Configuring HTTP traffic mirroring on S series switches

For S series switches (except S1700 switches), traffic mirroring can be configured to only mirror HTTP traffic with TCP destination port 80. For example, to mirror incoming HTTP traffic (received traffic) with TCP destination port 80 on GE1/0/1 to observing port GE2/0/1, perform the following configurations:
1. Configure GE2/0/1 as an observing port.
[HUAWEI] observe-port 1 interface gigabitethernet 2/0/1
2. Create a traffic classifier to match traffic with TCP destination port 80.
[HUAWEI] acl number 3000
[HUAWEI-acl-adv-3000] rule permit tcp destination-port eq www
[HUAWEI-acl-adv-3000] quit
[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match acl 3000
[HUAWEI-classifier-c1] quit
3. Create a traffic behavior and set the action to traffic mirroring.
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] mirroring to observe-port 1
[HUAWEI-behavior-b1] quit
4. Create a traffic policy, and bind the traffic classifier and traffic behavior to the traffic policy.
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-trafficpolicy-p1] quit
5. Apply the traffic policy to the inbound direction of GE1/0/1.
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] traffic-policy p1 inbound

Scroll to top