Configure local port mirroring on S series switch

3

For S series switches (except S1700 switches), to copy inbound packets (received packets) on port GE2/0/1 to the observing port GE1/0/1, configure local port mirroring as follows:
[HUAWEI] observe-port 1 interface gigabitethernet 1/0/1
[HUAWEI] interface gigabitethernet 2/0/1
[HUAWEI-GigabitEthernet2/0/1] port-mirroring to observe-port 1 inbound

To configure remote port mirroring, see【Configure remote port mirroring on S series switch】Configure remote port mirroring on S series switch.

Other related questions:
Configure local traffic mirroring on S series switch
For S series switches (except S1700 switches), traffic mirroring can be configured based on ACLs and Modular Quality of Service Command-Line Interface (MQC) (complex traffic classification). ACL-based traffic mirroring is easy to configure but supports fewer packet types than MQC-based traffic mirroring and supports only inbound traffic mirroring. MQC-based traffic mirroring is complex to configure but supports more packet types and supports mirroring of both inbound and outbound (packets that are sent) traffic. Depending on whether the mirrored device is directly connected to the monitoring device, traffic mirroring is classified into local and remote traffic mirroring. For example, copy inbound packets with the source IP address of 192.168.10.1 on GE2/0/1 to the observing port GE1/0/1 directly connected to the monitoring device. The configuration procedure is as follows: 1. ACL-based configuration [HUAWEI] observe-port 1 interface gigabitethernet 1/0/1 //Configure the local observing port. [HUAWEI] acl 2001 [HUAWEI-basic-acl-2001] rule permit source 192.168.10.1 0 //Permit packets with the source IP address of 192.168.10.1. [HUAWEI-basic-acl-2001] quit [HUAWEI] interface gigabitethernet 2/0/1 [HUAWEI-GigabitEthernet2/0/1] traffic-mirror inbound acl 2001 to observe-port 1 //Mirror specified packets on GE2/0/1 to the local observing port. 2. MQC-based configuration [HUAWEI] observe-port 1 interface gigabitethernet 1/0/1 //Configure the local observing port. [HUAWEI] acl 2001 [HUAWEI-basic-acl-2001] rule permit source 192.168.10.1 0 [HUAWEI-basic-acl-2001] quit [HUAWEI] traffic classifier c1 //Configure a traffic classifier to match packets with the sources IP address of 192.168.10.1. [HUAWEI-classifier-c1] if-match acl 2001 [HUAWEI-classifier-c1] quit [HUAWEI] traffic behavior b1 //Define traffic mirroring in a traffic behavior. [HUAWEI-behavior-b1] mirroring to observe-port 1 [HUAWEI-behavior-b1] quit [HUAWEI] traffic policy p1 //Configure a traffic policy and bind the traffic classifier and traffic behavior to the traffic policy. [HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [HUAWEI-trafficpolicy-p1] quit [HUAWEI] interface gigabitethernet 2/0/1 [HUAWEI-GigabitEthernet2/0/1] traffic-policy p1 inbound //Apply the traffic policy to the mirrored port.

The configuration method of the local port mirroring session on AR series router?
You can configure local port mirroring,the packets flows through the port can be copied to the local monitoring device for analysis and monitoring. Before you configure a local port mirroring, you need to port link protocol status to Up. 1 Configure local observing port. Background information For local port mirroring, monitoring devices connected to the observing port directly. If the interface is configured as the mirroring port, it is recommended that you do not perform any configuration on the interface, or it will affects the mirroring function: -if the observing port not only has a mirroring packets and other service traffic, you will not be able to distinguish packet source. -if the observing port is congested, due to the relatively low priority, mirroring packets may be discarded. Operation steps Run the following command system-view, access the system view. Run the following command observe-port interface interface-type interface-number, local observing port is configured. 2.Configure local port mirroring port. Background information Mirroring port can be arbitrary interface type. If you have already set the Eth-trunk to the mirroring port, it is impossible to separate configuration its member port as a mirrored port. If you want to configure a member port as a mirrored port, you need to cancel the binding function. If you have already configured a member port of Eth-trunk as a mirrored port, it is impossible to configuration Eth-trunk as the mirror port. If you want to configure the Eth-trunk as a mirrored port, you need to first cancle the mirroring port function on member interfaces . Operation steps Run the following command system-view, access the system view. Run the following command interface interface-type interface-number, access the interface view. Run the command mirror observe-port { both | inbound | outbound } [ exclude-link-head ], configure local port mirroring port.

Do I need to add observing ports and mirrored ports on S series switches to the same VLAN when configuring mirroring
For S series switches, you do not need to add observing ports and mirrored ports to the same VLAN when configuring port mirroring. In addition, the observe-port command has been executed to enable forwarding of mirrored packets to local or remote observing ports. Therefore, you do not need to add the observing ports to a VLAN.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top