Example for Configuring Layer 2 Remote Port Mirroring
Layer 2 Remote Port Mirroring Overview
In Layer 2 remote port mirroring, an observing port is connected to a monitoring device through a Layer 2 network. After the observing port receives mirrored packets from a mirrored port, the observing port adds a VLAN tag corresponding to the Layer 2 network to the packets and forwards the packets to the Layer 2 network. An intermediate Layer 2 device then sends the packets to the monitoring device.
Configuration Notes
You must dedicate observing ports for mirroring use and do not configure other services on them to prevent mirrored traffic and other service traffic from affecting each other. Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.
If the mirroring function is deployed on many ports of a device, a great deal of internal forwarding bandwidth will be occupied, which affects the forwarding of other services. Additionally, if the mirrored port bandwidth is higher than the observing port bandwidth, for example, 1000 Mbit/s on a mirrored port and 100 Mbit/s on an observing port, the observing port will fail to forward all mirrored packets in a timely manner because of insufficient bandwidth, leading to packet loss.
Both physical interfaces and Eth-Trunks can be configured as mirrored ports. If an Eth-Trunk is configured as a mirrored port, its member ports cannot be configured as observing ports.
The vlan vlan-id parameter will be specified during the configuration of a Layer 2 remote observing port, indicating that the Layer 2 remote observing port can send mirrored packets to the monitoring device through the specified VLAN. In this situation, the Layer 2 remote observing port does not need to be added to the specified VLAN.
All Huawei switch models except S2700-SI and S2710-SI running V100R006C05 support Layer 2 remote port mirroring.
Networking Requirements
As shown in Figure 1, the administrative department of a company accesses the Internet through SwitchA, and the monitoring device Server is connected to SwitchA through SwitchB.
Configuration Roadmap
- Configure GE0/0/2 of SwitchA as a remote observing port to forward mirrored packets to the specified VLAN.
- Configure GE0/0/1 of SwitchA as a mirrored port to copy Internet access traffic of the administrative department to the remote observing port.
- Create a VLAN on SwitchB, disable MAC address learning in this VLAN, and add ports to the VLAN to forward the mirrored packets sent from the observing port to the Server.
Procedure
- Configure an observing port on SwitchA.
# Configure GE0/0/2 of SwitchA as a remote observing port and bind the observing port to VLAN 10.
<HUAWEI> system-view [HUAWEI] sysname SwitchA [SwitchA] observe-port 1 interface gigabitethernet 0/0/2 vlan 10 //Configure GE0/0/2 as remote observing port 1, and add it to VLAN 10.
After the configuration is complete, the observing port forwards mirrored packets to VLAN 10 removing the need to add the observing port to the VLAN.
- Configure a mirrored port on SwitchA.
# Configure GE0/0/1 of SwitchA as a mirrored port to copy the packets received by the mirrored port to the remote observing port.
[SwitchA] interface gigabitethernet 0/0/1 [SwitchA-GigabitEthernet0/0/1] port-mirroring to observe-port 1 inbound //Mirror incoming traffic on GE0/0/1 to observing port 1. [SwitchA-GigabitEthernet0/0/1] return
- Create a VLAN on SwitchB and add ports to the VLAN.
# Create VLAN 10 on SwitchB, disable MAC address learning in this VLAN, and add GE0/0/1 and GE0/0/2 to VLAN 10.
Here, VLAN 10 is used for forwarding only mirrored packets. If VLAN 10 already exists and has learned MAC address entries, run the undo mac-address vlan vlan-id command in the system view to delete all MAC address entries in VLAN 10.
<HUAWEI> system-view [HUAWEI] sysname SwitchB [SwitchB] vlan 10 [SwitchB-vlan10] mac-address learning disable //Disable MAC address learning in this VLAN. [SwitchB-vlan10] quit [SwitchB] interface gigabitethernet 0/0/1 [SwitchB-GigabitEthernet0/0/1] port link-type access //Set the link type of the interface on the monitoring device to access. The default link type of interfaces is not access. [SwitchB-GigabitEthernet0/0/1] port default vlan 10 [SwitchB-GigabitEthernet0/0/1] quit [SwitchB] interface gigabitethernet 0/0/2 [SwitchB-GigabitEthernet0/0/2] port link-type trunk //Set the link type of the interface on the network side to trunk. The default link type of interfaces is not trunk. [SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 10 [SwitchB-GigabitEthernet0/0/2] return
- Verify the configuration.
# Check the observing port configuration.
<SwitchA> display observe-port ---------------------------------------------------------------------- Index : 1 Untag-packet : No Interface : GigabitEthernet0/0/2 Vlan : 10 ----------------------------------------------------------------------
# Check the mirrored port configuration.
<SwitchA> display port-mirroring ---------------------------------------------------------------------- Observe-port 1 : GigabitEthernet0/0/2 ---------------------------------------------------------------------- Port-mirror: ---------------------------------------------------------------------- Mirror-port Direction Observe-port ---------------------------------------------------------------------- 1 GigabitEthernet0/0/1 Inbound Observe-port 1 ----------------------------------------------------------------------
Configuration Files
Configuration file of SwitchA
# sysname SwitchA # observe-port 1 interface GigabitEthernet0/0/2 vlan 10 # interface GigabitEthernet0/0/1 port-mirroring to observe-port 1 inbound # return
Configuration file of SwitchB
# sysname SwitchB # vlan batch 10 # vlan 10 mac-address learning disable # interface GigabitEthernet0/0/1 port link-type access port default vlan 10 # interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 10 # return