The USG2000 & 5000 & 6000 series is configured with port mirroring.

18

Note:
Enabling the port mirroring feature helps to locate the network, but because the function may affect the performance of the device to a certain extent, use it with caution.
After the network problem is finished, turn off port mirroring.
To prevent the problem that the mirroring packets can not be received due to the different transmission rate of the interface, make sure that the transmission rate of the observing port and the mirroring port are the same.

Steps
1. Run the system-view command to enter the system view.
2, the implementation of the command observing-port observing-port, configure the observation port.
The observing port is a non-service interface for transmitting traffic packets that are mirrored to the port. You can observe the packets passing through the corresponding port through the observing port.
Run the port-mirroring mirroring-port {both | inbound | outbound} observing-port [acl-number acl-number] command to enable port mirroring.
The mirroring port is a service port for sending and receiving service packets. Before you enable port mirroring, the corresponding observing port must already be configured with the observing-port command.

Other related questions:
Configuring port mirroring on the USG2000&5000&6000 series
Note: Enabling port mirroring helps locate network faults. However, this function compromises device performance. Exercise caution when you use this function. Disable port mirroring immediately after fault location. Different transmission rates cause failure to completely receive all mirroring packets. To avoid this problem, ensure that the transmission rates of the observing port and the mirroring port are the same. Operation steps 1. Run the system-view command to access the system view. 2. Run the observing-port observing-port command to configure the observing port. The observing port is a non-service port and transmits service packets mirrored to this port. You can observe packets passing through the corresponding mirroring port through the observing port. 3. Run the port-mirroring mirroring-port { both | inbound | outbound } observing-port [ acl-number acl-number ] command to enable port mirroring. Specify the mirroring port as a service port for sending and receiving service packets. Before you enable port mirroring, ensure that the observing port has been configured using the observing-port command.

Configuring telneting to other devices on the USG2000&5000&6000
USG2000&5000&6000  configure telneting to other devices as follows:

To manage other intranet devices with the firewall as a springboard, perform as follows:

telnet 192.168.101.231 
14:33:04  2011/03/26 
Trying 192.168.101.231 ... 
Press CTRL+T to abort

In this way, you can perform operations on other devices.

Meaning of port mirroring for the USG2000&5000 series
To locate network problems by capturing and analyzing session packets without interrupting services, you should configure port mirroring. Port mirroring copies packets on the specified service interface to a non-service interface. When a session is abnormal, you can locate the fault by viewing the protocol analyzer connected to the non-service interface without affecting services. The service interface is known as the mirroring port and the non-service interface known as the observing port.

Configuring a MAC address-based ACL on the USG2000&5000&6000
1. Run the system-view command to access the system view. 2. Run the acl [ number ] acl-number command to create a MAC address-based ACL and access the ACL view. An ACL whose number ranges from 4000 to 4999 is a MAC address-based ACL. 3. (Optional) Run the description text command to configure a description for the ACL. Appropriate descriptions of ACLs help you to further manage the ACLs. 4. (Optional) Run the step step-value command to configure an ACL step. The default value is 5. After you set a step for the ACL, the system can automatically assign rule IDs if you do not specify the rule IDs. The automatically assigned rule IDs are multiple of the step in ascending order. The step allows you to insert rules between two rules. You can set a step for an ACL only when no rule is configured for the ACL. After you configure an ACL rule, you are not allowed to change the step. 5. Run the rule [ rule-id ] { permit | deny } [ cos cos | dest-mac destination-address destination-mac-wildcard | source-mac source-address source-mac-wildcard | type { type-code | type-name } ] * [ description description ] command to create a rule for the MAC address-based ACL. - If rule-id is not specified during the configuration, a new rule is added. In this case, the system automatically assigns a minimum number that is larger than the maximum number of the existing rule and integer times of the step to the new rule according to the step. For example, if the maximum number of the existing rule is 21 and the step is 5, the system assigns number 25 to the new rule. - If rule-id is specified and the related rule with the same ID exists, the existing rule is edited. If no related rule with the same ID exists, a new rule is added and inserted to the corresponding position according to its rule-id. - A new or modified rule should be different from any existing one; otherwise, the creation or modification fails and the system prompts you that the rule already exists.

Default levels of the USG2000&5000&6000 administrators
The default level of the administrators of all USG series is empty. You need to configure the level and permission of each user.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top