The observe-filter command configures filtering rules for packet mirroring.
The undo observing-filter command deletes the configured filtering rules.
By default, no filtering rule is configured. That is, all the packets received on the mirroring port are mirrored.
observe-filter filter-index local { dst-ip dst-ip-address dst-mask | dst-mac dst-mac-address | dst-port dst-port | ether-type type-value | { ip-protocol ip-protocol-number | ppp-protocol ppp-protocol-number } | pppoe-session session-id | src-ip src-ip-address src-mask | src-mac src-mac-address | src-port src-port | vlan vlan-id } *
undo observe-filter { filter-index | all }
| Parameter | Description | Value |
|---|---|---|
| filter-index |
Specifies the index of the filtering rule. |
The value ranges from 0 to 7. |
| local |
Configures filtering rules for local mirroring. |
- |
| dst-ip dst-ip-address dst-mask |
Filters packets according to their destination IP addresses. |
The value is in dotted decimal notation. |
| dst-mac dst-mac-address |
Filters packets according to their destination MAC addresses. |
The value is in the H-H-H format, where H represents a random four-digit hexadecimal number. |
| dst-port dst-port |
Filters packets according to their destination interface numbers. |
The value ranges from 0 to 65535. |
| ether-type type-value |
Specifies the Ethernet packet type. |
The value is a hexadecimal number ranging from 0 to FFFF. |
| ip-protocol ip-protocol-number |
Indicates the IP type. |
The value ranges from 1 to 255. |
| ppp-protocol ppp-protocol-number |
Indicates the PPP type. |
The value is a hexadecimal numeral ranging from 0 to FFFF. |
| pppoe-session session-id |
Filters packets according to PPPoE session IDs. |
The value ranges from 1 to 65535. |
| src-ip src-ip-address src-mask |
Filters packets according to their source IP addresses. |
The value is in dotted decimal notation. |
| src-mac src-mac-address |
Filters packets according to their source MAC addresses. |
The value is in the H-H-H format; H is a four-digit hexadecimal numeral. |
| src-port src-port |
Filters packets according to the source interface numbers. |
The value ranges from 0 to 65535. |
| vlan vlan-id |
Specifies the ID of a VLAN. |
The value ranges from 1 to 4094. |
Usage Scenario
When observing packets through mirroring, you can filter packets according to certain conditions. In this manner, only the packets meeting a certain condition can be observed. You can filter packets according to conditions such as source IP addresses, destination IP addresses, source MAC addresses, destination MAC addresses, source interface numbers, destination interface numbers, Ethernet packet types, IP/PPP protocol types, PPPoE session IDs, and VLAN IDs. You can also filter packets according to multiple conditions.
If the observing port does not need to output all the mirrored packets, you can filter out the packets that the customer does not require. When a Layer 2 filtering rule is configured using the observe-filter command and the observing port is a sub-interface and does not have the port-observing with-linklayer-header command configured, packets matching the rule are dropped, and the observing port cannot receive packets.Precautions
Configured filtering rules take effect only for local port mirroring.
This command must be configured in the slot view. In VS mode, it can be configured only for admin VS and takes effect for mirroring configurations on the board in all VSs.