Switch> display observe-port ---------------------------------------------------------------------- Index : 1 Untag-packet : No Forwarding : No Interface : GigabitEthernet0/0/2 ----------------------------------------------------------------------
# Check the mirroring configuration.
<Switch> display port-mirroring ---------------------------------------------------------------------- Observe-port 1 : GigabitEthernet0/0/2 ---------------------------------------------------------------------- Stream-mirror: ---------------------------------------------------------------------- Behavior Direction Observe-port ---------------------------------------------------------------------- 1 b1 - Observe-port 1 ----------------------------------------------------------------------