Configuring a Mirrored Port

To analyze traffic sent or received on an interface, configure this interface as a mirrored port.

Context

You can configure the mirrored port in common mode or mirroring instance mode.

  • The common mode supports interface-based mirroring, and the mirroring instance mode supports only board-based mirroring.

  • CAR can be implemented for mirrored traffic in both modes. In common mode, CAR is implemented on each interface. In mirroring instance mode, a shared CAR can be configured in a mirroring instance and applies to different interfaces bound to the mirroring instance, which simplifies configuration and optimizes CAR resource usage.

  • A shared instance can be configured for multiple interfaces. To be specific, multiple interfaces can share a mirroring instance. This feature allows more interfaces to support port mirroring when the mirroring specification is insufficient.

Table 1 Interfaces supporting local mirroring

Interface Type

Mirrored Port

Observing Port

Layer 3 Ethernet main interfaces (including Eth-Trunk interfaces and a Layer 3 main interface configured as a BAS main interface)

Supported

Supported

BAS interface
Supported
NOTE:

When a VE interface functions as a BAS interface, local flow mirroring is supported only on the access VE interface in hardware loopback mode.

Not supported

Ethernet sub-interfaces (including Eth-Trunk interfaces)
Supported
NOTE:

After a sub-interface is configured as a dot1q, dot1q VLAN tag termination, QinQ VLAN tag termination, EVC, or BAS sub-interface, the sub-interface still supports mirroring.

Supported

NOTE:

After a sub-interface is configured as a dot1q VLAN tag termination, QinQ VLAN tag termination, or BAS sub-interface, the sub-interface does not support be configured as an observing port.

The observing port can only be configured on the EVC sub-interface with untag or dot1q traffic encapsulation type.

Procedure

  • Common mirroring mode
    1. Run system-view

      The system view is displayed.

    2. (Optional) Run observe user-defined-filter id { offset offset-value value value value-mask } &<1-4>

      A user-defined any byte matching rule for packet mirroring is configured.

    3. Run interface interface-type interface-number

      The interface view is displayed.

    4. Perform either of the following configurations based on requirements:

      • Run the port-mirroring { inbound [ cpu-packet ] | outbound } [ user-defined-filter user-defined-filter-id ] command to configure port mirroring.

        If the cpu-packet keyword is configured, only packets to be sent to the CPU are mirrored on the interface.

      • Run the port-mirroring { inbound | outbound } vlan vlan-id1 [ to vlan-id2 ] command to configure VLAN-based mirroring.
      • Run the port-mirroring { inbound | outbound } pe-vid low-vid [ to high-vid ] ce-vid ce-vlan-id-begin [ to ce-vlan-id-end ] command to configure mirroring based on VLAN segments for inner and outer VLAN tags.

    5. (Optional) Run port-mirroring without-linklayer-header

      The mirrored port is configured to mirror packets from Layer 3 headers.

      After this command is configured on the mirrored port, the port-observing observe-index observe-index without-filter command must be configured on the observing port.

    6. Run commit

      The configuration is committed.

  • Mirroring instance mode
    1. To apply the mirroring instance mode to a Layer 2 EVC sub-interface:

      1. Run system-view

        the system view is displayed.

      2. Run mirror instance instance-name location

        A mirroring instance is created.

      3. Run commit

        The configuration is committed.

      4. Run interface interface-type interface-number.subnum mode l2

        The EVC Layer 2 sub-interface view is displayed.

      5. Run any of the following commands to configure a mirroring instance.

        • If the encapsulation type of an EVC Layer 2 sub-interface is QinQ, run port-mirroring instance instance-name { inbound | outbound } [ pe-vid pe-vlan-id ce-vid ce-vlan-id-begin [to ce-vlan-id-end ] ] identifier { none | pe-vid | ce-vid | pe-ce-vid } [ group group-name ]

        • If the encapsulation type of an EVC Layer 2 sub-interface is dot1q, run port-mirroring instance instance-name { inbound | outbound } [ vid vlan-id-begin [to vlan-id-end ] ] identifier { none | vid } [ group group-name ]

        • If the encapsulation type of an EVC Layer 2 sub-interface is Untag or Default, run port-mirroring instance instance-name { inbound | outbound } [ group group-name ]

      6. Run commit

        The configuration is committed.

    2. To apply the mirroring instance mode to a BD:

      1. Run system-view

        the system view is displayed.

      2. Run mirror instance instance-name location

        A mirroring instance is created.

      3. Run commit

        The configuration is committed.

      4. Run bridge-domain bd-id

        The Bridge domain view is displayed.

      5. Run port-mirroring instance instance-name { inbound | outbound } [ group group-name ]

        The traffic in the BD is observed.

      6. Run commit

        The configuration is committed.

Parent Topic: Configuring Port Mirroring
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >