Configure local traffic mirroring on S series switch

13

For S series switches (except S1700 switches), traffic mirroring can be configured based on ACLs and Modular Quality of Service Command-Line Interface (MQC) (complex traffic classification). ACL-based traffic mirroring is easy to configure but supports fewer packet types than MQC-based traffic mirroring and supports only inbound traffic mirroring. MQC-based traffic mirroring is complex to configure but supports more packet types and supports mirroring of both inbound and outbound (packets that are sent) traffic. Depending on whether the mirrored device is directly connected to the monitoring device, traffic mirroring is classified into local and remote traffic mirroring.
For example, copy inbound packets with the source IP address of 192.168.10.1 on GE2/0/1 to the observing port GE1/0/1 directly connected to the monitoring device. The configuration procedure is as follows:
1. ACL-based configuration
[HUAWEI] observe-port 1 interface gigabitethernet 1/0/1 //Configure the local observing port.
[HUAWEI] acl 2001
[HUAWEI-basic-acl-2001] rule permit source 192.168.10.1 0 //Permit packets with the source IP address of 192.168.10.1.
[HUAWEI-basic-acl-2001] quit
[HUAWEI] interface gigabitethernet 2/0/1
[HUAWEI-GigabitEthernet2/0/1] traffic-mirror inbound acl 2001 to observe-port 1 //Mirror specified packets on GE2/0/1 to the local observing port.
2. MQC-based configuration
[HUAWEI] observe-port 1 interface gigabitethernet 1/0/1 //Configure the local observing port.
[HUAWEI] acl 2001
[HUAWEI-basic-acl-2001] rule permit source 192.168.10.1 0
[HUAWEI-basic-acl-2001] quit
[HUAWEI] traffic classifier c1 //Configure a traffic classifier to match packets with the sources IP address of 192.168.10.1.
[HUAWEI-classifier-c1] if-match acl 2001
[HUAWEI-classifier-c1] quit
[HUAWEI] traffic behavior b1 //Define traffic mirroring in a traffic behavior.
[HUAWEI-behavior-b1] mirroring to observe-port 1
[HUAWEI-behavior-b1] quit
[HUAWEI] traffic policy p1 //Configure a traffic policy and bind the traffic classifier and traffic behavior to the traffic policy.
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-trafficpolicy-p1] quit
[HUAWEI] interface gigabitethernet 2/0/1
[HUAWEI-GigabitEthernet2/0/1] traffic-policy p1 inbound //Apply the traffic policy to the mirrored port.

Other related questions:
Configure local port mirroring on S series switch
For S series switches (except S1700 switches), to copy inbound packets (received packets) on port GE2/0/1 to the observing port GE1/0/1, configure local port mirroring as follows: [HUAWEI] observe-port 1 interface gigabitethernet 1/0/1 [HUAWEI] interface gigabitethernet 2/0/1 [HUAWEI-GigabitEthernet2/0/1] port-mirroring to observe-port 1 inbound To configure remote port mirroring, see【Configure remote port mirroring on S series switch】Configure remote port mirroring on S series switch.

How to configure local traffic mirroring on AR series routers
By configuring local traffic mirroring, you can replicate specific packets transmitted through an interface to local monitoring devices for analysis and surveillance. Prerequisites Before configuring local traffic mirroring, ensure that the link protocol state of the interface is Up. 1. Configure the local observing interface. Background In local traffic mirroring, monitoring devices are directly connected to the observing interface. It is recommended that other configurations should not be performed on an interface that is configured as the observing interface to prevent its mirroring function from being affected: - If not only the mirroring packets but also the packets of other services are transmitted through the observing interface, the source of the packets cannot be distinguished. - If traffic congests on the observing interface, mirroring packets may be discarded because the priority of the mirroring packets is lower. Procedure Run the system-view command to enter the system view. Run the observe-port interface interface-type interface-number command to configure the local observing interface. 2. Configure traffic mirroring. Background In traffic mirroring, the mirroring interface applies a traffic policy that includes traffic mirroring behavior. Packets that are transmitted through the interface and match the traffic classification rules are replicated to the observing interface. Procedure a. Configure the traffic classifier. Run the system-view command to enter the system view. Run the traffic classifier classifier-name [ operator { and | or } ] command to create a traffic classifier and enter the view of the traffic classifier. Run the if-match command to configure the matching rule of the traffic classifier based on actual requirements. Run the quit command to quit the view of the traffic classifier. b. Configure the traffic behavior. Run the traffic behavior behavior-name command to create traffic behavior and enter the view of the traffic behavior. Run the mirror to observe-port command to mirror traffic that matches the rule to the specified observing interface. Run the quit command to quit the view of the traffic behavior. Run the quit command to quit the system view. c. Configure the traffic policy. Run the system-view command to enter the system view. Run the traffic policy policy-name command to create a traffic policy and enter the view of the traffic policy, or directly enter the view of an existing traffic policy. Run the classifier classifier-name behavior behavior-name command to configure the traffic behavior of specified traffic classifiers in the traffic policy, that is, bind the traffic behavior to the specified traffic classifier. Run the quit command to quit the view of the traffic policy. Run the quit command to quit the system view. d. Apply the traffic policy. Run the system-view command to enter the system view. Run the interface interface-type interface-number [.subinterface-number ] command to enter the interface view. Run the traffic-policy policy-name { inbound | outbound } to apply the traffic policy in the inbound or outbound direction of the interface.

Configuring HTTP traffic mirroring on S series switches
For S series switches (except S1700 switches), traffic mirroring can be configured to only mirror HTTP traffic with TCP destination port 80. For example, to mirror incoming HTTP traffic (received traffic) with TCP destination port 80 on GE1/0/1 to observing port GE2/0/1, perform the following configurations: 1. Configure GE2/0/1 as an observing port. [HUAWEI] observe-port 1 interface gigabitethernet 2/0/1 2. Create a traffic classifier to match traffic with TCP destination port 80. [HUAWEI] acl number 3000 [HUAWEI-acl-adv-3000] rule permit tcp destination-port eq www [HUAWEI-acl-adv-3000] quit [HUAWEI] traffic classifier c1 [HUAWEI-classifier-c1] if-match acl 3000 [HUAWEI-classifier-c1] quit 3. Create a traffic behavior and set the action to traffic mirroring. [HUAWEI] traffic behavior b1 [HUAWEI-behavior-b1] mirroring to observe-port 1 [HUAWEI-behavior-b1] quit 4. Create a traffic policy, and bind the traffic classifier and traffic behavior to the traffic policy. [HUAWEI] traffic policy p1 [HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [HUAWEI-trafficpolicy-p1] quit 5. Apply the traffic policy to the inbound direction of GE1/0/1. [HUAWEI] interface gigabitethernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] traffic-policy p1 inbound

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top