< Home

Configuring the Mirroring Mode

Procedure

Mirroring Mode

Procedure

Port mirroring
  1. Run the system-view command to enter the system view.
  2. Run the interface interface-type interface-number command to enter the interface view.
  3. Run the port-mirroring to observe-port observe-port-index { both | inbound | outbound } command to copy the traffic received or sent by the mirrored port to a specified observing port.

VLAN mirroring
  1. Run the system-view command to enter the system view.
  2. Run the vlan vlan-id command to enter the VLAN view.
  3. Run the mirroring to observe-port observe-port-index inbound command to copy the traffic received by all active ports in the VLAN to a specified observing port.

MAC address mirroring
  1. Run the system-view command to enter the system view.
  2. Run the vlan vlan-id command to enter the VLAN view.
  3. Run the mac-mirroring mac-address to observe-port observe-port-index inbound command to copy the packets with a specified MAC address in the VLAN to a specified observing port.

Traffic mirroring

MQC-based traffic mirroring:

  1. Run the system-view command to enter the system view.
  2. Create a traffic classifier and specify the rules that mirrored traffic needs to match.

    1. Run the traffic classifier classifier-name command to create a traffic classifier and enter the traffic classifier view.

    2. Run the if-match command to configure matching rules in the traffic classifier.

      You can configure multiple types of matching rules in a traffic classifier. For details, see "MQC Configuration - Configuring a Traffic Classifier" in the S2720, S5700, and S6700 V200R019C10 Configuration Guide - QoS Configuration.

    3. Run the quit command to exit from the traffic classifier view.

  3. Create a traffic behavior and specify the action as traffic mirroring.

    1. Run the traffic behavior behavior-name command to create a traffic behavior and enter the traffic behavior view.

    2. Run the mirroring to observe-port observe-port-index command to copy the traffic that matches the traffic classifier to the specified observing port.

    3. Run the quit command to exit from the traffic behavior view.
  4. Create a traffic policy.

    1. Run the traffic policy policy-name command to create a traffic policy and enter the traffic policy view.

    2. Run the classifier classifier-name behavior behavior-name command to bind the traffic classifier configured in step 3 and traffic behavior configured in step 4 to the traffic policy.

    3. Run the quit command to exit from the traffic policy view.

  5. Apply the traffic policy.

    A traffic policy can be applied to the system, a VLAN, or an interface. For details, see "MQC Configuration - Applying the Traffic Policy" in the S2720, S5700, and S6700 V200R019C10 Configuration Guide - QoS Configuration. The traffic policy can be performed in multiple VLANs or interfaces to mirror specified traffic in multiple VLANs or interfaces to the same observing port.

    • Apply the traffic policy to the system.

      Run the traffic-policy policy-name global { inbound | outbound } [ slot slot-id ] command to apply the traffic policy globally.

    • Apply the traffic policy in a VLAN.

      1. Run the vlan vlan-id command to enter the VLAN view.

      2. Run the traffic-policy policy-name { inbound | outbound } command to apply the traffic policy to the VLAN.

    • Apply the traffic policy to an interface.

      1. Run the interface interface-type interface-number command to enter the interface view.

      2. Run the traffic-policy policy-name { inbound | outbound } command to apply the traffic policy to the interface.

ACL-based traffic mirroring:

  • In the system or a VLAN:

    • Reference a basic ACL, an advanced ACL, a named ACL, a Layer 2 ACL, or a user-defined ACL (in IPv4).

      traffic-mirror [ vlan vlan-id ] inbound acl { bas-acl | adv-acl | name acl-name | l2-acl | user-acl } [ rule rule-id ] to observe-port observe-port-index

    • Reference a basic ACL, an advanced ACL, or a named ACL (in IPv6).

      traffic-mirror [ vlan vlan-id ] inbound acl ipv6 { bas-acl | adv-acl | name acl-name } [ rule rule-id ] to observe-port observe-port-index

    • Reference a Layer 2 ACL and any one of a basic ACL, an advanced ACL, and a named ACL (in IPv4).

      traffic-mirror [ vlan vlan-id ] inbound acl l2-acl [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] to observe-port observe-port-index

    • Reference any one of a basic ACL and an advanced ACL and any one of a Layer 2 ACL and a named ACL (in IPv4).

      traffic-mirror [ vlan vlan-id ] inbound acl { bas-acl | adv-acl } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] to observe-port observe-port-index

    • Reference a named ACL and any one of a basic ACL, an advanced ACL, a Layer 2 ACL, and a named ACL (in IPv4).

      traffic-mirror [ vlan vlan-id ] inbound acl name acl-name [ rule rule-id ] acl { bas-acl | adv-acl | l2-acl | name acl-name } [ rule rule-id ] to observe-port observe-port-index

  • On an interface (First, run the interface interface-type interface-number command to enter the interface view)

    • Reference a basic ACL, an advanced ACL, a named ACL, a Layer 2 ACL, or a user-defined ACL (in IPv4).

      traffic-mirror inbound acl { bas-acl | adv-acl | name acl-name | l2-acl | user-acl } [ rule rule-id ] to observe-port observe-port-index

    • Reference a basic ACL, an advanced ACL, or a named ACL (in IPv6).

      traffic-mirror inbound acl ipv6 { bas-acl | adv-acl | name acl-name } [ rule rule-id ] to observe-port observe-port-index

    • Reference a Layer 2 ACL and any one of a basic ACL, an advanced ACL, and a named ACL (in IPv4).

      traffic-mirror inbound acl l2-acl [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] to observe-port observe-port-index

    • Reference any one of a basic ACL and an advanced ACL and any one of a Layer 2 ACL and a named ACL (in IPv4).

      traffic-mirror inbound acl { bas-acl | adv-acl } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] to observe-port observe-port-index

    • Reference a named ACL and any one of a basic ACL, an advanced ACL, a Layer 2 ACL, and a named ACL (in IPv4).

      traffic-mirror inbound acl name acl-name [ rule rule-id ] acl { bas-acl | adv-acl | l2-acl | name acl-name } [ rule rule-id ] to observe-port observe-port-index

Verifying the Configuration

# Run the display port-mirroring command to view the mirroring configuration. The following is a sample command output.

<HUAWEI> display port-mirroring
 ----------------------------------------------------------------------
  Observe-port 1 : GigabitEthernet0/0/1
  Observe-port 2 : GigabitEthernet0/0/2
  Observe-port 3 : GigabitEthernet0/0/3
  Observe-port 4 : GigabitEthernet0/0/4
  ----------------------------------------------------------------------
  Port-mirror:
  ----------------------------------------------------------------------
       Mirror-port               Direction  Observe-port
  ----------------------------------------------------------------------
  1    GigabitEthernet0/0/15     Inbound    Observe-port 1
  ----------------------------------------------------------------------
  Stream-mirror:
  ----------------------------------------------------------------------
       Behavior                  Direction  Observe-port
  ----------------------------------------------------------------------
  1    b1                        -          Observe-port 2
  ----------------------------------------------------------------------
  Vlan-mirror:
  ----------------------------------------------------------------------
  Mirror-vlan              Direction     Observe-port
  ----------------------------------------------------------------------
  10                       Inbound       Observe-port 3
  ----------------------------------------------------------------------
  Mac-mirror:
  ----------------------------------------------------------------------
  Mirror-mac       Vlan    Direction     Observe-port
  ----------------------------------------------------------------------
  0001-0001-0001   10      Inbound       Observe-port 4
  ----------------------------------------------------------------------
Parent Topic: Configuring Mirroring
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic