Port mirroring feature in layer 3

Latest reply: Oct 7, 2018 02:31:20 450 6 1 0

Does device S5720-56C-HI-AC support the port mirroring feature in layer 3?

 

Answer: Until now port mirroring is not supported in layer 3, just in layer 2. Information confirmed with R&D team.

 

 

  • x
  • convention:

Created Oct 6, 2018 00:05:46 Helpful(1) Helpful(1)

Good , thanks for the confirmation
  • x
  • convention:

Created Oct 6, 2018 00:47:45 Helpful(1) Helpful(1)

Here there are other limitation for port mirroring :

Only the S5710EI, S5700HI, S5710HI, S5720EI, S5720HI, S6700EI, S6720EI, and S6720S-EI series switches support 1:N mirroring and M:N mirroring in V200R005 and later versions.

All switch models support N:1 mirroring.

In a stack, packets can be mirrored from one member switch to another.

Packets mirrored to an observing port cannot be mirrored again in the same device.

The S5720HI does not support VLAN mirroring or MAC address mirroring. You can configure traffic mirroring with traffic classification rules VLAN ID and MAC address.

On the S5720HI, a physical port cannot be configured as an observing port and mirrored port simultaneously.

On the S1720GFR, S1720GW, S1720GWR, S1720GW-E, S1720GWR-E, S1720X, S1720X-E, S2720EI, S2750EI, S5700LI, S5700S-LI, S5710-C-LI, S5710-X-LI, S5700SI, S5720LI, S5720S-LI, S5720SI, S5720S-SI, S5730SI, S5730S-EI, S6720LI, S6720S-LI, S6720SI, and S6720S-SI, a physical port cannot be configured as an observing port and mirrored port simultaneously.

On the S5710EI, S5700HI, S5710HI, S6700EI, S5720HI, S5720EI, S6720EI, and S6720S-EI running V200R005 or a later version, an Eth-Trunk can function as an observing port. In a stack, Eth-Trunk member ports can be located on different member switches.
Notes about mirroring of outgoing packets:
VLAN mirroring and MAC address mirroring do not apply to outgoing packets.

On switches of versions earlier than V200R005, S5700EI, S6700EI, S6720S-EI, and S6720EI of V200R005 and later versions, the copy of outgoing packets may be different from the original packets because the mirroring operation is performed before other forwarding operations on the original packets. For example, if the DSCP value of the original packets needs to be changed, the copied packets are different from the original packets because they have been copied to the observing port before the change.

On a switch that supports outbound mirroring (except S5720EI and S5720HI), outbound mirroring conflicts with other traffic behaviors. That is, after outbound mirroring is configured on a port, other traffic behaviors cannot be configured on the port.

Other configuration notes:
An observing port is dedicated to forwarding mirrored traffic. Do not configure other services on an observing port; otherwise, mirrored traffic and other service traffic interfere with each other. Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.

If the mirroring function is deployed on many ports of a device, a great deal of internal forwarding bandwidth will be occupied, which affects the forwarding of other services. Additionally, if the mirrored port bandwidth is higher than the observing port bandwidth, for example, 1000 Mbit/s on a mirrored port and 100 Mbit/s on an observing port, the observing port will fail to forward all mirrored packets in a timely manner because of insufficient bandwidth, leading to packet loss.

When configuring Layer 2 remote mirroring, you are not advised to perform other service configuration in the VLAN associated with the observing port, that is, the VLAN used to transmit mirrored packets to the monitoring device. On the intermediate device between the observing port and monitoring device, run the mac-address learning disable command in the VLAN associated with the observing port to disable MAC address learning, and run the undo mac-address vlan vlan-id command in the system view to delete all MAC address entries in this VLAN.

If both port mirroring and traffic mirroring are configured simultaneously for the same packets on the S1720GFR, S1720GW, S1720GWR, S1720GW-E, S1720GWR-E, S1720X, S1720X-E, S2720EI, S2750EI, S5700LI, S5700S-LI, S5710-C-LI, S5710-X-LI, S5700SI, S5720LI, S5720S-LI, S5720SI, S5720S-SI, S5730SI, S5730S-EI, S6720LI, S6720S-LI, S6720SI, and S6720S-SI, port mirroring takes effect. On other switch models, traffic mirroring takes precedence over port mirroring.

For the S1720GFR, S1720GW, S1720GWR, S1720GW-E, S1720GWR-E, S1720X, S1720X-E, S2720EI, S2750EI, S5700LI, S5700S-LI, S5710-C-LI, S5710-X-LI, S5700SI, S5720LI, S5720S-LI, S5720SI, S5720S-SI, S5730SI, S5730S-EI, S6720LI, S6720S-LI, S6720SI, and S6720S-SI, if N:1 mirroring or multiple 1:1 mirroring is configured, mirrored packets may be lost.
An observing port in blocked state can still forward mirrored packets.

During the traffic mirroring configuration, the deny parameter cannot be configured in the ACL referenced in a traffic classifier. To mirror only specified service packets, configure the permit parameter in the ACL.
  • x
  • convention:

BEST ANSWER! If you think I earn it!
If this post was useful to you, please click the Helpful button and flag my post as a "BEST ANSWER" so others can benefit. Thank you
Created Oct 6, 2018 05:15:00 Helpful(1) Helpful(1)

Thanks for the confirmation. Really helpful to capture packets.
  • x
  • convention:

MVE Created Oct 6, 2018 06:18:19 Helpful(1) Helpful(1)

thx for the information
  • x
  • convention:

Passion%20to%20learn
Created Oct 7, 2018 02:30:51 Helpful(1) Helpful(1)

Good to know
  • x
  • convention:

If you think my post/reply is useful, please click the Helpful button and flag my post as a BEST ANSWER. Thanks
Created Oct 7, 2018 02:31:20 Helpful(0) Helpful(0)

Posted by Sergio93 at 2018-10-05 21:47 Here there are other limitation for port mirroring :Only the S5710EI, S5700HI, S5710HI, S5720EI, S57 ...
Thanks for the details :)
  • x
  • convention:

If you think my post/reply is useful, please click the Helpful button and flag my post as a BEST ANSWER. Thanks

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top