How to configure local interface mirroring on AR series routers

3

By configuring local interface mirroring, you can replicate the packets transmitted through the interface to local monitoring devices for analysis and surveillance.
Before configuring local interface mirroring, ensure that the link protocol state of the interface is Up.

1. Configure the local observing interface.
Background
In local interface mirroring, monitoring devices are directly connected to the observing interface.
It is recommended that other configurations should not be performed on an interface that is configured as the observing interface to prevent its mirroring function from being affected:
- If not only the mirroring packets but also the packets of other services are transmitted through the observing interface, the source of the packets cannot be distinguished.
- If traffic congests on the observing interface, mirroring packets may be discarded because the priority of the mirroring packets is lower.
Procedure
Run the system-view command to enter the system view.
Run the observe-port interface interface-type interface-number command to configure the local observing interface.

2. Configure the local mirroring interface.
Background
An interface of any type can be configured as a mirroring interface.
If an Eth-trunk interface is configured as a mirroring interface, a member interface of the Eth-trunk interface cannot be configured as a mirroring interface separately. If you want to configure a member interface of the Eth-trunk as a mirroring interface, you must unbind the member interface from the Eth-trunk interface.
If a member interface of an Eth-trunk is configured as a mirroring interface, the Eth-trunk interface cannot be configured as a mirroring interface. If you want to configure the Eth-trunk interface as a mirroring interface, you must unbind the member interface that is configured as the mirroring interface from the Eth-trunk interface.
Procedure
Run the system-view command to enter the system view.
Run the interface interface-type interface-number command to enter the interface view.
Run the mirror to observe-port { both | inbound | outbound } [ exclude-link-head ] command to configure the local mirroring interface.

Other related questions:
How to configure local traffic mirroring on AR series routers
By configuring local traffic mirroring, you can replicate specific packets transmitted through an interface to local monitoring devices for analysis and surveillance. Prerequisites Before configuring local traffic mirroring, ensure that the link protocol state of the interface is Up. 1. Configure the local observing interface. Background In local traffic mirroring, monitoring devices are directly connected to the observing interface. It is recommended that other configurations should not be performed on an interface that is configured as the observing interface to prevent its mirroring function from being affected: - If not only the mirroring packets but also the packets of other services are transmitted through the observing interface, the source of the packets cannot be distinguished. - If traffic congests on the observing interface, mirroring packets may be discarded because the priority of the mirroring packets is lower. Procedure Run the system-view command to enter the system view. Run the observe-port interface interface-type interface-number command to configure the local observing interface. 2. Configure traffic mirroring. Background In traffic mirroring, the mirroring interface applies a traffic policy that includes traffic mirroring behavior. Packets that are transmitted through the interface and match the traffic classification rules are replicated to the observing interface. Procedure a. Configure the traffic classifier. Run the system-view command to enter the system view. Run the traffic classifier classifier-name [ operator { and | or } ] command to create a traffic classifier and enter the view of the traffic classifier. Run the if-match command to configure the matching rule of the traffic classifier based on actual requirements. Run the quit command to quit the view of the traffic classifier. b. Configure the traffic behavior. Run the traffic behavior behavior-name command to create traffic behavior and enter the view of the traffic behavior. Run the mirror to observe-port command to mirror traffic that matches the rule to the specified observing interface. Run the quit command to quit the view of the traffic behavior. Run the quit command to quit the system view. c. Configure the traffic policy. Run the system-view command to enter the system view. Run the traffic policy policy-name command to create a traffic policy and enter the view of the traffic policy, or directly enter the view of an existing traffic policy. Run the classifier classifier-name behavior behavior-name command to configure the traffic behavior of specified traffic classifiers in the traffic policy, that is, bind the traffic behavior to the specified traffic classifier. Run the quit command to quit the view of the traffic policy. Run the quit command to quit the system view. d. Apply the traffic policy. Run the system-view command to enter the system view. Run the interface interface-type interface-number [.subinterface-number ] command to enter the interface view. Run the traffic-policy policy-name { inbound | outbound } to apply the traffic policy in the inbound or outbound direction of the interface.

The configuration method of the local port mirroring session on AR series router?
You can configure local port mirroring,the packets flows through the port can be copied to the local monitoring device for analysis and monitoring. Before you configure a local port mirroring, you need to port link protocol status to Up. 1 Configure local observing port. Background information For local port mirroring, monitoring devices connected to the observing port directly. If the interface is configured as the mirroring port, it is recommended that you do not perform any configuration on the interface, or it will affects the mirroring function: -if the observing port not only has a mirroring packets and other service traffic, you will not be able to distinguish packet source. -if the observing port is congested, due to the relatively low priority, mirroring packets may be discarded. Operation steps Run the following command system-view, access the system view. Run the following command observe-port interface interface-type interface-number, local observing port is configured. 2.Configure local port mirroring port. Background information Mirroring port can be arbitrary interface type. If you have already set the Eth-trunk to the mirroring port, it is impossible to separate configuration its member port as a mirrored port. If you want to configure a member port as a mirrored port, you need to cancel the binding function. If you have already configured a member port of Eth-trunk as a mirrored port, it is impossible to configuration Eth-trunk as the mirror port. If you want to configure the Eth-trunk as a mirrored port, you need to first cancle the mirroring port function on member interfaces . Operation steps Run the following command system-view, access the system view. Run the following command interface interface-type interface-number, access the interface view. Run the command mirror observe-port { both | inbound | outbound } [ exclude-link-head ], configure local port mirroring port.

How to configure interface mirroring on AR routers
By configuring local interface mirroring (one mirroring interface or multiple mirroring interfaces), you can replicate the packets transmitted through the interface to local monitoring devices for analysis and surveillance.
Note:
Interfaces used in the example are just for reference. Configure local interface mirroring based on actual interface information in practice.
Before configuring local interface mirroring, ensure that the link protocol state of the interface is Up.
In the configuration commands, inbound indicates the inbound mirroring traffic and outbound indicates the outbound mirroring traffic. You can change outbound to inbound in the commands if you need outgoing mirroring traffic.

Scenario 1: Configure local interface mirroring (one mirroring interface)
(1)Configure the observing interface
#Configure GE0/0/1 as the local observing interface on the router.
system-view
[Huawei] observe-port interface gigabitethernet 0/0/1
(2)Configure the mirroring interface
#Configure GE0/0/2 as the mirroring interface, and bind the inbound mirroring traffic to the local observing interface, that is, replicate the packets received by the mirroring interface to the local observing interface.
[Huawei] interface gigabitethernet 0/0/2
[Huawei-GigabitEthernet0/0/2] mirror to observe-port inbound
[Huawei-GigabitEthernet0/0/2] return

For details, select Configuration > CLI-based Configuration > Network Management and Monitoring Configuration Guide >
Mirroring Configuration > Configuration Examples > Example for Configuring 1:1 Local Port Mirroring in the following URL: [http://support.huawei.com/hedex/hdx.do?docid=EDOC1000116356&id=dc_cfg_mirror_1131&text=Example%2520for%2520Configuring%25201%253A1%2520Local%2520Port%2520Mirroring&lang=en">Product Documentation.

Scenario 2: Configure local interface mirroring (multiple mirroring interfaces)
(1)Configure the observing interface
#Configure Eth0/0/1 as the local observing interface on the router.
system-view
[Huawei] observe-port interface ethernet 0/0/1
(2)Configure the mirroring interface.
Configure Eth0/0/0 as the mirroring interface on the router.
[Huawei] interface ethernet 0/0/0
[Huawei-Ethernet0/0/0] mirror to observe-port inbound
[Huawei-Ethernet0/0/0] quit
# Configure Eth0/0/2 as the mirroring interface on the router.
[Huawei] interface ethernet 0/0/2
[Huawei-Ethernet0/0/2] mirror to observe-port inbound
[Huawei-Ethernet0/0/2] return

For details, select Configuration > CLI-based Configuration > Network Management and Monitoring Configuration Guide >
Mirroring Configuration > Configuration Examples > Example for Configuring N:1 Local Port Mirroring in the following URL: Product Documentation.

How to configure remote interface mirroring on AR series routers
Remote interface mirroring is only supported in V200R005C32 and earlier versions. By configuring remote interface mirroring, you can replicate the packets transmitted through the interface to remote monitoring devices for analysis and surveillance. Before configuring remote interface mirroring, ensure that the routing protocol and GRE tunnels are configured. 1. Configure the remote observing server. Procedure Run the system-view command to enter the system view. Run the observe-server destination-ip destination-ip-address source-ip source-ip-address [ dscp dscp-value ] command to configure the observing server in remote interface mirroring. Note: The destination-ip-address parameter indicates the IP address of the monitoring device. The source-ip-address parameter indicates the IP address of the mirroring interface. If the IP addresses of the monitoring device and the mirroring interface are private IP addresses, GRE tunnels must be configured first to ensure the interworking between private IP addresses on public networks. 2. Configure the remote mirroring interface. Background A mirroring interface can be an IP-Trunk interface, an Ethernet interface, or an Eth-Trunk interface. - If an Eth-trunk interface is configured as a mirroring interface, a member interface of the Eth-trunk interface cannot be configured as a mirroring interface separately. If you want to configure a member interface of the Eth-trunk as a mirroring interface, you must unbind the member interface from the Eth-trunk interface. - If a member interface of an Eth-trunk is configured as a mirroring interface, the Eth-trunk interface cannot be configured as a mirroring interface. If you want to configure the Eth-trunk interface as a mirroring interface, you must unbind the member interface that is configured as the mirroring interface from the Eth-trunk interface. Procedure Run the system-view command to enter the system view. Run the interface interface-type interface-number command to enter the interface view. Run the mirror to observe-server{ both | inbound | outbound } command to configure the remote mirroring interface.

How to save configuration locally on an AR router
There are two methods to export configuration locally on an AR router: web NMS and command lines.

1. Web NMS (example):
Log in to the web NMS, and choose System Management > Upgrade and Maintenance > Restart Device. Click Export Configuration File to back up the current configuration file to a local PC.

2. Command lines (example):
Use the router as an FTP server, and enable the FTP service.  
Enable the FTP server on the router, and create an FTP user with the user name huawei and password Helloworld@6789. Authorize the user to access the directory sd1:.
<Huawei> system-view
[Huawei] ftp server enable
Info: Succeeded in starting the FTP server.
[Huawei] aaa
[Huawei-aaa] local-user huawei password irreversible-cipher Helloworld@6789
[Huawei-aaa] local-user huawei ftp-directory sd1:
[Huawei-aaa] local-user huawei service-type ftp
[Huawei-aaa] local-user huawei privilege level 15

Initiate an FTP connection from a maintenance PC to the router.  
On the PC, create an FTP connection to the router through the FTP client (for example, the IP address of the router is 10.110.24.254).
C:\Documents and Setting\Administrator> ftp 10.110.24.254
Connected to 10.110.24.254.
220 FTP service ready.
User (10.110.24.254:(none)): huawei
331 Password required for huawei.
Password:
230 User logged in.

Set transmission parameters.  
After the FTP user passes the authentication, the FTP client displays the prompt "ftp>". Enter binary (binary transmission mode) under the prompt ftp>, and set a directory on the FTP client for storing uploaded files.
ftp> binary
200 Type set to I.
ftp> lcd c:\temp
Local directory now C:\temp.

Transmit the configuration file.  
On the PC, run the get command to download the configuration file to a locally specified directory, and name the file backup.cfg.
ftp> get sd1:/config.cfg backup.cfg

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top