Example for Configuring Local VLAN Mirroring

Local VLAN Mirroring Overview

In local VLAN mirroring, an observing port is directly connected to a monitoring device and forwards the packets copied from a VLAN to the monitoring device for analysis.

Configuration Notes

You must dedicate observing ports for mirroring use and do not configure other services on them to prevent mirrored traffic and other service traffic from affecting each other. Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.
If the mirroring function is deployed on many ports of a device, a great deal of internal forwarding bandwidth will be occupied, which affects the forwarding of other services. Additionally, if the mirrored port bandwidth is higher than the observing port bandwidth, for example, 1000 Mbit/s on a mirrored port and 100 Mbit/s on an observing port, the observing port will fail to forward all mirrored packets in a timely manner because of insufficient bandwidth, leading to packet loss.
VLAN mirroring applies only to inbound packets.
For the applicable products and versions of this configuration example, see Applicable product models and versions.

Networking Requirements

As shown in Figure 1, all the hosts of a company access the Internet through the Switch and belong to VLAN 10. The monitoring device Server is directly connected to the Switch.

Internet access traffic of all the hosts needs to be monitored through the Server.

Figure 1 Local VLAN mirroring networking

Configuration Roadmap

Create VLAN 10 on the Switch and add the ports that connect the Switch to hosts to VLAN 10 so that the hosts can communicate with the Switch at Layer 2.
Configure GE0/0/4 of the Switch as a local observing port to forward mirrored packets to the Server.
Configure VLAN 10 as a mirrored VLAN to copy Internet access traffic of all the hosts in VLAN 10 to the local observing port.

Procedure

Add ports to a VLAN.

# Create VLAN 10 on the Switch and add GE0/0/1 through GE0/0/3 to VLAN 10.

<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 10
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type access     //Set the link type of the host-side interface to access. The default link type of interfaces is not access.
[Switch-GigabitEthernet0/0/1] port default vlan 10
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type access     //Set the link type of the host-side interface to access. The default link type of interfaces is not access.
[Switch-GigabitEthernet0/0/2] port default vlan 10
[Switch-GigabitEthernet0/0/2] quit
[Switch] interface gigabitethernet 0/0/3
[Switch-GigabitEthernet0/0/3] port link-type access     //Set the link type of the host-side interface to access. The default link type of interfaces is not access.
[Switch-GigabitEthernet0/0/3] port default vlan 10
[Switch-GigabitEthernet0/0/3] quit

Configure an observing port.

# Configure GE0/0/4 of the Switch as a local observing port.

[Switch] observe-port 1 interface gigabitethernet 0/0/4     //Configure GE0/0/4 as local observing port 1.

Configure a mirrored VLAN.

# On the Switch, configure VLAN 10 as a mirrored VLAN and copy the packets received by all the ports in VLAN 10 to the local observing port.

[Switch] vlan 10
[Switch-vlan10] mirroring to observe-port 1 inbound     //Mirror incoming packets on all the interfaces in VLAN 10 to observing port 1.
[Switch-vlan10] return

Verify the configuration.

# Check the observing port configuration.

<Switch> display observe-port
  ----------------------------------------------------------------------
  Index          : 1
  Untag-packet   : No
  Interface      : GigabitEthernet0/0/4
  ----------------------------------------------------------------------

# Check the mirroring configuration.

<Switch> display port-mirroring
  ----------------------------------------------------------------------
  Observe-port 1 : GigabitEthernet0/0/4
  ----------------------------------------------------------------------
  Vlan-mirror:
  ----------------------------------------------------------------------
  Mirror-vlan              Direction     Observe-port
  ----------------------------------------------------------------------
  10                       Inbound       Observe-port 1
  ----------------------------------------------------------------------

Configuration Files

Configuration file of the Switch

#
sysname Switch
#
vlan batch 10
#
observe-port 1 interface GigabitEthernet0/0/4
#
vlan 10
 mirroring to observe-port 1 inbound
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 10
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 10
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 10
#
return

Applicable product models and versions

Product	Product Model	Software Version
S2700	S2700-52P-EI, S2700-52P-PWR-EI	V100R006C05
	S2720-EI	V200R006C10, V200R009C00, V200R010C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10
	S2750-EI	V200R003C00, V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
S3700	S3700-SI	V100R006C05
	S3700-EI	V100R006C05
	S3700-HI	V200R001C00
S5700	S5700-LI	V200R001C00, V200R002C00, V200R003(C00&C02&C10), V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S5700S-LI	V200R001C00, V200R002C00, V200R003C00, V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S5710-C-LI	V200R001C00
	S5710-X-LI	V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00
	S5700-SI	V200R001C00, V200R002C00, V200R003C00, V200R005C00
	S5700-EI	V200R001(C00&C01), V200R002C00, V200R003C00, V200R005(C00&C01&C02&C03)
	S5710-EI	V200R001C00, V200R002C00, V200R003C00, V200R005(C00&C02)
	S5700-HI	V200R001(C00&C01), V200R002C00, V200R003C00, V200R005(C00SPC500&C01&C02)
	S5710-HI	V200R003C00, V200R005(C00&C02&C03)
	S5720-LI, S5720S-LI	V200R010C00, V200R011C00, V200R011C10, V200R012(C00&C20), V200R013C00, V200R019C00, V200R019C10
	S5720-SI, S5720S-SI	V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10
	S5720I-SI	V200R012C00, V200R013C00, V200R019C00, V200R019C10
	S5730-SI	V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10
	S5730S-EI	V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10
	S5720-EI	V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10
	S5735-L, S5735S-L	V200R019C00, V200R019C10
	S5735S-L-M	V200R019C00, V200R019C10
	S5735-S, S5735S-S	V200R019C00, V200R019C10
S5700	S5735-S-I	V200R019C10
S5700	S5720-HI, S5730-HI, S5731-H, S5731S-H, S5731-S, S5731S-S	V200R019C10
S5700	S5732-H	V200R019C10, V200R019C20
S6700	S6700-EI	V200R001(C00&C01), V200R002C00, V200R003C00, V200R005(C00&C01&C02)
	S6720-LI, S6720S-LI	V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10
	S6720-SI, S6720S-SI	V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10
	S6720-EI	V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10
	S6720S-EI	V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10
S6700	S6720-HI, S6730-H, S6730S-H, S6730-S, S6730S-S	V200R019C10
S7700	S7703, S7706, S7712	V200R019C10
	S7706 PoE	V200R019C10
	S7703 PoE	V200R019C10

For details about software mappings, visit Hardware Query Tool and search for the desired product model.