Example for Configuring ACL-based Local Traffic Mirroring

Networking Requirements

In Figure 1, the science and technology department and administrative department of a company use the network segments 10.1.1.0/24 and 10.1.2.0/24, respectively, to access the Internet or communicate with each other through the Switch. The monitoring device (Server) is directly connected to the Switch.

The following traffic from the science and technology department needs to be monitored by the Server:

Traffic to the Internet
Traffic to the administrative department

Figure 1 ACL-based local traffic mirroring networking

Configuration Roadmap

The configuration roadmap is as follows:

Configure GE0/0/2 of the Switch as a local observing port to forward mirrored packets to the Server.
Configure advanced ACLs to match two types of traffic of the science and technology department: Internet access traffic and traffic sent to the administrative department.
Configure an ACL-based traffic policy on GE0/0/1 to mirror the matching traffic.

Procedure

Configure an observing port.

# Configure GE0/0/2 of the Switch as a local observing port.

<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] observe-port 1 interface gigabitethernet 0/0/2

# Disable the observing port from forwarding data packets.

[Switch] observe-port 1 forwarding disable

Configure advanced ACLs.
# Create two advanced ACLs numbered 3000 and 3001 on the Switch, configure ACL 3000 to match traffic with source address 10.1.1.0/24 and destination TCP port number WWW, and configure ACL 3001 to match traffic with source address 10.1.1.0/24 and destination address 10.1.2.0/24.
```
[Switch] acl number 3000
[Switch-acl-adv-3000] rule permit tcp source 10.1.1.0 0.0.0.255 destination-port eq www
[Switch-acl-adv-3000] quit
[Switch] acl number 3001
[Switch-acl-adv-3001] rule permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255
[Switch-acl-adv-3001] quit
```

Configure an ACL-based traffic policy.

# Configure an ACL-based traffic policy on GE0/0/1 of the Switch to mirror the matching traffic.

[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] traffic-mirror inbound acl 3000 to observe-port 1
[Switch-GigabitEthernet0/0/1] traffic-mirror inbound acl 3001 to observe-port 1
[Switch-GigabitEthernet0/0/1] return

Verify the configuration.

# Check ACL rules and traffic behavior information.

<Switch> display traffic-applied interface gigabitethernet 0/0/1 inbound
-----------------------------------------------------------
ACL applied inbound interface GigabitEthernet0/0/1

ACL 3000
 rule 5 permit tcp source 10.1.1.0 0.0.0.255 destination-port eq www (match-counter 0)
ACTIONS:
 mirror to observe-port 1
-----------------------------------------------------------

ACL 3001
 rule 5 permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255 (match-counter 0)
ACTIONS:
 mirror to observe-port 1
-----------------------------------------------------------

# Check the observing port configuration.

<Switch> display observe-port
  ----------------------------------------------------------------------
  Index          : 1
  Untag-packet   : No
  Forwarding     : No
  Interface      : GigabitEthernet0/0/2
  ----------------------------------------------------------------------

# Check the mirroring configuration.

<Switch> display port-mirroring
  ----------------------------------------------------------------------
  Observe-port 1 : GigabitEthernet0/0/2
  ----------------------------------------------------------------------
  Stream-mirror:
  ----------------------------------------------------------------------
       Behavior                  Direction  Observe-port
  ----------------------------------------------------------------------
  1    SACL                      -          Observe-port 1
  ----------------------------------------------------------------------