Example for Configuring VLAN Port Mirroring
This section provides an example of how to configure VLAN port mirroring.
Networking Requirements
As shown in Figure 1, SwitchA forwards user packets from VLAN 10 and VLAN 20 to Device B. To monitor VLAN 10's user packets that are forwarded to Device B through interface2, configure Device B's interface1 as an observing port. Then, configure port mirroring on interface2 to copy all user packets received on interface2 to interface1. Finally, use HostD to analyze the user packets received on interface1.
- The configurations in this example are performed on Device B and Device C. HUAWEI NetEngine 8000 F Series can function as Device B and Device C.
- Interfaces 1 through 3 in this example represent GE 0/1/0, GE 0/1/16, and GE 0/1/17, respectively.
Device Name |
Interface Name |
Interface IP Address |
Interface MAC Address |
|---|---|---|---|
DeviceB |
GE 0/1/0 |
10.10.1.1/24 |
- |
DeviceB |
GE 0/1/16 |
- |
- |
DeviceB |
GE 0/1/17 |
10.1.1.2/24 |
- |
DeviceC |
GE 0/1/0 |
10.1.1.1/24 |
- |
Configuration Roadmap
The configuration roadmap is as follows:
Configure Device B's GE 0/1/0 as an observing port.
Configure Device B's GE 0/1/16 as a mirroring port, and enable port mirroring.
Data Preparation
To complete the configuration, you need the following data:
Interface types and numbers for an observing port and a mirroring port
Procedure
- Configure router interface IP addresses and ensure route reachability.
- Configure GE 0/1/0 as an observing port.
<DeviceB> system-view [~DeviceB] interface gigabitethernet0/1/0 [*DeviceB-GigabitEthernet0/1/0] port-observing observe-index 1 [*DeviceB-GigabitEthernet0/1/0] commit [~DeviceB-GigabitEthernet0/1/0] quit
- Configure GE 0/1/16 as a mirroring port, and enable inbound traffic mirroring for VLAN 10.
[~DeviceB] vlan 10 [*DeviceB-vlan10] commit [~DeviceB-vlan10] quit [~DeviceB] interface gigabitethernet0/1/16 [~DeviceB-GigabitEthernet0/1/16] portswitch [*DeviceB-GigabitEthernet0/1/16] port default vlan 10 [*DeviceB-GigabitEthernet0/1/16] port-mirroring inbound vlan 10 [*DeviceB-GigabitEthernet0/1/16] commit [~DeviceB-GigabitEthernet0/1/16] quit
- Specify the observing port for GE 0/1/16.
[~DeviceB] interface gigabitethernet0/1/16 [~DeviceB-GigabitEthernet0/1/16] port-mirroring to observe-index 1 [*DeviceB-GigabitEthernet0/1/16] commit [~DeviceB-GigabitEthernet0/1/16] quit
After the preceding configurations are complete, VLAN 10's user packets received on GE 0/1/16 are mirrored to GE 0/1/0.
- Verify the configuration.
To view traffic mirroring information, run the ping command or use other traffic generation methods. For example, you can send 10 ping packets from SwitchA to Device B's GE 0/1/16 and check whether all the 10 ping packets are received on HostD.
Check GE 0/1/0 information on Device B.
<DeviceB> display interface gigabitethernet0/1/0 GigabitEthernet0/1/0 current state : UP Line protocol current state : UP Description:HUAWEI, GigabitEthernet0/1/0 Interface Route Port,The Maximum Transmit Unit is 1500 Internet protocol processing : disabled IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc7d-a497 The Vendor PN is HFBR-5710L Port BW: 1G, Transceiver max BW: 1G, Transceiver Mode: MultiMode WaveLength: 850nm, Transmission Distance: 550m Loopback:none, full-duplex mode, negotiation: disable, Pause Flowcontrol:Send and Receive Enable Statistics last cleared:never Last 300 seconds input rate: 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bits/sec, 0 packets/sec Input: 107628 bytes, 1016 packets Output: 107628 bytes, 1016 packets Input: Unicast: 0, Multicast: 0 Broadcast: 0, JumboOctets: 0 CRC: 0, Symbol: 0 Overrun: 0 , InRangeLength: 0 LongPacket: 0 , Jabber: 0, Alignment: 0 Fragment: 0, Undersized Frame: 0 RxPause: 0 Output: Unicast: 10, Multicast: 0 Broadcast: 0, Jumbo: 0 Lost: 0, Overflow: 0, Underrun: 0 TxPause: 0
Configuration Files
Device B configuration file
# sysname DeviceB vlan 10 # interface GigabitEthernet0/1/16 portswitch port default vlan 10 port-mirroring inbound vlan 10 port-mirroring to observe-index 1 # interface GigabitEthernet0/1/17 ip address 10.1.1.2 255.255.255.0 # interface GigabitEthernet0/1/0 ip address 10.10.1.1 255.255.255.0 port-observing observe-index 1 # return