traffic-mirror (system view)

Function

The traffic-mirror command configures ACL-based flow mirroring globally or in a VLAN.

The undo traffic-mirror command cancels ACL-based flow mirroring globally or in a VLAN.

By default, ACL-based flow mirroring is not configured globally or in a VLAN.

Format

To configure a single ACL, use the following command:

traffic-mirror [ vlan vlan-id ] inbound { acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl | user-acl } } [ rule rule-id ] to observe-port o-index

undo traffic-mirror [ vlan vlan-id ] inbound { acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl | user-acl } } [ rule rule-id ]

If both Layer 2 ACLs and Layer 3 ACLs are configured, use the following command:

traffic-mirror [ vlan vlan-id ] inbound acl l2-acl [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] to observe-port o-index

undo traffic-mirror [ vlan vlan-id ] inbound acl l2-acl [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ]

traffic-mirror [ vlan vlan-id ] inbound acl { bas-acl | adv-acl } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] to observe-port o-index

undo traffic-mirror [ vlan vlan-id ] inbound acl { bas-acl | adv-acl } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ]

traffic-mirror [ vlan vlan-id ] inbound acl name acl-name [ rule rule-id ] acl { bas-acl | adv-acl | l2-acl | name acl-name } [ rule rule-id ] to observe-port o-index

undo traffic-mirror [ vlan vlan-id ] inbound acl name acl-name [ rule rule-id ] acl { bas-acl | adv-acl | l2-acl | name acl-name } [ rule rule-id ]

Parameters

Parameter	Description	Value
vlan vlan-id	Specifies a VLAN ID.	The value is an integer that ranges from 1 to 4094.
inbound	Mirrors packets in the inbound direction.	-
acl	Mirrors packets based on the IPv4 ACL.	-
ipv6	Mirrors packets based on the IPv6 ACL.	-
bas-acl	Mirrors packets based on a specified basic ACL.	The value is an integer that ranges from 2000 to 2999.
adv-acl	Mirrors packets based on a specified advanced ACL.	The value is an integer that ranges from 3000 to 3999.
l2-acl	Mirrors packets based on a specified Layer 2 ACL.	The value is an integer that ranges from 4000 to 4999.
user-acl	Mirrors packets based on a specified user-defined ACL.	The value is an integer that ranges from 5000 to 5999.
name acl-name	Mirrors packets based on a specified named ACL. acl-name specifies the name of the ACL.	The value must be the name of an existing ACL.
rule rule-id	Mirrors packets based on a specified ACL rule.	The value is an integer that ranges from 0 to 4294967294.
to observe-port o-index	Specifies the index of the observing port to which packets are mirrored.	The value is an integer and the value range depends on the product model: S2720-EI, S5720I-SI, S5720-LI, S5735-L, S5735S-L, S5735S-L-M, S5720S-LI, S5720S-SI, S5720-SI, S5735-S, S5735S-S, S5735-S-I, S5730S-EI, S5730-SI, S6720-LI, S6720S-LI, S6720S-SI, and S6720-SI: 1 S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S: 1 to 8

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After the traffic-mirror command is configured, the device can perform flow mirroring or remote flow mirroring, without affecting traffic forwarding.

Prerequisites

An observing port has been created through the observe-port (local mirroring) or observe-port (remote mirroring) command.

Precautions

If name acl-name is specified in the command, you need to run the acl name or acl ipv6 name command to create the corresponding ACL. Otherwise, the ACL-based simplified traffic policy fails to be configured.

If rule rule-id is specified in the command, you need to create an ACL and configure the corresponding rule. Otherwise, the ACL-based simplified traffic policy fails to be configured.

If the traffic-mirror (interface view) and traffic-mirror (system view) commands are used simultaneously, the traffic-mirror (interface view) command takes effect.

Example

# Configure ACL-based flow mirroring in the inbound direction in VLAN 100, and mirror the packets matching ACL 3000 to the observing port with the index of 1.

<HUAWEI> system-view
[HUAWEI] observe-port 1 interface gigabitethernet 0/0/1
[HUAWEI] traffic-mirror vlan 100 inbound acl 3000 to observe-port 1