Traffic mirroring is a feature that copies a specified type of packets received and sent by devices, ports, or VLANs to observing ports connected to monitoring devices. Monitoring devices monitor only the specified type of packets.
Traffic mirroring can be configured based on ACLs and Modular Quality of Service Command-Line Interface (MQC) (complex traffic classification). ACL-based traffic mirroring is easy to configure but supports fewer packets types than MQC-based traffic mirroring and supports only inbound traffic mirroring. MQC-based traffic mirroring is complex to configure but supports more packet types and the inbound, outbound traffic mirroring.
Implementing traffic mirroring using ACLs
-
Configuring an Observing Port. For example, configure a local observing port GE0/0/1 that is directly connected to a monitoring device.
<HUAWEI> system-view [HUAWEI] observe-port 1 interface gigabitethernet 0/0/1
-
Create an ACL. For example, create a Layer 2 ACL to match packets with 802.1p priority 6.
[HUAWEI] acl 4001 [HUAWEI-acl-L2-4001] rule permit 8021p 6 [HUAWEI-acl-L2-4001] quit
-
Configure traffic mirroring. For example:
-
Copy packets with 802.1p priority 6 in the inbound direction of all the ports on the device to observing port GE0/0/1.
[HUAWEI] traffic-mirror inbound acl 4001 to observe-port 1 -
Copy packets with 802.1p priority 6 in the inbound direction of all the ports in VLAN 10 to observing port GE0/0/1.
[HUAWEI] traffic-mirror vlan 10 inbound acl 4001 to observe-port 1 -
Copy packets with 802.1p priority 6 in the inbound direction of GE0/0/2 to observing port GE0/0/1.
[HUAWEI] interface gigabitethernet 0/0/2 [HUAWEI-GigabitEthernet0/0/2] traffic-mirror inbound acl 4001 to observe-port 1
-
Implementing Traffic Mirroring Using Complex Traffic Classification
-
Configuring an Observing Port. For example, configure a local observing port GE0/0/1 that is directly connected to a monitoring device.
<HUAWEI> system-view [HUAWEI] observe-port 1 interface gigabitethernet 0/0/1
-
Create a traffic classifier. For example, create a traffic classifier c1 to match packets with 802.1p priority 6.
[HUAWEI] traffic classifier c1 [HUAWEI-classifier-c1] if-match 8021p 6 [HUAWEI-classifier-c1] quit
-
Create a traffic behavior with the mirroring action. For example, create a traffic behavior b1 and set the action to traffic mirroring.
[HUAWEI] traffic behavior b1 [HUAWEI-behavior-b1] mirroring to observe-port 1 [HUAWEI-behavior-b1] quit
-
Create a traffic policy and bind the traffic classifier and traffic behavior to the traffic policy. For example, create a traffic policy p1 and bind the traffic classifier and traffic behavior to the traffic policy.
[HUAWEI] traffic policy p1 [HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [HUAWEI-trafficpolicy-p1] quit
-
Apply the traffic policy. For example:
-
Copy packets with 802.1p priority 6 in the inbound direction of all the ports on the device to observing port GE0/0/1.
[HUAWEI] traffic-policy p1 global inbound -
Copy packets with 802.1p priority 6 in the inbound direction of all the ports in VLAN 10 to observing port GE0/0/1.
[HUAWEI] vlan 10 [HUAWEI-vlan10] traffic-policy p1 inbound
-
Copy packets with 802.1p priority 6 in the inbound direction of GE0/0/2 to observing port GE0/0/1.
[HUAWEI] interface gigabitethernet 0/0/2 [HUAWEI-GigabitEthernet0/0/2] traffic-policy p1 inbound
-
More Information: S Series Switches Common Operation Guide
