Changes of local port mirroring commands

5


Starting from V200R002C00, observe-port-index is deleted from observe-port [ observe-port-index ] interface interface-type interface-number and port-mirroring to observe-port observe-port-index { both | inbound | outbound }.



V200R001


Command used to configure an observing interface: observe-port [ observe-port-index ] interface interface-type interface-number


Command used to configure a mirrored interface: port-mirroring to observe-port observe-port-index { both | inbound | outbound }


To configure local port mirroring, perform the following operations:

  1. Run the system-view command to enter the system view.
  2. Run the observe-port [ observe-port-index ] interface interface-type interface-number command to configure a local observing interface.
  3. Run the interface interface-type interface-number command to enter the view of a specified interface.
  4. Run the port-mirroring to observe-port observe-port-index { both | inbound | outbound } command to configure a local mirrored interface.


V200R002 and Later Versions


Command used to configure an observing interface: observe-port interface interface-type interface-number


Command used to configure a mirrored interface: mirror to observe-port { both | inbound | outbound }


To configure local port mirroring, perform the following operations:

  1. Run the system-view command to enter the system view.
  2. Run the observe-port interface interface-type interface-number command to configure a local observing interface.
  3. Run the interface interface-type interface-number command to enter the view of a specified interface.
  4. Run the mirror to observe-port { both | inbound | outbound } command to configure a local mirrored interface.

Other related questions:
Configure local port mirroring on S series switch
For S series switches (except S1700 switches), to copy inbound packets (received packets) on port GE2/0/1 to the observing port GE1/0/1, configure local port mirroring as follows: [HUAWEI] observe-port 1 interface gigabitethernet 1/0/1 [HUAWEI] interface gigabitethernet 2/0/1 [HUAWEI-GigabitEthernet2/0/1] port-mirroring to observe-port 1 inbound To configure remote port mirroring, see【Configure remote port mirroring on S series switch】Configure remote port mirroring on S series switch.

Checking the mirroring configuration on an S series switch
For an S series switch (except the S1700), you can run the following commands to check the mirroring configuration: - Run the display current-configuration command to check the mirroring configuration in the configuration file of the switch. - Run the display observe-port command to check the observing port configuration. - Run the display port-mirroring command to check the configuration of port mirroring, traffic mirroring, VLAN mirroring, and MAC address mirroring. - Check the MQC-based traffic mirroring configuration and its application. 1. Run the display traffic behavior user-defined [ behavior-name ] command to check the traffic behavior configuration. 2. Run the display traffic classifier user-defined [ classifier-name ] command to check the traffic classifier configuration. 3. Run the display traffic policy user-defined command to check the traffic policy configuration. 4. Run the display traffic policy user-defined policy-name [ classifier classifier-name ] command to check the traffic policy configuration. 5. Run the display traffic-policy applied-record [ policy-name ] command to check the application record of a specified traffic policy. - Check the ACL-based traffic mirroring application. Run the following commands to check statistics on the packets matching rules. Before running these commands, run the traffic-statistic command in the system view or the traffic-statistic command in the interface view to configure the ACL-based traffic statistics collection function. 1. display traffic-statistics interface inbound 2. display traffic-statistics [ vlan vlan-id | interface interface-type interface-number ] inbound 3. display traffic-statistics [ vlan vlan-id | interface interface-type interface-number ] inbound acl { bas-acl | adv-acl | user-acl | acl-name | l2-acl } [ rule rule-id ] 4. display traffic-statistics [ vlan vlan-id | interface interface-type interface-number ] inbound acl ipv6 { bas-acl | adv-acl | acl-name } [ rule rule-id ] 5. display traffic-statistics [ vlan vlan-id | interface interface-type interface-number ] inbound acl { acl-name | l2-acl } [ rule rule-id ] acl { bas-acl | adv-acl | acl-name } [ rule rule-id ]

The configuration method of the local port mirroring session on AR series router?
You can configure local port mirroring,the packets flows through the port can be copied to the local monitoring device for analysis and monitoring. Before you configure a local port mirroring, you need to port link protocol status to Up. 1 Configure local observing port. Background information For local port mirroring, monitoring devices connected to the observing port directly. If the interface is configured as the mirroring port, it is recommended that you do not perform any configuration on the interface, or it will affects the mirroring function: -if the observing port not only has a mirroring packets and other service traffic, you will not be able to distinguish packet source. -if the observing port is congested, due to the relatively low priority, mirroring packets may be discarded. Operation steps Run the following command system-view, access the system view. Run the following command observe-port interface interface-type interface-number, local observing port is configured. 2.Configure local port mirroring port. Background information Mirroring port can be arbitrary interface type. If you have already set the Eth-trunk to the mirroring port, it is impossible to separate configuration its member port as a mirrored port. If you want to configure a member port as a mirrored port, you need to cancel the binding function. If you have already configured a member port of Eth-trunk as a mirrored port, it is impossible to configuration Eth-trunk as the mirror port. If you want to configure the Eth-trunk as a mirrored port, you need to first cancle the mirroring port function on member interfaces . Operation steps Run the following command system-view, access the system view. Run the following command interface interface-type interface-number, access the interface view. Run the command mirror observe-port { both | inbound | outbound } [ exclude-link-head ], configure local port mirroring port.

Change local user passwords on S series switch
On an S series switch, except S1700, there are two methods to change the local user password:
- The administrator can change passwords for other local users.
  A local user can change the attributes (including password, level, max access number, and validity period) for the local users with lower levels.
  For example, to change the password of local user admin to huawei@123.
  [HUAWEI] aaa
  [HUAWEI-aaa] local-user admin password cipher huawei@123
- The local user changes its own password.
  To ensure password security, a low-level administrator can run the local-user change-password command after passing authentication to change its own password.  
  <HUAWEI> local-user change-password
  Please configure the login password (8-128)
  It is recommended that the password consist of at least 2 types of 
  characters, including lowercase letters, uppercase letters, numerals
  and special characters. 
  Please enter old password: //Enter the old password.
  Please enter new password: //Enter the new password.
  Please confirm new password:  //Confirm the new password.
Note:
- Only the users passing local authentication can change their own passwords.
- The local-user change-password command only changes local user passwords, but does not save configurations. The passwords are saved as local-user password.If you do not enter the old, new, or confirm password within the timeout interval (30 seconds), the password change operation is canceled. You can also press Ctrl+C to cancel the password change operation.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top