observe-port (Layer 2 remote observing port)

Usage Scenario

In Layer 2 remote mirroring, a monitoring device and the device where an observing port resides are connected through a Layer 2 network. The device where the observing port resides adds a specified VLAN tag to mirrored packets, and then the observing port broadcasts the mirrored packets in the Layer 2 remote mirroring VLAN so that the monitoring device can receive the mirrored packets. There are two modes for configuring observing ports: configure a single observing port and configure an observing port group. Observing port group is often used in 1:N mirroring to simplify the configuration and save observing port indexes. This is because an observing port group occupies only one observing port index regardless of how many ports are configured in the group.

Precautions

• The management interface cannot be configured as an observing port.

• If you configure observing ports without specifying observe-port-index, the system selects the smallest unused indexes and assigns the indexes to the observing ports in sequence.
• In 1:N mirroring, if you configure packets (in the inbound or outbound direction) on a mirrored port to be copied to an observing port group, the packets cannot be copied to other observing ports.
• On the S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S5735-S-I, S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S, both Ethernet ports and Eth-Trunks can be configured as observing ports. On other devices, only Ethernet ports can be configured as observing ports.
• An observing port in blocked state can still forward mirrored traffic.
• You must dedicate observing ports for mirroring use and do not configure other services on them to prevent mirrored traffic and other service traffic from affecting each other. Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.

• An Eth-Trunk on the S5720-EI, S6720-EI, and S6720S-EI can meet at most three of the following conditions simultaneously:
  • The Eth-Trunk is a Layer 2 interface, or the working mode of the Eth-Trunk is changed from Layer 3 to Layer 2 using the portswitch or portswitch batch command.
  • The Eth-Trunk is configured as a Layer 2 remote observing port using the observe-port command.
  • The operating mode of the spanning tree protocol is set to VBST on the switch using the stp mode command.
  • VBST is enabled on the Eth-Trunk using the stp enable command.
• The mac-address learning disable command must be run in the VLAN view to disable the MAC address learning function in VLANs on all the intermediate devices between the monitoring device and the observing port. Otherwise, mirrored traffic will be discarded on the intermediate devices.