Example for Configuring EVC Port Mirroring

This section provides an example for configuring port mirroring on an EVC Layer 2 sub-interface.

Networking Requirements

On the network shown in Figure 1, users in communities 1 and 2 run Internet, IPTV, and VoIP services. To facilitate management, network administrators add the same services into the same VLAN and different services into different VLANs. An EVC model is used so that community 1 and community 2 can communicate with each other.

For the sake of security, VLAN 10 traffic transmitted from CE1 to PE1 through subinterface1.1 needs to be monitored and analyzed. inerface2 is configured as the observing port, and subinterface1.1 is configured as the mirrored port. All the traffic from subinterface1.1 is copied to inerface2 and forwarded to the analyser for analysis.

Figure 1 EVC port mirroring
  • The configurations in this example are performed on CE1, CE2, PE1, and PE2. HUAWEI NetEngine 8000 F Series only function as PE1.

  • Interfaces 1 through 4, sub-interface 1.1, and sub-interface 1.2 in this example represent GE 0/1/1, GE 0/1/9, GE 0/1/2, GE 0/1/3, GE 0/1/1.1, and GE 0/1/1.2, respectively.


Precautions

All services in the VLANs are located on the same network segment.

Configuration Roadmap

An EVC model is used. The EVC Layer 2 sub-interface GE 0/1/1.1 is configured as a mirrored port, and GE 0/1/9 is configured as an observing port. Traffic on GE 0/1/1.1 is copied to GE 0/1/91 and then forwarded to the analyser.

The configuration roadmap is as follows:

  1. Create an EVC model so that community 1 and community 2 can communicate with each other.
  2. Configure GE 0/1/9 on PE1 as an observing port.
  3. Configure GE 0/1/1.1 on PE1 as a mirrored port.
  4. Associate the mirrored port with the observing port and start port mirroring for traffic on GE 0/1/1.1.

Data Preparation

To complete the configuration, you need the following data:
  • Number of each interface connecting each device to users
  • Number of each interface connecting each device to another device
  • IDs of VLANs to which services belong
  • BD ID
  • Name of a mirroring instance
  • Number of the mirrored port
  • Number of the observing port

Procedure

  1. Create an EVC model so that community 1 and community 2 can communicate with each other.

    # Configure CE1.

    <HUAWEI> system-view
[~HUAWEI] sysname CE1
[*HUAWEI] commit
[~CE1] vlan 10
[*CE1-vlan10] quit
[*CE1] interface gigabitethernet 0/1/1
[*CE1-GigabitEthernet0/1/1] undo shutdown
[*CE1-GigabitEthernet0/1/1] portswitch
[*CE1-GigabitEthernet0/1/1] port link-type access
[*CE1-GigabitEthernet0/1/1] port default vlan 10
[*CE1-GigabitEthernet0/1/1] quit
[*CE1] interface gigabitethernet 0/1/2
[*CE1-GigabitEthernet0/1/2] undo shutdown
[*CE1-GigabitEthernet0/1/2] portswitch
[*CE1-GigabitEthernet0/1/2] port link-type trunk
[*CE1-GigabitEthernet0/1/2] port trunk allow-pass vlan 10
[*CE1-GigabitEthernet0/1/2] quit
[*CE1] commit

    # Configure CE2.

    <HUAWEI> system-view
[~HUAWEI] sysname CE2
[*HUAWEI] commit
[~CE2] vlan batch 10 30
[*CE2] interface gigabitethernet 0/1/1
[*CE2-GigabitEthernet0/1/1] undo shutdown
[*CE2-GigabitEthernet0/1/1] portswitch
[*CE2-GigabitEthernet0/1/1] port link-type access
[*CE2-GigabitEthernet0/1/1] port default vlan 30
[*CE2-GigabitEthernet0/1/1] quit
[*CE2] interface gigabitethernet 0/1/3
[*CE2-GigabitEthernet0/1/3] undo shutdown
[*CE2-GigabitEthernet0/1/3] portswitch
[*CE2-GigabitEthernet0/1/3] port link-type access
[*CE2-GigabitEthernet0/1/3] port default vlan 10
[*CE2-GigabitEthernet0/1/3] quit
[*CE2] interface gigabitethernet 0/1/2
[*CE2-GigabitEthernet0/1/2] undo shutdown
[*CE2-GigabitEthernet0/1/2] portswitch
[*CE2-GigabitEthernet0/1/2] port link-type trunk
[*CE2-GigabitEthernet0/1/2] port trunk allow-pass vlan 10 30
[*CE2-GigabitEthernet0/1/2] quit
[*CE2] commit

    # Configure PE1.

    <HUAWEI> system-view
[~HUAWEI] sysname PE1
[*HUAWEI] commit
[~PE1] bridge-domain 10
[~PE1-bd10] quit
[*PE1] interface gigabitethernet 0/1/1
[*PE1-GigabitEthernet0/1/1] undo shutdown
[*PE1-GigabitEthernet0/1/1] quit
[*PE1] interface gigabitethernet 0/1/1.1 mode l2
[*PE1-GigabitEthernet0/1/1.1] encapsulation dot1q vid 10
[*PE1-GigabitEthernet0/1/1.1] bridge-domain 10
[*PE1-GigabitEthernet0/1/1.1] quit
[~PE1] interface gigabitethernet 0/1/2
[*PE1-GigabitEthernet0/1/2] undo shutdown
[*PE1-GigabitEthernet0/1/2] quit
[*PE1] interface gigabitethernet 0/1/2.1 mode l2
[*PE1-GigabitEthernet0/1/2.1] encapsulation dot1q vid 10
[*PE1-GigabitEthernet0/1/2.1] bridge-domain 10
[*PE1-GigabitEthernet0/1/2.1] commit
[~PE1-GigabitEthernet0/1/2] quit

    # Configure PE2.

    <HUAWEI> system-view
[~HUAWEI] sysname PE2
[*HUAWEI] commit
[~PE2] bridge-domain 10
[~PE2-bd10] quit
[*PE2] interface gigabitethernet 0/1/1
[*PE2-GigabitEthernet0/1/1] undo shutdown
[*PE2-GigabitEthernet0/1/1] quit
[*PE2] interface gigabitethernet 0/1/1.1 mode l2
[*PE2-GigabitEthernet0/1/1.1] encapsulation dot1q vid 10
[*PE2-GigabitEthernet0/1/1.1] bridge-domain 10
[*PE2-GigabitEthernet0/1/1.1] quit
[*PE2] interface gigabitethernet 0/1/1.2 mode l2
[*PE2-GigabitEthernet0/1/1.2] encapsulation dot1q vid 30
[*PE2-GigabitEthernet0/1/1.2] rewrite map 1-to-1 vid 10
[*PE2-GigabitEthernet0/1/1.2] bridge-domain 10
[*PE2-GigabitEthernet0/1/1.2] quit
[~PE2] interface gigabitethernet 0/1/2
[*PE2-GigabitEthernet0/1/2] undo shutdown
[*PE2-GigabitEthernet0/1/2] quit
[*PE2] interface gigabitethernet 0/1/2.1 mode l2
[*PE2-GigabitEthernet0/1/2.1] encapsulation dot1q vid 10
[*PE2-GigabitEthernet0/1/2.1] bridge-domain 10
[*PE2-GigabitEthernet0/1/2.1] commit
[~PE2-GigabitEthernet0/1/2] quit

  2. Configure GE 0/1/9 on PE1 as an observing port.

    [*PE1] interface gigabitethernet 0/1/9
[*PE1-GigabitEthernet0/1/9] port-observing observe-index 1
[*PE1-GigabitEthernet0/1/9] commit
[~PE1-GigabitEthernet0/1/9] quit

  3. Configure GE 0/1/1.1 on PE1 as a mirrored port.

    [*PE1] mirror instance evcto201 location
[*PE1] commit
[*PE1] interface gigabitethernet 0/1/1.1 mode l2
[*PE1-GigabitEthernet0/1/1.1] port-mirroring instance evcto201  inbound  vid 10 identifier none
[*PE1-GigabitEthernet0/1/1.1] commit
[~PE1-GigabitEthernet0/1/1.1] quit

  4. Associate the mirrored port with the observing port

    [*PE1] slot 1
[*PE1-slot1] mirror to observe-index 1
[*PE1-slot1] commit
[~PE1-slot1] quit

  5. Verify the configuration.

    After completing the configuration, run the display bridge-domain command to view bridge domain information, including the bridge domain to which an EVC Layer 2 sub-interface belongs and the bridge domain status. The following example uses the command output on PE1.

    [~PE1] display bridge-domain
The total number of bridge-domains is : 1
--------------------------------------------------------------------------------
MAC_LRN: MAC learning;         STAT: Statistics;         SPLIT: Split-horizon;
BC: Broadcast;                 MC: Unknown multicast;    UC: Unknown unicast;
*down: Administratively down;  FWD: Forward;             DSD: Discard;
--------------------------------------------------------------------------------

BDID  State MAC-LRN STAT    BC  MC  UC  SPLIT   Description
--------------------------------------------------------------------------------
10    up    enable  disable FWD FWD FWD disable

    Run the display ethernet uni information command to view information about the traffic encapsulation type and behavior configured on an EVC Layer 2 sub-interface. The following example uses the command output on PE2.

    [~PE2] display ethernet uni information
  GigabitEthernet0/1/1.1
    Total encapsulation number: 1
      encapsulation dot1q vid 10
    No action
  GigabitEthernet0/1/1.2
    Total encapsulation number: 1
      encapsulation dot1q vid 30
    Rewrite map 1-to-1 vid 10
  GigabitEthernet0/1/2.1
    Total encapsulation number: 1
      encapsulation dot1q vid 10
    No action

    Community 1 and community 2 can communicate with each other.

    Run the display mirror instance [ instance-name ] location command. The command output shows the configuration of a port mirroring instance on an EVC Layer 2 sub-interface.

    [~PE1] display mirror instance location
instance evcto201 
    car                   : -

Configuration Files

  • PE1 configuration file

    #
sysname PE1
#
mirror instance evcto201 location
#
slot 1 
 mirror to observe-index 1
#
interface GigabitEthernet0/1/1
 undo shutdown
#
interface GigabitEthernet0/1/1.1 mode l2
 encapsulation dot1q vid 10
 bridge-domain 10
 port-mirroring instance evcto201 inbound vid 10 identifier none
#
interface GigabitEthernet0/1/2
 undo shutdown
#
interface GigabitEthernet0/1/2.1 mode l2
 encapsulation dot1q vid 10
 bridge-domain 10
#
interface GigabitEthernet0/1/9
 port-observing observe-index 1
#
return

  • PE2 configuration file

    #
sysname PE2
#
interface GigabitEthernet0/1/1
 undo shutdown
#
interface GigabitEthernet0/1/1.1 mode l2
 encapsulation dot1q vid 10
 bridge-domain 10
#
interface GigabitEthernet0/1/1.2 mode l2
 encapsulation dot1q vid 30
 rewrite map 1-to-1 vid 10
 bridge-domain 10
#
interface GigabitEthernet0/1/2
 undo shutdown
#
interface GigabitEthernet0/1/2.1 mode l2
 encapsulation dot1q vid 10
 bridge-domain 10
#
return

  • CE1 configuration file

    #
sysname CE1
#
vlan batch 10
#
interface GigabitEthernet0/1/1
 portswitch
 undo shutdown
 port link-type access
 port default vlan 10
#
interface GigabitEthernet0/1/2
 portswitch
 undo shutdown
 port link-type trunk
 port trunk allow-pass vlan 10
#
return

  • CE2 configuration file

    #
sysname CE1
#
vlan batch 10 30
#
interface GigabitEthernet0/1/1
 portswitch
 undo shutdown
 port link-type access
 port default vlan 30
#
interface GigabitEthernet0/1/2
 portswitch
 undo shutdown
 port link-type trunk
 port trunk allow-pass vlan 10 30
#
interface GigabitEthernet0/1/3
 portswitch
 undo shutdown
 port link-type access
 port default vlan 10
#
return
Parent Topic: Configuration Examples for Mirroring
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >